Trojan

What is “Trojan.Win32.Matanbuchus”?

Malware Removal

The Trojan.Win32.Matanbuchus is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Matanbuchus virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • CAPE detected the Alfonoso malware family
  • Attempts to access Bitcoin/ALTCoin wallets
  • Harvests cookies for information gathering
  • Harvests credentials from local FTP client softwares
  • Collects information to fingerprint the system

How to determine Trojan.Win32.Matanbuchus?



File Info:

name: C20EBD45230C8598BE40.mlw
path: /opt/CAPEv2/storage/binaries/8cb8376dd2f5c4e1125688ea54823f0a9d2b0975b5d6cf1769f7e731b2d008c7
crc32: 81483A2B
md5: c20ebd45230c8598be404a0bed4c7496
sha1: 0755eb674acc85c9c534d4370d247c24b1221d8c
sha256: 8cb8376dd2f5c4e1125688ea54823f0a9d2b0975b5d6cf1769f7e731b2d008c7
sha512: 61571a69edef4d40aae7b3fbbe8b3127f786162ee48db35a6224c74d5296ce5c1cfaa0bdf52502fa002ace4ad6557c488a699a0f0e13aaa4a7628f02a000b260
ssdeep: 12288:F7vT8cGUCZmxIwNjVGCXZqmmJUyJJHkdIUnjoqhNYw4d:Fz4BUCZmxIw1VGCXZ5mJpkdZnBhu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T134C4BE17E6428076E4632430265D9B7649BD76300A2655BBF3C42E2D9EF02F2AB35F37
sha3_384: c7e7bacc83f26bd51de36e61220ffd1c88970cd0579e188f10f4ac0e351045ce337d0d1a0c5fe4254a4c93cc56d86c4a
ep_bytes: e883040000e974feffff558bec81ec24
timestamp: 2021-11-19 13:33:03


Version Info:

0: [No Data]

Trojan.Win32.Matanbuchus also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Matanbuchus.4!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.32153
MicroWorld-eScanTrojan.GenericKDZ.80490
FireEyeGeneric.mg.c20ebd45230c8598
CAT-QuickHealTrojan.GenericRI.S25772650
ALYacTrojan.GenericKDZ.80490
CylanceUnsafe
ZillyaTrojan.Matanbuchus.Win32.6
SangforTrojan.Win32.Save.a
K7AntiVirusPassword-Stealer ( 005723d21 )
AlibabaTrojanPSW:Win32/Phoenix.55c42c26
K7GWPassword-Stealer ( 005723d21 )
BitDefenderThetaGen:NN.ZexaF.34232.IuW@a8iF7khi
CyrenW32/Agent.DJJ.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/PSW.Agent.OKX
TrendMicro-HouseCallTROJ_GEN.R002C0DB322
AvastWin32:MalwareX-gen [Trj]
KasperskyHEUR:Trojan.Win32.Matanbuchus.gen
BitDefenderTrojan.GenericKDZ.80490
TencentMalware.Win32.Gencirc.10cf9493
Ad-AwareTrojan.GenericKDZ.80490
EmsisoftTrojan.GenericKDZ.80490 (B)
TrendMicroTROJ_GEN.R002C0DB322
McAfee-GW-EditionBehavesLike.Win32.Generic.hh
SophosMal/Generic-S
GDataWin32.Trojan-Stealer.Phoenix.B
JiangminTrojan.Matanbuchus.c
AviraHEUR/AGEN.1213248
Antiy-AVLTrojan/Generic.ASMalwS.34D5BA1
ArcabitTrojan.Generic.D13A6A
ViRobotTrojan.Win32.Z.Matanbuchus.558592.BI
ZoneAlarmHEUR:Trojan.Win32.Matanbuchus.gen
MicrosoftPWS:MSIL/Phoenix.GG!MTB
AhnLab-V3Trojan/Win.PWSX-gen.R460088
McAfeeGenericRXRF-IW!C20EBD45230C
MAXmalware (ai score=87)
VBA32BScope.Trojan.Wacatac
MalwarebytesSpyware.PasswordStealer
APEXMalicious
RisingStealer.Agent!8.C2 (CLOUD)
YandexTrojan.Matanbuchus!c5oEXEXSuu8
SentinelOneStatic AI – Suspicious PE
FortinetW32/Agent.OKX!tr
AVGWin32:MalwareX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_70% (W)
MaxSecureTrojan.Malware.128062514.susgen

How to remove Trojan.Win32.Matanbuchus?

Trojan.Win32.Matanbuchus removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment