Malware

About “Zusy.456253 (B)” infection

Malware Removal

The Zusy.456253 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.456253 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Spanish (Bolivia)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Zusy.456253 (B)?



File Info:

name: 4EB6CC4139FEDA5407B7.mlw
path: /opt/CAPEv2/storage/binaries/6f86c401649cf6bc1debf0a10208e7604f0dca3d26ec2bd91a4acf2ea33d09b7
crc32: 875F88C3
md5: 4eb6cc4139feda5407b702df63f7776a
sha1: 0ba6473269067d5b6f915f6e356c4e0a82100f00
sha256: 6f86c401649cf6bc1debf0a10208e7604f0dca3d26ec2bd91a4acf2ea33d09b7
sha512: 81cb5cd6fef10d9209b4f7b8d9d1d9e11eb92a59d3e57bba453c6a608e3d6ffe5f0485af6fe8992efaa74a543cbbde4f0e58921ae2166107035e48841746d944
ssdeep: 6144:Rr9/7ex0lZDyAyTs02jxX+T4jqqxVfST:RExQybTs9jxucpVq
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10534D01079E1C8B7C563453494E4E1E4656EFCA3AB83998733587F6F3C316C29A6E322
sha3_384: b1bbb441b52b6a0b285635537af9219bf4155fa424845a379c30ad1ab82065c9a7ef086ff38f578d81050ce3ed7f9ff9
ep_bytes: e88f470000e978feffff8bff558bec56
timestamp: 2022-10-07 12:02:40


Version Info:

FilesVersion: 0.17.83.81
InternalName: TravelTime
LegalCopyright: Copyright (C) 2023, maersk
ProductName: Blabus
Translation: 0x01fe 0x04c7

Zusy.456253 (B) also known as:

BkavW32.AIDetectNet.01
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.456253
ClamAVWin.Packer.pkr_ce1a-9980177-0
VIPREGen:Variant.Zusy.456253
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
CyrenW32/Kryptik.JLW.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
CynetMalicious (score: 100)
KasperskyVHO:Trojan.Win32.Agent.gen
BitDefenderGen:Variant.Zusy.456253
AvastWin32:RansomX-gen [Ransom]
EmsisoftGen:Variant.Zusy.456253 (B)
McAfee-GW-EditionBehavesLike.Win32.Lockbit.dc
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.4eb6cc4139feda54
SophosML/PE-A
GDataGen:Variant.Zusy.456253
MAXmalware (ai score=86)
ArcabitTrojan.Zusy.D6F63D
ZoneAlarmVHO:Trojan.Win32.Agent.gen
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GoogleDetected
Acronissuspicious
VBA32Malware-Cryptor.2LA.gen
ALYacGen:Variant.Zusy.456253
Cylanceunsafe
RisingTrojan.Generic@AI.100 (RDML:Qnq+AQJxgLfD29tqwVggQQ)
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
AVGWin32:RansomX-gen [Ransom]
DeepInstinctMALICIOUS

How to remove Zusy.456253 (B)?

Zusy.456253 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment