Malware

Zusy.474373 removal

Malware Removal

The Zusy.474373 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.474373 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Uses Windows utilities for basic functionality
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • CAPE detected the MetaStealer malware family
  • Attempts to identify installed AV products by installation directory
  • Attempts to modify proxy settings
  • Appears to use command line obfuscation
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Zusy.474373?



File Info:

name: 6444A857058E54D6349D.mlw
path: /opt/CAPEv2/storage/binaries/a91e5c90ed680b7d06ffd49e8d1ab55c301822488ef2dbd7b981d0e1922841cd
crc32: A82ED6D7
md5: 6444a857058e54d6349dda1d1914adca
sha1: ffd86871423fecf6e0205028222c70389b3e1437
sha256: a91e5c90ed680b7d06ffd49e8d1ab55c301822488ef2dbd7b981d0e1922841cd
sha512: b71253d3c533e3adf074b83d2944c4ec4dca327acd315f44b5edb6570f1ad21374b5d0bdba42a557343f122dd3b3109f586f4dd0b6ae76fe6ae65f2a558aff58
ssdeep: 6144:XJlqWve0q6Zwh24HVvsrlncCvQ2VV0yemwcxIO0xtkfAQAYsm4XGr0T+tTYwTqT0:qwe03zbayem6xtkf/untaT2zKlj7srad
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1AEB402223600B336DDD9B07196DBC236DCEEF8324FB381E7BA0851751B9138799AE156
sha3_384: 5ed96d651feb6313a6d8225d7a262bf5bc6b10361a137532af532a9db7171af83898bcbac185403b3fa4f49560796b83
ep_bytes: e8873f0000e9a4feffff3b0dd09a4700
timestamp: 2023-06-27 04:03:11


Version Info:

Comments: This is a legitimate application.
CompanyName: Uganda Investment Authority (UIA)
FileDescription: Uganda Investment Authority (UIA) Product
FileVersion: 738
InternalName: GkimYSZBbC5Z
LegalCopyright: © Uganda Investment Authority (UIA) All rights reserved.
LegalTrademarks: © Uganda Investment Authority (UIA) Trademarks
OriginalFilename: tO6bdpUm.exe
ProductName: 73pQEc8Umz
ProductVersion: 738
Translation: 0x0407 0x04b0

Zusy.474373 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Stealer.12!c
DrWebTrojan.Packed2.45386
MicroWorld-eScanGen:Variant.Zusy.474373
ClamAVWin.Malware.Botx-10004968-0
FireEyeGeneric.mg.6444a857058e54d6
CAT-QuickHealTrojan.Kryptik.S30222828
SkyhighBackDoor-FETE!6444A857058E
McAfeeBackDoor-FETE!6444A857058E
Cylanceunsafe
VIPREGen:Variant.Zusy.474373
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005a7bae1 )
AlibabaTrojanSpy:Win32/Stealer.443a5027
K7GWTrojan ( 005a7bae1 )
ArcabitTrojan.Zusy.D73D05
BitDefenderThetaGen:NN.ZexaF.36744.Eq2@aCqNCXji
VirITTrojan.Win32.GenusT.DNRQ
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HSYN
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan-Spy.Win32.Stealer.gen
BitDefenderGen:Variant.Zusy.474373
AvastWin32:BotX-gen [Trj]
RisingTrojan.ShellCodeRunner!1.E830 (CLASSIC)
EmsisoftGen:Variant.Zusy.474373 (B)
F-SecureHeuristic.HEUR/AGEN.1364954
ZillyaTrojan.Stealer.Win32.119792
Trapminemalicious.high.ml.score
SophosTroj/Krypt-ZY
IkarusTrojan.Agent
GoogleDetected
AviraHEUR/AGEN.1364954
Antiy-AVLTrojan/Win32.Kryptik
Kingsoftmalware.kb.a.995
MicrosoftTrojan:Win32/LaplasClipper.D!MTB
ZoneAlarmHEUR:Trojan-Spy.Win32.Stealer.gen
GDataGen:Variant.Zusy.474373
VaristW32/Kryptik.KBM.gen!Eldorado
AhnLab-V3Trojan/Win.BotX-gen.R588818
ALYacGen:Variant.Zusy.474373
MAXmalware (ai score=82)
VBA32BScope.Trojan.Kryptik
MalwarebytesTrojan.Amadey
PandaTrj/Genetic.gen
TencentTrojan.Win32.Kryptik.16000701
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HSYN!tr
AVGWin32:BotX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Zusy.474373?

Zusy.474373 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment