Trojan

Trojan:Win32/Matsnu!A removal guide

Malware Removal

The Trojan:Win32/Matsnu!A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan:Win32/Matsnu!A virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Deletes executed files from disk

How to determine Trojan:Win32/Matsnu!A?


File Info:

name: 743161438BDA2FA0F641.mlw
path: /opt/CAPEv2/storage/binaries/eb2d78eff2b7f17c19b1acb6f9d53f1e804d73b22092f27c19060c6e9c174fc6
crc32: FF38F24C
md5: 743161438bda2fa0f641cf786be66675
sha1: 3c1a1c97116142f709fff881e20ec4b14f38eee6
sha256: eb2d78eff2b7f17c19b1acb6f9d53f1e804d73b22092f27c19060c6e9c174fc6
sha512: 1fde741256662d02479bb2c966c0b026f07001e429f70b03df80c337e60a03550ea7250aeb7005c016ae1ad22c1662f93544847b8c375d1a7cb2f35ae0dc417c
ssdeep: 1536:I3DtnPpXTGSEK2QmL57o5qDFBR4obWdQej:I3xpj8umt70q7ioCdz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F843AE076D52DA77CB719334097E7B4623FFEBB1CAE19A4F08D929E67452C2038D2249
sha3_384: 1df3a00c9889e7a81352e89b9f265d567c4f28fe1afe7cd4891a6bbf4f66705477bba45cafc82272dbfd4fc2dbb3c6ea
ep_bytes: bad3650000558bec83ec0c8135228940
timestamp: 2011-01-08 15:18:33

Version Info:

0: [No Data]

Trojan:Win32/Matsnu!A also known as:

BkavW32.Common.47239983
LionicTrojan.Win32.Generic.lw2f
Elasticmalicious (high confidence)
DrWebTrojan.Matsnu.9
MicroWorld-eScanTrojan.Generic.KD.611895
FireEyeGeneric.mg.743161438bda2fa0
CAT-QuickHealTrojan.Zbot.100335
McAfeePWS-Zbot.gen.azp
CylanceUnsafe
VIPRETrojan.Generic.KD.611895
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0039ece11 )
AlibabaBackdoor:Win32/Obfuscator.fdf942b2
K7GWTrojan ( 0039ece11 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.34606.dmW@aeWyzvhi
VirITTrojan.Win32.Cryptic.EBQ
CyrenW32/Zbot.EZ.gen!Eldorado
SymantecPacked.Generic.393
tehtrisGeneric.Malware
ESET-NOD32Win32/Trustezeb.A
APEXMalicious
Paloaltogeneric.ml
KasperskyBackdoor.Win32.Inject.xzg
BitDefenderTrojan.Generic.KD.611895
NANO-AntivirusTrojan.Win32.Matsnu.pwoeg
AvastWin32:Kryptik-IPC [Trj]
TencentWin32.Backdoor.Inject.Afhh
Ad-AwareTrojan.Generic.KD.611895
SophosML/PE-A + Troj/Ransom-GB
ComodoTrojWare.Win32.Kryptik.NEGB@4ri728
ZillyaBackdoor.Inject.Win32.6079
TrendMicroTROJ_SPNR.30G112
McAfee-GW-EditionBehavesLike.Win32.Packed.qc
Trapminemalicious.high.ml.score
EmsisoftTrojan.Generic.KD.611895 (B)
SentinelOneStatic AI – Malicious PE
GDataTrojan.Generic.KD.611895
WebrootW32.Suspicious.Heur
GoogleDetected
AviraTR/Rogue.KD.611895.1
Antiy-AVLTrojan/Generic.ASMalwS.C0
KingsoftWin32.Hack.Inject.(kcloud)
ZoneAlarmBackdoor.Win32.Inject.xzg
MicrosoftTrojan:Win32/Matsnu.gen!A
CynetMalicious (score: 100)
VBA32BScope.TrojanPSW.Panda
ALYacTrojan.Generic.KD.611895
MAXmalware (ai score=100)
MalwarebytesTrojan.Agent
TrendMicro-HouseCallTROJ_SPNR.30G112
RisingTrojan.Kryptik!8.8 (TFE:1:CfQ0mEvMz9D)
IkarusTrojan-Ransom.Birele
MaxSecureTrojan.Malware.2588.susgen
FortinetW32/Poxter.A!tr
AVGWin32:Kryptik-IPC [Trj]
Cybereasonmalicious.38bda2
PandaTrj/Xpacked.A

How to remove Trojan:Win32/Matsnu!A?

Trojan:Win32/Matsnu!A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment