Malware

Should I remove “Doina.30973”?

Malware Removal

The Doina.30973 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.30973 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Creates a copy of itself

How to determine Doina.30973?



File Info:

name: 9A7F0B64007CEDFA9AE2.mlw
path: /opt/CAPEv2/storage/binaries/36fed8ab1bf473714d6886b8dcfbcaa200a72997d50ea0225a90c28306b7670e
crc32: 113B2E2D
md5: 9a7f0b64007cedfa9ae20dd212892d73
sha1: 1e894ddc237b033b5b1dcf9b05d281ff0a053532
sha256: 36fed8ab1bf473714d6886b8dcfbcaa200a72997d50ea0225a90c28306b7670e
sha512: 117c40f7452a41a523e85a520aa96bef6616b586f24e6c4bf56e606f172bf33aef2cd857834320f6c215380783a2c08cbc427d30e168ce0f7996fe71cea72869
ssdeep: 12288:+2Vxr2M78xf9yAx1ZjnfuEo9ky2NjslY/V:+iKuRAx/by2Bsl4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T181848D21B542E032D4A101306F68EFB995BC6E354F6248DB77D44EB99E702D26A31F3B
sha3_384: a872e6543483405de1f8122b4144b7a80e33478f772bdbb19d5be957376a1cd331eacea0a576f5f8ff7d01cdf4d4ece8
ep_bytes: e81a050000e97afeffff558bec81ec24
timestamp: 2021-04-05 21:27:52


Version Info:

Comments: Microsoft Service Hub x86 CLR host
CompanyName: Microsoft
FileDescription: ServiceHub.Host.CLR.x86
FileVersion: 2.3.88.5166
InternalName: ServiceHub.Host.CLR.x86.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: ServiceHub.Host.CLR.x86.exe
ProductName: ServiceHub.Host.CLR.x86
ProductVersion: 2.3.88+g2e1465a763.RR
Assembly Version: 2.0.0.0
Translation: 0x0000 0x04b0

Doina.30973 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Fileless.4!c
MicroWorld-eScanGen:Variant.Doina.30973
FireEyeGen:Variant.Doina.30973
CAT-QuickHealTrojan.Sysjoker.S26457894
ALYacGen:Variant.Doina.30973
CylanceUnsafe
VIPREGen:Variant.Doina.30973
SangforSuspicious.Win32.Save.a
K7AntiVirusRiskware ( 00584baa1 )
AlibabaBackdoor:Win32/SysJoker.2562c97a
K7GWRiskware ( 00584baa1 )
SymantecTrojan Horse
ElasticWindows.Trojan.SysJoker
ESET-NOD32a variant of Win32/SysJoker.A
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.SysJoker-9936781-0
KasperskyHEUR:Trojan.Win32.Fileless.gen
BitDefenderGen:Variant.Doina.30973
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Doina.30973
SophosMal/Generic-S
DrWebBackDoor.SysJoker.1
ZillyaTrojan.Fileless.Win32.18
TrendMicroBackdoor.Win32.SYSJOKER.B
McAfee-GW-EditionBehavesLike.Win32.NetLoader.fh
Trapminemalicious.moderate.ml.score
EmsisoftGen:Variant.Doina.30973 (B)
GDataGen:Variant.Doina.30973
WebrootW32.Trojan.GenKD
AviraTR/Redcap.dqrxo
MicrosoftBackdoor:Win32/SysJoker.A
CynetMalicious (score: 100)
McAfeeRDN/Generic BackDoor
MAXmalware (ai score=99)
VBA32BScope.Trojan.Occamy
TrendMicro-HouseCallBackdoor.Win32.SYSJOKER.B
RisingBackdoor.SysJoker!1.DB63 (CLASSIC)
IkarusTrojan.Win32.Sysjoker
MaxSecureTrojan.Malware.120209869.susgen
FortinetW32/Fileless!tr
BitDefenderThetaGen:NN.ZexaF.34742.yu0@a4rhqZni
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Doina.30973?

Doina.30973 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment