Malware

Zusy.508022 (file analysis)

Malware Removal

The Zusy.508022 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Zusy.508022 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempted to write directly to a physical drive
  • Attempts to modify proxy settings
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Zusy.508022?


File Info:

name: 74F48C05940263186DC1.mlw
path: /opt/CAPEv2/storage/binaries/f3b3881dd520defa5a3d9b7994974137735c6468aba3f04c4c153c6d8267a2b7
crc32: 6CDC1420
md5: 74f48c05940263186dc108bf8aa24732
sha1: 5176911a41a9283cee1c9a15d3432367c29437bf
sha256: f3b3881dd520defa5a3d9b7994974137735c6468aba3f04c4c153c6d8267a2b7
sha512: cdb9a251bdafcf130c565481850ea6dfb8a764965ddbc9478131988fdcc4719d45e9a6bfe6c70694fc83324465c301029d7f0d02a309fa2c8680da3dfa9eccd0
ssdeep: 24576:vrOu/SzLC3uPerk9i9LKadaUqDNVedbOc:viu/SzW3uqMSIjNVedic
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16635AD0EB5418836C5C8DDB0548DB6A5C3986AB70C2247DBFACE6FCD7E3406C0E6B965
sha3_384: 473234aad185ad484b99a02261a68674e4a59ad4343a2cf17a4bb2faf805949d0ac1119010767da6a59363052082a720
ep_bytes: f8eb16372cdc0fddb0369ab8eb5be3f6
timestamp: 2012-08-31 14:50:35

Version Info:

FileVersion: 1.0.0.0
FileDescription: 腾讯微博_微群挂机群发
ProductName: 腾讯微博_微群挂机群发
ProductVersion: 1.0.0.0
CompanyName: 雷少
LegalCopyright: 雷少 版权所有
Comments: 腾讯微博_微群挂机群发
Translation: 0x0804 0x04b0

Zusy.508022 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Emotet.L!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.508022
FireEyeGeneric.mg.74f48c0594026318
SkyhighBehavesLike.Win32.Generic.tc
ALYacGen:Variant.Zusy.508022
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Variant.Zusy.508022
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0040f54a1 )
AlibabaTrojan:Win32/QQWare.515457d5
K7GWTrojan ( 0040f54a1 )
CrowdStrikewin/malicious_confidence_100% (W)
ArcabitTrojan.Zusy.D7C076
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/QQWare.AL
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Packed.Graybird-9853595-0
KasperskyVHO:Trojan-GameThief.Win32.OnLineGames.gen
BitDefenderGen:Variant.Zusy.508022
NANO-AntivirusVirus.Win32.Agent.dvixmz
AvastWin32:MalwareX-gen [Trj]
TencentWin32.Trojan.Generic.Lcnw
EmsisoftGen:Variant.Zusy.508022 (B)
F-SecureTrojan.TR/QQTen.jccck
ZillyaTrojan.QQWare.Win32.7656
TrendMicroTROJ_GEN.R002C0PJL23
Trapminemalicious.high.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
VaristW32/A-8128ee96!Eldorado
AviraTR/QQTen.jccck
MAXmalware (ai score=82)
Antiy-AVLTrojan/Win32.QQWare
XcitiumTrojWare.Win32.Agent.OSCF@5rs7jr
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmVHO:Trojan-GameThief.Win32.OnLineGames.gen
GDataGen:Variant.Zusy.508022
GoogleDetected
AhnLab-V3Trojan/Win.Generic.R611903
McAfeeFlyagent.d
VBA32BScope.Trojan.Downloader
Cylanceunsafe
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0PJL23
RisingPacker.Win32.Agent.f (CLASSIC)
IkarusTrojan.Win32.QQWare
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.BELF!tr
BitDefenderThetaGen:NN.ZexaF.36792.br0@aSc2WKkb
AVGWin32:MalwareX-gen [Trj]
Cybereasonmalicious.a41a92
DeepInstinctMALICIOUS

How to remove Zusy.508022?

Zusy.508022 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment