Trojan

Trojan:Win32/Buer.G!MTB malicious file

Malware Removal

The Trojan:Win32/Buer.G!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Buer.G!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the shellcode get eip malware family
  • Creates a copy of itself
  • Deletes executed files from disk
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Buer.G!MTB?



File Info:

name: C397C806D3C6196F3685.mlw
path: /opt/CAPEv2/storage/binaries/9e8db7a722cc2fa13101a306343039e8783df66f4d1ba83ed6e1fe13eebaec73
crc32: B69E08AA
md5: c397c806d3c6196f368566319880df3c
sha1: 73821da0404624fe7efc4116f4141859377335ef
sha256: 9e8db7a722cc2fa13101a306343039e8783df66f4d1ba83ed6e1fe13eebaec73
sha512: c55c1168c012778da1cdc275d57fbfc2e776e9ccde8c75be1f003e7488807de60723e7f6695b945fb28e4de76b51676c7e599969c754b84a4d01511aaf0785fe
ssdeep: 3072:+qCZIkMURKZCb3wmGC6NKqOf/S9Bx8HJG+887BNC3f3:3kXVwCskq9X8HJGP8lmv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14CF39053F480BEB3D0B28A3E8032D61297242C37AF668F97569C49242F950D16F67F5E
sha3_384: 68e425f208bc248dc035c52f5bd9159a106a97359d82f439e9dfee4fdcf5bb4955c70b5cc51f090253d4fb0b0b8bd1e8
ep_bytes: e821050000e98efeffff558bec6a00ff
timestamp: 2018-09-20 22:03:16


Version Info:

0: [No Data]

Trojan:Win32/Buer.G!MTB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Brsecmon.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Brsecmon.1
FireEyeGeneric.mg.c397c806d3c6196f
SkyhighGenericRXVY-RE!C397C806D3C6
McAfeeGenericRXVY-RE!C397C806D3C6
Cylanceunsafe
ZillyaTrojan.Kryptik.Win32.1969874
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 00559b5c1 )
AlibabaTrojan:Win32/Kryptik.ea88e5b0
K7GWTrojan ( 00559b5c1 )
BitDefenderThetaGen:NN.ZexaF.36744.jy0@a40gcNd
VirITTrojan.Win32.Genus.BTP
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.GXIT
APEXMalicious
CynetMalicious (score: 99)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Brsecmon.1
NANO-AntivirusTrojan.Win32.Miner.gdyhpq
AvastWin32:RansomX-gen [Ransom]
SophosMal/Generic-S
F-SecureHeuristic.HEUR/AGEN.1317745
DrWebTrojan.DownLoader30.28156
VIPRETrojan.Brsecmon.1
TrendMicroTROJ_GEN.R002C0DA924
EmsisoftTrojan.Brsecmon.1 (B)
IkarusTrojan-Ransom.Shade
GDataTrojan.Brsecmon.1
JiangminTrojan.Miner.jay
WebrootW32.Trojan.Gen
GoogleDetected
AviraHEUR/AGEN.1317745
Antiy-AVLTrojan/Win32.Miner
KingsoftWin32.Trojan.Generic.a
XcitiumMalware@#1s9mfnzqpmsn5
ArcabitTrojan.Brsecmon.1
ViRobotTrojan.Win32.Z.Kryptik.160256.HW
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Buer.G!MTB
VaristW32/ABTrojan.ADQK-8521
AhnLab-V3Trojan/Win32.MalPe.R294753
ALYacTrojan.Agent.Miner
VBA32BScope.Trojan.Wacatac
MalwarebytesMalware.AI.3876467051
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002C0DA924
TencentWin32.Trojan.Generic.Tnkl
YandexTrojan.Miner!39SKt3unwuA
SentinelOneStatic AI – Suspicious PE
FortinetW32/Kryptik.GXHG!tr
AVGWin32:RansomX-gen [Ransom]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Buer.G!MTB?

Trojan:Win32/Buer.G!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment