Malware

How to remove “Doina.25760 (B)”?

Malware Removal

The Doina.25760 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.25760 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Deletes its original binary from disk
  • Created a process from a suspicious location
  • Attempts to modify proxy settings

How to determine Doina.25760 (B)?



File Info:

name: B9016529B9EBF580190D.mlw
path: /opt/CAPEv2/storage/binaries/687b402015d8cdec9eeee7ed040e109fc0562b656fa09f36305d80ef1e7403cf
crc32: A32C6DB7
md5: b9016529b9ebf580190da1b3f3bdae9e
sha1: eaa532fc20cc43f24921f836bc872e5f944d3eeb
sha256: 687b402015d8cdec9eeee7ed040e109fc0562b656fa09f36305d80ef1e7403cf
sha512: 61b230d4654e6d4260c4229645d1677ac4ab7905912281c0588d618200fe5b230da45f6cd91045aaa8aa8c4007ef7c343f78ec3d53e76e29c7e34b61e2a7fe01
ssdeep: 98304:+Je3zWjfzUrNoSQja2pFA98nVFD4ULOp515wC0vY7PWY5Ccu3Zf2sBCaEsJkNFuc:+oSfoZolHCvr03qu2akCkxEzfIDSO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D3E533052B90800EE57F8EF47947D9F94B22B8590123060F337CFF5D69B89AA36A7791
sha3_384: c9c6273173f639fd9ce38319bcade15a646bcf5f3b757b2394444fec0cda0e663605961414a25a320328d198e7000805
ep_bytes: 60be00a04e008dbe0070f1ff5783cdff
timestamp: 2021-05-28 02:08:31


Version Info:

FileVersion: 10.18.1.0
FileDescription: MySkin LOL
ProductName: MySkin
ProductVersion: 10.18.1.0
CompanyName: sky
LegalCopyright: sky的版权所有
Comments: MySkin LOL
Translation: 0x0804 0x04b0

Doina.25760 (B) also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.StartPage1.59770
MicroWorld-eScanGen:Variant.Doina.25760
FireEyeGeneric.mg.b9016529b9ebf580
ALYacGen:Variant.Doina.25760
CylanceUnsafe
ZillyaTrojan.Agent.Win32.2206009
K7AntiVirusAdware ( 005071f51 )
K7GWAdware ( 005071f51 )
Cybereasonmalicious.9b9ebf
BitDefenderThetaGen:NN.ZexaF.34062.cpMfae64wzlb
CyrenW32/Trojan.CLL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
ClamAVWin.Malware.Bulz-9889678-0
KasperskyHEUR:Trojan.Win32.Agent.gen
BitDefenderGen:Variant.Doina.25760
AvastWin32:TrojanX-gen [Trj]
Ad-AwareGen:Variant.Doina.25760
SophosMal/Agent-AVP
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
EmsisoftGen:Variant.Doina.25760 (B)
GDataWin32.Trojan.PSE.12FI8JT
JiangminTrojan.Agent.dadc
eGambitUnsafe.AI_Score_99%
AviraTR/Spy.Gen3
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASCommon.FA
ArcabitTrojan.Doina.D64A0
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R359832
Acronissuspicious
McAfeeGenericRXAA-AA!B9016529B9EB
VBA32BScope.Trojan.StartPage
MalwarebytesMalware.AI.3289118052
APEXMalicious
YandexTrojan.Agent!DmcWdOFIV+M
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.65CA!tr
AVGWin32:TrojanX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Doina.25760 (B)?

Doina.25760 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment