Malware

What is “Doina.11672”?

Malware Removal

The Doina.11672 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.11672 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Doina.11672?



File Info:

name: F09122CBA6DEF83EED3D.mlw
path: /opt/CAPEv2/storage/binaries/6f7324645b8efb1b28a862549b901fac93260ce33e9e2e5aed14b1c2b26d41ab
crc32: AA6C0B2F
md5: f09122cba6def83eed3da137d9d16640
sha1: 59713854408542f18f22e3efdbf919c32805fc6a
sha256: 6f7324645b8efb1b28a862549b901fac93260ce33e9e2e5aed14b1c2b26d41ab
sha512: ebf54d51690c13c756efa036a2cef56824c55adc13123c1a67b18f0946a2932a1542a28a7f4d4a246bab901333d4438dace8f73c8a140a14bf925398b399a3b3
ssdeep: 6144:2LjUyQrDSxi2AWXeixEUBxummvyvEpWUK6bYTPK4x6f:mfQrDSxi22ixEUBxuhKcgM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19B34D00535D0C131C4A2E630DAE5CAA2DA7EB93302B6D4CBF7DC06699F606D12B7D792
sha3_384: b8d2281b402d308cd1140efb5225beea2490c365f04556b7a7c83e51913c558c87e7925056bf194f87cf1a3f38303612
ep_bytes: e81c390000e989feffff8bff558bec83
timestamp: 2013-01-27 12:46:40


Version Info:

CompanyName: PremiumDev Tech.
FileDescription: COM+ tools for AccessDB Package
FileVersion: 2.5.1.1
InternalName: compack
LegalCopyright: Copyright (C) 2005-2012 - PremiumDev Tech.
OriginalFilename: compack
ProductName: COM+ tools for AccessDB Package
ProductVersion: 2.5.1.1
Translation: 0x0009 0x04b0

Doina.11672 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Doina.11672
FireEyeGeneric.mg.f09122cba6def83e
ALYacGen:Variant.Doina.11672
CylanceUnsafe
VIPRETrojan.Win32.Reveton.a (v)
SangforTrojan.Win32.ATDH.ed
K7AntiVirusTrojan ( 0055dd191 )
AlibabaTrojanPSW:Win32/Kryptik.aa11b935
K7GWTrojan ( 0055dd191 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/Fareit.E.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.ATDH
APEXMalicious
AvastWin32:Malware-gen
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Doina.11672
NANO-AntivirusTrojan.Win32.Zbot.bsdkie
TencentWin32.Trojan.Generic.Ebpx
Ad-AwareGen:Variant.Doina.11672
SophosMal/Generic-R
ComodoMalware@#1r2u8oxh1qhql
DrWebTrojan.PWS.Panda.2401
ZillyaTrojan.Zbot.Win32.103236
TrendMicroTrojanSpy.Win32.ZBOT.CEI
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
EmsisoftGen:Variant.Doina.11672 (B)
Paloaltogeneric.ml
GDataGen:Variant.Doina.11672
JiangminTrojanSpy.Zbot.cthp
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1206109
Antiy-AVLTrojan/Generic.ASMalwS.1FBC4B
KingsoftWin32.Troj.Zbot.in.(kcloud)
MicrosoftPWS:Win32/Zbot!CI
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Fareit.R67288
Acronissuspicious
McAfeePWS-Zbot-FALP!F09122CBA6DE
MAXmalware (ai score=100)
VBA32TrojanSpy.Zbot
TrendMicro-HouseCallTrojanSpy.Win32.ZBOT.CEI
RisingTrojan.Kryptik!8.8 (CLOUD)
YandexTrojan.GenAsa!JzuGDYjyHSA
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.GKUA!tr.ransom
BitDefenderThetaGen:NN.ZexaF.34212.pq0@aqjLGvbk
AVGWin32:Malware-gen
Cybereasonmalicious.ba6def
PandaGeneric Malware

How to remove Doina.11672?

Doina.11672 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment