Malware

Doina.29529 (file analysis)

Malware Removal

The Doina.29529 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.29529 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Creates a copy of itself
  • Attempts to disable Windows Error Reporting
  • Disables Windows firewall
  • Uses suspicious command line tools or Windows utilities

How to determine Doina.29529?



File Info:

name: D50C71361EA815462C2A.mlw
path: /opt/CAPEv2/storage/binaries/329954893db2172dbc549148b0e332454c0964660e7161956b0a9d17624ab514
crc32: 39A5EECC
md5: d50c71361ea815462c2a574a54cae6f1
sha1: 966c2142c44e45069d5891d577809e9271e2ff13
sha256: 329954893db2172dbc549148b0e332454c0964660e7161956b0a9d17624ab514
sha512: 0512c5aa38077076a4a162ff30f901445e1c29d499dc0eca1b127c404c9db7f741337cceb4e79d8d3ffbb67e6d0942c282ca91fa41f350cc6f30d3670081897b
ssdeep: 3072:BVqY2gD6dP5SFVQCNzE4CfEglmEpa8R7UwiUUWLPdsfCoHPtDaJf4pOH7W47RRsb:cgeEQSE7MHEPywiULozvtWJf6C7WKsT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1846412E85F417A1DE3D9B2B99807B36817D4097D7D0E61E3261F2C78C4952BCF606AA0
sha3_384: e09c806578cfae4360bdcc0f5720b5ee4f5ec7838e921f34ee1be057a62fbb58c8f8a73a06a02aa131710e4b8a9b2cc1
ep_bytes: 680bb34700e91000000096a46819b347
timestamp: 2022-06-01 07:06:51


Version Info:

0: [No Data]

Doina.29529 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.d50c71361ea81546
McAfeeBackDoor-EXZ
MalwarebytesMalware.AI.3658373545
K7AntiVirusTrojan ( 0052c8a31 )
BitDefenderGen:Variant.Doina.29529
K7GWTrojan ( 0052c8a31 )
CrowdStrikewin/malicious_confidence_100% (D)
VirITTrojan.Win32.Agent.BWB
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.BlackMoon.A suspicious
APEXMalicious
ClamAVWin.Dropper.Ramnit-7076132-0
KasperskyVHO:Backdoor.Win32.PcClient.gen
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
MicroWorld-eScanGen:Variant.Doina.29529
AvastWin32:Evo-gen [Susp]
Ad-AwareGen:Variant.Doina.29529
EmsisoftGen:Variant.Doina.29529 (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen
VIPREGen:Variant.Doina.29529
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
Trapminemalicious.high.ml.score
SophosML/PE-A + Mal/ResDro-B
IkarusVirus.Fat.Obfuscated
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=82)
MicrosoftTrojan:Win32/Sabsik.EN.B!ml
ArcabitTrojan.Doina.D7359
ZoneAlarmVHO:Backdoor.Win32.PcClient.gen
GDataGen:Variant.Doina.29529
AhnLab-V3Backdoor/Win.EXZ.C5036577
VBA32BScope.Trojan.BtcMine
ALYacGen:Variant.Doina.29529
CylanceUnsafe
RisingTrojan.Generic@AI.100 (RDML:pPAsP9ENncCqAqrgS3ZHJQ)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Filecoder.FV!tr.ransom
BitDefenderThetaGen:NN.ZexaF.34742.sqW@a8dEMTg
AVGWin32:Evo-gen [Susp]
Cybereasonmalicious.2c44e4

How to remove Doina.29529?

Doina.29529 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment