{ "id": "b7d6308a-7b1f-4108-98eb-5c3d8c7b52a6", "created_at": "2026-04-06T00:11:55.241124Z", "updated_at": "2026-04-10T03:32:46.141996Z", "deleted_at": null, "sha1_hash": "6619749a97a4d67d795e58041d33a3e1605f7687", "title": "VirusTotal - File - 8c94a3cef4e45a1db05ae9723ce5f5ed66fc57316e9868f66c995ebee55f5117", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 63072, "plain_text": "SUMMARY DETECTION DETAILS RELATIONS BEHAVIOR COMMUNITY 4\r\nJoin our Community and enjoy additional community insights and crowdsourced detections, plus an\r\nAPI key to automate checks.\r\nPopular\r\nthreat\r\nlabel\r\ntrojan.doina/matadoor Threat categories trojan Family labels doina matadoor\r\nAhnLab-V3 Trojan/Win.Wacatac.C5520752\r\nAliCloud Trojan:Win/Wacapew.C9nj\r\nALYac Gen:Variant.Doina.61120\r\nArcabit Trojan.Doina.DEEC0\r\nArctic Wolf Unsafe\r\nAvast Win64:Malware-gen\r\nAVG Win64:Malware-gen\r\nBitDefender Gen:Variant.Doina.61120\r\nBkav Pro W64.AIDetectMalware\r\nCrowdStrike Falcon Win/malicious_confidence_100% (W)\r\nCTX Dll.trojan.matadoor\r\nCynet Malicious (score: 100)\r\nDeepInstinct MALICIOUS\r\nDrWeb Trojan.DownLoader45.63816\r\nElastic Malicious (high Confidence)\r\nEmsisoft Gen:Variant.Doina.61120 (B)\r\neScan Gen:Variant.Doina.61120\r\nFortinet W32/PossibleThreat\r\nGData Gen:Variant.Doina.61120\r\nGoogle Detected\r\nIkarus Trojan-Downloader.Win32.Generic\r\nJiangmin Trojan.Matadoor.e\r\nK7AntiVirus Trojan ( 005af3d41 )\r\nK7GW Trojan ( 005af3d41 )\r\nSecurity vendors' analysis Do you want to automate checks?\r\n8c94a3cef4e45a1db05ae9723ce5f5ed66fc5731 Sign in Sign up\r\nWe use cookies and related technologies to remember user preferences, for security, to\r\nanalyse our traffic, and to enable website functionality. Learn more about cookies in our\r\nPrivacy Notice. Ok\r\nhttps://www.virustotal.com/gui/file/8c94a3cef4e45a1db05ae9723ce5f5ed66fc57316e9868f66c995ebee55f5117/detection\r\nPage 1 of 3\n\nKaspersky Trojan.Win64.MataDoor.f\r\nLionic Trojan.Win32.Matadoor.4!c\r\nMalwarebytes Malware.AI.896675126\r\nMaxSecure Trojan.Malware.74007784.susgen\r\nMcAfee Scanner Ti!8C94A3CEF4E4\r\nMicrosoft Program:Win32/Wacapew.C!ml\r\nPanda Trj/Chgt.AD\r\nQuickHeal Trojan.Ghanarava.16910375873b458b\r\nRising Trojan.Zenpak!8.10372 (CLOUD)\r\nSangfor Engine Zero Trojan.Win64.Agent.V5r1\r\nSecureAge Malicious\r\nSophos Mal/Generic-S\r\nSymantec ML.Attribute.HighConfidence\r\nTrellix (ENS) Artemis!D8347CEB9018\r\nTrendMicro-HouseCall TROJ_GEN.R002H09DF25\r\nVarist W64/ABTrojan.QRNN-7253\r\nVIPRE Gen:Variant.Doina.61120\r\nViRobot Trojan.Win.Z.Matadoor.130560\r\nWithSecure Trojan:W32/Mata.A\r\nZillya Trojan.Matadoor.Win32.1\r\nAcronis (Static ML) Undetected\r\nAlibaba Undetected\r\nAntiy-AVL Undetected\r\nAvira (no cloud) Undetected\r\nBaidu Undetected\r\nClamAV Undetected\r\nCMC Undetected\r\nESET-NOD32 Undetected\r\nGridinsoft (no cloud) Undetected\r\nHuorong Undetected\r\nKingsoft Undetected\r\nNANO-Antivirus Undetected\r\nPalo Alto Networks Undetected\r\nSentinelOne (Static ML) Undetected\r\nSkyhigh (SWG) Undetected\r\nSUPERAntiSpyware Undetected\r\nTACHYON Undetected\r\nTEHTRIS Undetected\r\nSign in Sign up\r\nWe use cookies and related technologies to remember user preferences, for security, to\r\nanalyse our traffic, and to enable website functionality. Learn more about cookies in our\r\nPrivacy Notice. Ok\r\nhttps://www.virustotal.com/gui/file/8c94a3cef4e45a1db05ae9723ce5f5ed66fc57316e9868f66c995ebee55f5117/detection\r\nPage 2 of 3\n\nTencent Undetected\r\nTrapmine Undetected\r\nTrendMicro Undetected\r\nVBA32 Undetected\r\nVirIT Undetected\r\nWebroot Undetected\r\nXcitium Undetected\r\nYandex Undetected\r\nZoneAlarm by Check Point Undetected\r\nZoner Undetected\r\nAvast-Mobile Unable to process file type\r\nBitDefenderFalx Unable to process file type\r\nSymantec Mobile Insight Unable to process file type\r\nTrustlook Unable to process file type\r\nSign in Sign up\r\nWe use cookies and related technologies to remember user preferences, for security, to\r\nanalyse our traffic, and to enable website functionality. Learn more about cookies in our\r\nPrivacy Notice. Ok\r\nhttps://www.virustotal.com/gui/file/8c94a3cef4e45a1db05ae9723ce5f5ed66fc57316e9868f66c995ebee55f5117/detection\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://www.virustotal.com/gui/file/8c94a3cef4e45a1db05ae9723ce5f5ed66fc57316e9868f66c995ebee55f5117/detection" ], "report_names": [ "detection" ], "threat_actors": [ { "id": "3fff98c9-ad02-401d-9d4b-f78b5b634f31", "created_at": "2023-01-06T13:46:38.376868Z", "updated_at": "2026-04-10T02:00:02.949077Z", "deleted_at": null, "main_name": "Cleaver", "aliases": [ "G0003", "Operation Cleaver", "Op Cleaver", "Tarh Andishan", "Alibaba", "TG-2889", "Cobalt Gypsy" ], "source_name": "MISPGALAXY:Cleaver", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434315, "ts_updated_at": 1775791966, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/6619749a97a4d67d795e58041d33a3e1605f7687.pdf", "text": "https://archive.orkl.eu/6619749a97a4d67d795e58041d33a3e1605f7687.txt", "img": "https://archive.orkl.eu/6619749a97a4d67d795e58041d33a3e1605f7687.jpg" } }