Malware

How to remove “Zusy.463181”?

Malware Removal

The Zusy.463181 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.463181 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the EnigmaStub malware family
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Zusy.463181?



File Info:

name: 25054427B47F946B2362.mlw
path: /opt/CAPEv2/storage/binaries/a454474fb1554dffcc0a8a7afe33c4c87243d6a7a1928a64388187fb7244095f
crc32: 1D853651
md5: 25054427b47f946b236295c47f326945
sha1: f97b9e20ab488f9d28a8f0fb78df459022dfc3a7
sha256: a454474fb1554dffcc0a8a7afe33c4c87243d6a7a1928a64388187fb7244095f
sha512: 372655712eb3d6cce2ea1d2d79ec93ee4a53c2af4a9449650ceef6f19f55630bd85c8115fc0b7f633989b56854fe999f94f1324b5d7d95e48e37724aa2df90d1
ssdeep: 24576:yu9PfWUA9FkPd0UST5nz+7ZWVxSO3hVr3hf3pAIrMRkmkQfcyWuOJfvOmXE:WF/3MO3Pxf5H8kzQfyJfWm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F56533098EF9B7D4DA457033B3924A05CD8B26E5F3758B9F8C8B9411DDAB82212BDF44
sha3_384: 77e850c8140516b9ffe48d5d752fc002f59afc31b66f655b3d94076fead78dd79236c4a09503204631de17c8ec50375d
ep_bytes: 558bec83c4f0b800104000e801000000
timestamp: 2022-07-24 15:13:08


Version Info:

CompanyName: 
FileDescription: 
FileVersion: 1.1.1o
InternalName: libcrypto
OriginalFilename: libcrypto
ProductName: 
ProductVersion: 1.1.1o
LegalCopyright: Copyright 1998-2022 The OpenSSL Authors. All rights reserved.
Translation: 0x0409 0x04b0

Zusy.463181 also known as:

BkavW32.AIDetectMalware
LionicTrojan.MSIL.Stealer.l!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Zusy.463181
FireEyeGeneric.mg.25054427b47f946b
Cylanceunsafe
ZillyaTrojan.EnigmaProtector.Win32.5704
SangforSuspicious.Win32.Save.ins
K7AntiVirusRiskware ( 0040eff71 )
AlibabaBackdoor:Win32/DCRAT.cb4cdf8f
K7GWRiskware ( 0040eff71 )
CrowdStrikewin/malicious_confidence_90% (W)
BitDefenderThetaGen:NN.ZexaF.36350.Bz0@aGQRCTfi
CyrenW32/MSIL_Kryptik.HUS.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.EnigmaProtector.J suspicious
AvastWin32:Evo-gen [Trj]
CynetMalicious (score: 100)
KasperskyTrojan-Spy.MSIL.Stealer.dul
BitDefenderGen:Variant.Zusy.463181
TencentMsil.Trojan-Spy.Stealer.Gflw
EmsisoftGen:Variant.Zusy.463181 (B)
F-SecureHeuristic.HEUR/AGEN.1351863
DrWebTrojan.Siggen18.48762
VIPREGen:Variant.Zusy.463181
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
Trapminemalicious.high.ml.score
SophosMal/Generic-S
GDataGen:Variant.Zusy.463181
AviraHEUR/AGEN.1351863
Antiy-AVLGrayWare/Win32.EnigmaProtect.a
ArcabitTrojan.Zusy.D7114D
ZoneAlarmTrojan-Spy.MSIL.Stealer.dul
MicrosoftBackdoor:Win32/DCRAT.JP!MTB
GoogleDetected
AhnLab-V3Backdoor/Win.DCRAT.R507253
Acronissuspicious
VBA32Trojan.Zpevdo
MAXmalware (ai score=99)
MalwarebytesBackdoor.DCRat
PandaTrj/Genetic.gen
APEXMalicious
RisingPUF.Pack-Enigma!1.BA33 (CLASSIC)
SentinelOneStatic AI – Suspicious PE
FortinetRiskware/Application
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS

How to remove Zusy.463181?

Zusy.463181 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment