Malware

Doina.2443 (file analysis)

Malware Removal

The Doina.2443 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.2443 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Doina.2443?



File Info:

name: 27C63CE90B820854916E.mlw
path: /opt/CAPEv2/storage/binaries/349ae70d421828c16d276770a40b35fa0dceb1e99ba1af7f6673a9eaf611d014
crc32: B989A19B
md5: 27c63ce90b820854916eac683989112e
sha1: b0ffa0acc3f85d1806a108b286b429a2bf4c9be0
sha256: 349ae70d421828c16d276770a40b35fa0dceb1e99ba1af7f6673a9eaf611d014
sha512: f5cbee7446cbc29174fe86c231566201157ba24a95a1a21b3dc73bf7e0d2c9fda0d6adfbe716cb32e5aad1c17a34d3523ee697dc45da055030f247cf9b26a95c
ssdeep: 98304:3+Z4Fxwebpa+LwvCzxbd4aPdAaWJTa03MWvpp:OeeoiadHmOw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T110F5E1D9E660713AE3CB9D3EA48972742D080DC96BC4466802D3F76E33B444E95CBB76
sha3_384: de40656d054ec56702f74531030da76e09830421c6a69292a10921059a7e6689545a4d21ec4e6348713f09b1fd9fad98
ep_bytes: 60be00d0c4008dbe00407bff5783cdff
timestamp: 2018-07-23 03:28:11


Version Info:

Comments: 
CompanyName: 青枣网络科技有限公司.
FileDescription: 好图看看
FileVersion: 1.0.9.8
InternalName: HaoTuKanKan
LegalCopyright: (C) 青枣网络科技有限公司. All rights reserved.
LegalTrademarks: (C) 青枣网络科技有限公司 Corp. Ltd.
ProductName: 好图看看
ProductVersion: 1.0.9.8
Translation: 0x0804 0x04e4

Doina.2443 also known as:

LionicRiskware.Win32.ShandaAdd.1!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Doina.2443
FireEyeGeneric.mg.27c63ce90b820854
CAT-QuickHealTrojan.Shandaadd
McAfeeArtemis!27C63CE90B82
CylanceUnsafe
ZillyaAdware.ShandaAdd.Win32.93
K7AntiVirusAdware ( 004f6b251 )
AlibabaAdWare:Win32/ShandaAdd.952059b9
K7GWAdware ( 004f6b251 )
Cybereasonmalicious.90b820
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Adware.ShandaAdd.F
TrendMicro-HouseCallTROJ_GEN.R002H09L321
Paloaltogeneric.ml
BitDefenderGen:Variant.Doina.2443
AvastWin32:Adware-gen [Adw]
Ad-AwareGen:Variant.Doina.2443
EmsisoftGen:Variant.Doina.2443 (B)
McAfee-GW-EditionBehavesLike.Win32.AdwareIMonster.wc
SophosGeneric PUA LA (PUA)
GDataGen:Variant.Doina.2443
AviraADWARE/ShandaAdd.krmmw
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASMalwS.2A1A938
GridinsoftRansom.Win32.Wacatac.sa
ViRobotAdware.Shandaadd.3449856
MicrosoftProgram:Win32/Wacapew.C!ml
CynetMalicious (score: 99)
AhnLab-V3PUP/Win32.InstallMonster.R290066
Acronissuspicious
ALYacGen:Variant.Doina.2443
MalwarebytesPUP.Optional.HaoTuKanKan
APEXMalicious
YandexPUA.ShandaAdd!OaBRtBA1jjk
eGambitUnsafe.AI_Score_93%
FortinetAdware/ShandaAdd
AVGWin32:Adware-gen [Adw]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_70% (D)
MaxSecureTrojan.Malware.300983.susgen

How to remove Doina.2443?

Doina.2443 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment