Malware

About “Zusy.457230” infection

Malware Removal

The Zusy.457230 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.457230 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to disable Windows Auto Updates
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Zusy.457230?



File Info:

name: 9B641C50A63444AF88E0.mlw
path: /opt/CAPEv2/storage/binaries/0c9b1eca2ce44e8d83f20d9cc84ff1f480c70de2a7547a5fafdef7187523a15e
crc32: 5CCC2CD2
md5: 9b641c50a63444af88e0db03153a2483
sha1: 9994ec62ea0221f06f3c8a75d8b0117df50f31d1
sha256: 0c9b1eca2ce44e8d83f20d9cc84ff1f480c70de2a7547a5fafdef7187523a15e
sha512: 8ffdf0465e64a44ceed7f980f47c7b960f1de4aec5bd3f9a3c70afc0fbd673ba66c7336f8752263310b7d3c1f076fbf7f3d6369d21500ae62632efddd3c9bf2c
ssdeep: 3072:Xsg4LTiooHiUS41IGymUU5fkUehyB456J2Lw6BoiEx4PvsL2o5I33ygo:czToHiUBiGyuT236J2deiEx4PvRo5OF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15154811572C0F77EC825C6F43A5683A4A53EED321591A803F6D21F2A37B5E97E221363
sha3_384: 9be586146b40ada0c860b18b0f81e0e3cbb2810575139c5766b7d04d953d7dfe8c900e956763c99538029c64e6dad87d
ep_bytes: 6810404000e8f0ffffff000000000000
timestamp: 2002-06-21 10:26:09


Version Info:

0: [No Data]

Zusy.457230 also known as:

BkavW32.AIDetectMalware
LionicWorm.Win32.WBNA.mj4Z
DrWebTrojan.VbCrypt.150
MicroWorld-eScanGen:Variant.Zusy.457230
ClamAVWin.Trojan.Vobfus-70360
FireEyeGeneric.mg.9b641c50a63444af
CAT-QuickHealTrojan.Beebone.D
ALYacGen:Variant.Zusy.457230
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.vb
K7AntiVirusEmailWorm ( 0054d10f1 )
AlibabaMalware:Win32/km_2faa.None
K7GWEmailWorm ( 0054d10f1 )
Cybereasonmalicious.2ea022
BitDefenderThetaGen:NN.ZevbaF.36662.sqZ@aelv!Ig
VirITTrojan.Win32.Zyx.HH
CyrenW32/Vobfus.SE.gen!Eldorado
SymantecW32.Changeup!gen15
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/AutoRun.VB.AQN
APEXMalicious
CynetMalicious (score: 100)
KasperskyWorm.Win32.Vobfus.efid
BitDefenderGen:Variant.Zusy.457230
NANO-AntivirusTrojan.Win32.Otran.jwdzws
AvastWin32:VB-AASR [Trj]
TencentWorm.Win32.Vobfus.kh
EmsisoftGen:Variant.Zusy.457230 (B)
F-SecureTrojan.TR/Patched.Ren.Gen
BaiduWin32.Trojan.VBObfus.f
VIPREGen:Variant.Zusy.457230
TrendMicroWORM_VOBFUS.SMAB
McAfee-GW-EditionBehavesLike.Win32.VBObfus.dm
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Zusy.457230
AviraTR/Patched.Ren.Gen
MAXmalware (ai score=84)
Antiy-AVLVirus/Win64.Expiro.rsrc
ArcabitTrojan.Zusy.D6FA0E
ViRobotTrojan.Win32.A.Vobfus.266240.A
ZoneAlarmWorm.Win32.Vobfus.efid
MicrosoftWorm:Win32/Vobfus.gen!R
GoogleDetected
AhnLab-V3Trojan/Win32.Diple.R65689
Acronissuspicious
McAfeeVBObfus.eq
TACHYONTrojan/W32.VB-Agent.303104.BR
VBA32BScope.Trojan-Dropper.Injector
Cylanceunsafe
PandaW32/Vobfus.GEW.worm
TrendMicro-HouseCallWORM_VOBFUS.SMAB
RisingWorm.Pronoy!1.9A2F (CLASSIC)
YandexTrojan.GenAsa!SaCOTwa1z30
IkarusWorm.Win32.Vobfus
FortinetW32/Diple.EJQE!tr
AVGWin32:VB-AASR [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Zusy.457230?

Zusy.457230 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment