Trojan

Trojan.Bunitu.ED information

Malware Removal

The Trojan.Bunitu.ED is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Bunitu.ED virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid

How to determine Trojan.Bunitu.ED?



File Info:

name: 3D49E12312A36CFB931C.mlw
path: /opt/CAPEv2/storage/binaries/13495e1e14eb24814d6a509977a0d26c4f9abcffd22e18f3010cd87d24ff814e
crc32: 70DF4147
md5: 3d49e12312a36cfb931c138f25577951
sha1: 4429c42d43d2a4f9720ad6fbca1772b61edd746b
sha256: 13495e1e14eb24814d6a509977a0d26c4f9abcffd22e18f3010cd87d24ff814e
sha512: 9de3d1ee790209348d24f5b830e1b7731fcfc8e6c3514c215f02e4f13e250241c68e8e8fc9f20218fbe59d47a9d36eb5d121a326b8f8d8ef1cbfdd1181eb24c4
ssdeep: 6144:JQ1+0kYS0B2QmLBjpI4ty9BbM+H3jp/sW5Plqay5pYAUrwuQlDm/d:Jn0kY7QQejpI4ty9W+H39/sWxlqXBu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T112948C237399A4F6C5E300B28FC6BFA552EBF6704D22064377A09B4D9D345E19E26B13
sha3_384: c031c87cd99b7cbc05cbd9ac93f50cc02d61b01ce27a5ababe57cbeaeb0d89d4eee7647d55f695d0b1d4e6e9aa4e31a9
ep_bytes: 558bec6aff6808374400683414410064
timestamp: 2015-09-17 20:02:58


Version Info:

CompanyName: Simon Tatham
ProductName: PuTTY suite
FileDescription: SSH, Telnet and Rlogin client
InternalName: PuTTY
OriginalFilename: PuTTY
FileVersion: Release 0.64
ProductVersion: Release 0.64
LegalCopyright: Copyright © 1997-2015 Simon Tatham.
Translation: 0x0809 0x04b0

Trojan.Bunitu.ED also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.325000
FireEyeGeneric.mg.3d49e12312a36cfb
CAT-QuickHealTrojan.Skeeyah.5724
McAfeePWS-FCDZ!3D49E12312A3
CylanceUnsafe
ZillyaTrojan.Injector.Win32.319796
K7AntiVirusTrojan ( 0055e3991 )
K7GWTrojan ( 0055e3991 )
Cybereasonmalicious.312a36
BitDefenderThetaGen:NN.ZexaF.34294.Ay0@a89n!jvn
CyrenW32/Cryptowall.A.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.CIXK
TrendMicro-HouseCallTROJ_INJECTOR_EK0404E7.UVPM
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.325000
NANO-AntivirusTrojan.Win32.Yakes.dxenbh
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Zusy.325000
SophosML/PE-A + Troj/Inject-BRS
ComodoMalware@#1juaor2xactwe
BaiduWin32.Trojan.Injector.jb
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_INJECTOR_EK0404E7.UVPM
McAfee-GW-EditionPWS-FCDZ!3D49E12312A3
EmsisoftGen:Variant.Zusy.325000 (B)
IkarusTrojan.Win32.Injector
GDataGen:Variant.Zusy.325000
JiangminTrojan.Generic.eltgx
AviraTR/Inject.sbbeisp
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASMalwS.148313F
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojan:Win32/Skeeyah.A
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.MDA.R179510
VBA32Trojan.Agentb
ALYacGen:Variant.Zusy.325000
MalwarebytesTrojan.Bunitu.ED
APEXMalicious
TencentMalware.Win32.Gencirc.10b56a80
YandexTrojan.Injector!EFMT5RY4epg
FortinetW32/Injector.CIXK!tr
AVGWin32:Malware-gen
PandaTrj/CI.A

How to remove Trojan.Bunitu.ED?

Trojan.Bunitu.ED removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment