Malware

Doina.31537 removal tips

Malware Removal

The Doina.31537 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.31537 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Doina.31537?



File Info:

name: 16BB25CBB80C77FC1021.mlw
path: /opt/CAPEv2/storage/binaries/2d4a1b23afe3a89be828596e44e7ad49590073978035b265ff64ce8d5a46b045
crc32: A274B181
md5: 16bb25cbb80c77fc1021bab65ea1d12b
sha1: a2a88d227b151c3f5d54fdec5e3060db76f6fe0b
sha256: 2d4a1b23afe3a89be828596e44e7ad49590073978035b265ff64ce8d5a46b045
sha512: 09fd08b38fec39bb90c9536a56f8a3fa1147de50f2b3f764915b8245d9a49a21093e392320c9010acf1e4d39c4b1810a6bb04de7d806654421b8146766ad0875
ssdeep: 49152:+CVyjuA7R+QsOB2TcPUV0q1seuZiX4aiJ3OsjqrdZsHAIruShQF8v9g:+9R+QPlUVZ1GPaiJ7YZJAO69g
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T118D53321611EF8A7F0A285B77237A86E68C6F99002DDDE7E924F654B49F12F02F5140F
sha3_384: fd39a5e5e3c4f0b84817f6902e302b994b0312cf5696ad24002e5f0a0de750746acae14f67fbbbe8a8f93e1eb645989e
ep_bytes: 60be0090a5008dbe00809aff57eb0b90
timestamp: 2017-01-26 09:56:01


Version Info:

CompanyName: Cynet Ltd.
FileDescription: Cynet Scaner I386 .
FileVersion: 2.7.9.82
InternalName: CynetEPS.exe
LegalCopyright: Cynet
OriginalFilename: CynetEPS.exe
ProductName: Cynet Scaner
ProductVersion: 2.7.9.82
Translation: 0x0000 0x04b0

Doina.31537 also known as:

MicroWorld-eScanGen:Variant.Doina.31537
VIPRETrojan.Win32.Generic!BT
SangforSuspicious.Win32.Save.a
BitDefenderGen:Variant.Doina.31537
Cybereasonmalicious.bb80c7
APEXMalicious
AvastFileRepMalware
RisingRansom.Agent!8.6B7 (CLOUD)
ZillyaTrojan.AgentCRTD.Win32.11420
EmsisoftGen:Variant.Doina.31537 (B)
JiangminTrojan.Agent.atfz
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataGen:Variant.Doina.31537
VBA32BScope.Trojan.Occamy
TrendMicro-HouseCallTROJ_GEN.R002H0CB222
TencentWin32.Trojan.Agent.Dzkl
MAXmalware (ai score=100)
FortinetW32/Agent.AAED!tr
PandaTrj/CI.A

How to remove Doina.31537?

Doina.31537 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment