Malware

Doina.10864 removal

Malware Removal

The Doina.10864 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Doina.10864 virus can do?

  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • A process attempted to delay the analysis task.
  • Attempts to connect to a dead IP:Port (6 unique times)
  • Performs some HTTP requests
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Uses suspicious command line tools or Windows utilities

Related domains:

buketlist.xyz
apps.identrust.com
crl.identrust.com
x1.c.lencr.org
r3.o.lencr.org

How to determine Doina.10864?


File Info:

crc32: 7325AF31
md5: 2a979e368e4f423b2421cd556ac598d8
name: 2A979E368E4F423B2421CD556AC598D8.mlw
sha1: 7dc0648dc07edeb682fe837bdb36b8ef625b4d65
sha256: efb18bac5fee1864a6d43b45455bc3a8e6cf23747193d819eb4a83d917f4c55d
sha512: deaed2429d039851ee61084b212bf60a0a54c3477480466fec7e583607ef1233e47f791afda14ffb790275677d7111bbfe4a1dbf209e9baf038582da51af8755
ssdeep: 12288:l6q0QGYu33IGbMBS5xPMOBfeKEloutyCWG6vF767ZXoY9C3dV1D5:4qzsMOBfeKEltWGAFu4ddHD5
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright (C) 2019
InternalName: JacaPM.dll
FileVersion: 15.5.2.0
CompanyName: JacaPM.dll
ProductName: JacaPM.dll
ProductVersion: 15.5.2.0
FileDescription: JacaPM.dll
OriginalFilename: JacaPM.dll
Translation: 0x0409 0x04b0

Doina.10864 also known as:

Elasticmalicious (high confidence)
ALYacGen:Variant.Doina.10864
ZillyaTrojan.APosT.Win32.1831
K7GWSpyware ( 0057a2251 )
K7AntiVirusSpyware ( 0057a2251 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Spy.Agent.QCL
APEXMalicious
AvastWin32:SpywareX-gen [Trj]
KasperskyHEUR:Trojan.Win32.APosT.gen
BitDefenderGen:Variant.Doina.10864
NANO-AntivirusTrojan.Win32.APosT.itxzjs
MicroWorld-eScanGen:Variant.Doina.10864
Ad-AwareGen:Variant.Doina.10864
BitDefenderThetaGen:NN.ZedlaF.34796.Ru8@aSvVPdpi
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.BadFile.bh
FireEyeGen:Variant.Doina.10864
EmsisoftGen:Variant.Doina.10864 (B)
AviraTR/AD.SatanProRansom.dbiga
Antiy-AVLTrojan/Generic.ASMalwS.31EAA36
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.Doina.D2A70
ZoneAlarmHEUR:Trojan.Win32.APosT.gen
GDataGen:Variant.Doina.10864
McAfeeArtemis!2A979E368E4F
MAXmalware (ai score=84)
VBA32Trojan.APosT
MalwarebytesMalware.AI.363869233
PandaTrj/GdSda.A
YandexTrojan.APosT!IOoL60lyc/I
FortinetW32/APosT.QCL!tr
AVGWin32:SpywareX-gen [Trj]

How to remove Doina.10864?

Doina.10864 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment