Categories: Trojan

Trojan.Win32.Buzus.mwwv (file analysis)

The Trojan.Win32.Buzus.mwwv is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Win32.Buzus.mwwv virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)

How to determine Trojan.Win32.Buzus.mwwv?


File Info:
name: 10090FE8DF4D35036056.mlwpath: /opt/CAPEv2/storage/binaries/f73142dcb13267a5d61eabbbf86e077533f68a10119e3387a893262a98d21d90crc32: 42D69CD3md5: 10090fe8df4d35036056064725511affsha1: 611c972fc090ae31ee73c64d30804077a197c255sha256: f73142dcb13267a5d61eabbbf86e077533f68a10119e3387a893262a98d21d90sha512: d0bad05966edaf7b9b8c2462b50443679432177ce6b6d68343fb441404339c82f27665b414f868220f4484322487c1afd35dc3addead129e531fd2bcfa244359ssdeep: 49152:P45lFT1XjvjbTFYTFXsT1XjvjbTFTTTFE45lFT1XjvjbTFYTFXsT17jvjbTFTTTG:P23z792az7XE23z792av7XE23mtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T18E36C022E2908433D1F33A3DDE5BD3A55A297E502924554B26E83C8F7F367833926397sha3_384: 4db45f16575c2f14681d1a5674e71f86675c3416469fa4cda80f404719eff3fb2aa0d3a9d5f0ff8b0880a2dce6244228ep_bytes: 558bec83c4f0b8e42c4500e84034fbfftimestamp: 1992-06-19 22:22:17
Version Info:
0: [No Data]

Trojan.Win32.Buzus.mwwv also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.ProcessHijack.@NZ@amu6iAmb
FireEye	Generic.mg.10090fe8df4d3503
CAT-QuickHeal	Trojan.Buzus.16579
McAfee	Generic.bov
Malwarebytes	Generic.Trojan.Delf.DDS
Zillya	Trojan.Buzus.Win32.132543
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0059e23b1 )
K7GW	Trojan ( 0059e23b1 )
CrowdStrike	win/malicious_confidence_100% (D)
BitDefenderTheta	Gen:NN.ZelphiF.36132.@NZ@amu6iAmb
Cyren	W32/Injector.BKV.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Injector.BKB
APEX	Malicious
ClamAV	Win.Ransomware.Buzus-9980395-0
Kaspersky	Trojan.Win32.Buzus.mwwv
BitDefender	Gen:Trojan.ProcessHijack.@NZ@amu6iAmb
NANO-Antivirus	Trojan.Win32.Buzus.drxdi
Avast	Win32:Evo-gen [Trj]
Tencent	Malware.Win32.Gencirc.10b2ab3d
Emsisoft	Gen:Trojan.ProcessHijack.@NZ@amu6iAmb (B)
F-Secure	Trojan.TR/ATRAPS.Gen
DrWeb	Trojan.Inject1.3478
VIPRE	Gen:Trojan.ProcessHijack.@NZ@amu6iAmb
TrendMicro	TROJ_BUZUS.BIR
McAfee-GW-Edition	BehavesLike.Win32.CoinMiner.tc
Trapmine	suspicious.low.ml.score
Sophos	Troj/Remhead-A
SentinelOne	Static AI – Suspicious PE
GData	Win32.Trojan.PSE.14U1KJJ
Jiangmin	Trojan/Buzus.aaag
Google	Detected
Avira	TR/ATRAPS.Gen
MAX	malware (ai score=86)
Antiy-AVL	Trojan/Win32.Buzus
Xcitium	TrojWare.Win32.Buzus.AKA@1qoqb7
Arcabit	Trojan.ProcessHijack.ED14522
ZoneAlarm	Trojan.Win32.Buzus.mwwv
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Buzus.R7579
Acronis	suspicious
VBA32	BScope.Trojan.MulDrop
ALYac	Gen:Trojan.ProcessHijack.@NZ@amu6iAmb
Cylance	unsafe
Panda	Generic Malware
TrendMicro-HouseCall	TROJ_BUZUS.BIR
Rising	Trojan.Injector!1.E2A0 (CLASSIC)
Yandex	Trojan.GenAsa!E7B6B0Ct0SE
Ikarus	Trojan.Win32.Buzus
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Injector.BKB!tr
AVG	Win32:Evo-gen [Trj]
DeepInstinct	MALICIOUS