Categories: Malware

Doina.13306 malicious file

The Doina.13306 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Doina.13306 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Dynamic (imported) function loading detected
Enumerates running processes
Expresses interest in specific running processes
Reads data out of its own binary image
Drops a binary and executes it
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Code injection with CreateRemoteThread in a remote process
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
Installs itself for autorun at Windows startup
Uses suspicious command line tools or Windows utilities

How to determine Doina.13306?


File Info:
name: AD197A0459EB4973CB06.mlwpath: /opt/CAPEv2/storage/binaries/30a66276968987f2e27e7b77280d9fdf482e7f1c4dea6d59b860d93144eb6537crc32: 45C07652md5: ad197a0459eb4973cb06678b251137f8sha1: 04be8f90339b1afc383105531bda70df6848084dsha256: 30a66276968987f2e27e7b77280d9fdf482e7f1c4dea6d59b860d93144eb6537sha512: bad0231b60ae1a07b5dd181ea172ae20c2e7f297ab6ded00abcd5dbed4dace1be3b0b2a5042b51eb84f8bb55057d3501e979610b3b9aaaed5c48f5da677dfe8cssdeep: 3072:VkgiwjdmZtcCyPmGoY1YVSmOfw7TSjiHtEu1OpJAMp4UxOM:VriwjsyPmkYYmti+tF1OpJxrxFtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1C664D04778544DB7C99B807005A58B3B9F27B4A10B6086DFABBCEDAD2D324D09D3274Esha3_384: c267a738fb15556495a8d22dd96b2c4f3bbb51e202b5fde208b68ce229ebea8e3f46710d35bd23ff3af271e5645d8be6ep_bytes: 558bec6aff68e052400068362b400064timestamp: 2007-03-12 15:48:04
Version Info:
0: [No Data]

Doina.13306 also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Doina.13306
FireEye	Generic.mg.ad197a0459eb4973
CAT-QuickHeal	Trojan.Skeeyah.9138
ALYac	Gen:Variant.Doina.13306
Cylance	Unsafe
Zillya	Trojan.Agent.Win32.968646
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Spyware ( 0055e3db1 )
K7GW	Spyware ( 0055e3db1 )
Cybereason	malicious.459eb4
Arcabit	Trojan.Doina.D33FA
Baidu	Win32.Trojan.Agent.ang
VirIT	Trojan.Win32.Agent.AFN
Cyren	W32/Agent.LZPK-3915
Symantec	W32.Xema.A!inf
ESET-NOD32	Win32/Spy.Agent.NDB
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Trojan.Virut-175
Kaspersky	Trojan-Spy.Win32.Agent.afn
BitDefender	Gen:Variant.Doina.13306
NANO-Antivirus	Trojan.Win32.Agent.bcdoo
Avast	Win32:Virut [Inf]
Tencent	Malware.Win32.Gencirc.10b8a2fc
Ad-Aware	Gen:Variant.Doina.13306
Emsisoft	Gen:Variant.Doina.13306 (B)
Comodo	TrojWare.Win32.Spy.Agent.NDB@u88
DrWeb	BackDoor.Monsh
TrendMicro	Cryp_Virut-4
McAfee-GW-Edition	BehavesLike.Win32.Generic.ft
Sophos	ML/PE-A + Troj/Agent-FXF
SentinelOne	Static AI – Suspicious PE
Jiangmin	TrojanSpy.Agent.ozl
Avira	TR/Spy.Gen
Antiy-AVL	Trojan[Spy]/Win32.Agent
Microsoft	TrojanSpy:Win32/Agent
ViRobot	Trojan.Win32.Agent.40960.G
ZoneAlarm	Trojan-Spy.Win32.Agent.afn
GData	Gen:Variant.Doina.13306
Cynet	Malicious (score: 100)
AhnLab-V3	Win32/Shlnom
McAfee	GenericRXBL-GR!AD197A0459EB
MAX	malware (ai score=87)
VBA32	TrojanSpy.Agent
Malwarebytes	Spyware.Agent
TrendMicro-HouseCall	Cryp_Virut-4
Rising	Trojan.Mnless.lwk (RDMK:cmRtazoxK66d0h88UnhM50avJwje)
Yandex	Trojan.GenAsa!PpT/6ca0XyY
Ikarus	Trojan-Spy.Win32.Agent
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Agent.AFN!tr.spy
BitDefenderTheta	AI:Packer.C41726F31F
AVG	Win32:Virut [Inf]
Panda	W32/Agobot.D.worm
CrowdStrike	win/malicious_confidence_90% (W)