Malware

Doina.16617 (file analysis)

Malware Removal

The Doina.16617 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.16617 virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • A HTTP/S link was seen in a script or command line
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • CAPE detected the MarkiRAT malware family
  • Uses suspicious command line tools or Windows utilities

How to determine Doina.16617?



File Info:

name: BCD7C5EA17E6092823C9.mlw
path: /opt/CAPEv2/storage/binaries/36de831fd352831a22d08a5bc54542e1f3f58b3c1ac8649c7d37fa21adb63bf7
crc32: 7DAA4A61
md5: bcd7c5ea17e6092823c9ecf3c90947a1
sha1: 8fb773eafda49e77249b14d66f29924c98b35d63
sha256: 36de831fd352831a22d08a5bc54542e1f3f58b3c1ac8649c7d37fa21adb63bf7
sha512: 4a380d536c7c663da265d5532413aea3ddd5ba90d496964517776eedc7297d2b6495e733bac49aeb1e00fa931785757590afe31c833555b0f1655b83a14f38fe
ssdeep: 98304:RGtKGyrpS6V2XcDOQZxsiFPkAhS0lUd35:RmKRsDXcOiFPkAhS0i
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16B06BE703D00CCF2D52B82339AC9F679E2AF65700B6692CB5154BA4B2933E96DC1753B
sha3_384: aff500857e0d0286c80d86013b5ed6e1e57d7ce9e77f9e43d3e20fa1f2546038ecaabe753ed9d97138ccd5f0ab02d38b
ep_bytes: e8e70c0000e97afeffff3b0dc45f7500
timestamp: 2018-11-25 11:17:01


Version Info:

CompanyName: Microsoft
FileDescription: Host Service
FileVersion: 1.0.0.1
InternalName: Service.exe
LegalCopyright: Microsoft.  All rights reserved.
OriginalFilename: mfcmklg.exe
ProductName: Host Service
ProductVersion: 1.0.0.1
Translation: 0x0409 0x04b0

Doina.16617 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Doina.16617
FireEyeGeneric.mg.bcd7c5ea17e60928
ZillyaTrojan.Agent.Win32.1967223
K7AntiVirusTrojan ( 0057e0221 )
BitDefenderGen:Variant.Doina.16617
K7GWTrojan ( 0057e0221 )
ArcabitTrojan.Doina.D40E9
ESET-NOD32a variant of Win32/Agent.UTH
CynetMalicious (score: 99)
KasperskyHEUR:Trojan.Win32.Agentb.gen
Ad-AwareGen:Variant.Doina.16617
DrWebTrojan.MulDrop17.51519
VIPREGen:Variant.Doina.16617
EmsisoftGen:Variant.Doina.16617 (B)
JiangminTrojan.Agentb.jqd
AviraTR/Agent.bccel
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASMalwS.422
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmHEUR:Trojan.Win32.Agentb.gen
GDataGen:Variant.Doina.16617
GoogleDetected
AhnLab-V3Trojan/Win.Agent.R438936
ALYacGen:Variant.Doina.16617
CylanceUnsafe
PandaTrj/GdSda.A
YandexTrojan.Agentb!m+OB+MC4EKI
IkarusTrojan.Win32.Agent
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen

How to remove Doina.16617?

Doina.16617 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment