Categories: Malware

Doina.33667 (B) removal

The Doina.33667 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Doina.33667 (B) virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Dynamic (imported) function loading detected
Attempts to connect to a dead IP:Port (7 unique times)
Network anomalies occured during the analysis.
Starts servers listening on 127.0.150.81:29002, 127.0.150.81:29003
Reads data out of its own binary image
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Doina.33667 (B)?


File Info:
name: C190A9185C0A3D320B04.mlwpath: /opt/CAPEv2/storage/binaries/3233809695dca55c27c0c9b5e69e0b712113bd75ca7700597b5c40d5284f4e5bcrc32: 2912FF7Fmd5: c190a9185c0a3d320b0456862474ee3fsha1: 38d36e601e3d5f2f65f866e21b3bb18f8b17f547sha256: 3233809695dca55c27c0c9b5e69e0b712113bd75ca7700597b5c40d5284f4e5bsha512: d9e4d11c596ed73cf70bdc695377dee3835fe5c7170189e2cac8b595e3da17492ad280d8df39ef8fc1b7cbd6d47f23e69a73e5822092a18de5ef9af3f392a347ssdeep: 98304:dhO4dc/0GiSycs5TE0zUMtozIxsyEUvCYljLav5g0AslJe2ud8EISLY9zv:dhw/khUMtcI5a2jLgfm7LY9zvtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T18346AE02E751C276F9A310B65ABE576E643CAF311B05A4C7E3C42E6D4A712E23A37353sha3_384: 73cde9936ed736c5e66aa4323ff394afcd773e970d5fa8f8bee5c8d872a6d40150b00994038f21a5701fc63b1cdedd4cep_bytes: e8f3f30000e979feffff8bff558bec53timestamp: 2022-03-04 06:04:23
Version Info:
FileVersion: 1.0.0.3InternalName: Cloud ApplicationLegalCopyright: Copyright (C) 2021ProductName: Cloud ApplicationProductVersion: 1.0.0.3Translation: 0x0804 0x04b0

Doina.33667 (B) also known as:

Lionic	Trojan.Win32.Doina.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Doina.33667
ALYac	Gen:Variant.Doina.33667
Sangfor	Suspicious.Win32.Doina.33667
K7AntiVirus	Riskware ( 00584baa1 )
K7GW	Riskware ( 00584baa1 )
CrowdStrike	win/malicious_confidence_70% (W)
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
BitDefender	Gen:Variant.Doina.33667
Avast	Win32:TrojanX-gen [Trj]
Ad-Aware	Gen:Variant.Doina.33667
Emsisoft	Gen:Variant.Doina.33667 (B)
McAfee-GW-Edition	BehavesLike.Win32.Dropper.th
FireEye	Generic.mg.c190a9185c0a3d32
GData	Gen:Variant.Doina.33667
Jiangmin	TrojanDropper.Dapato.adhi
Avira	HEUR/AGEN.1242865
MAX	malware (ai score=88)
Microsoft	Trojan:Win32/Sabsik.TE.B!ml
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.Generic.R474017
McAfee	GenericRXSU-NU!C190A9185C0A
VBA32	BScope.TrojanDropper.Dapato
Malwarebytes	Trojan.Crypt
TrendMicro-HouseCall	TROJ_GEN.R002H0CEA22
Rising	Hacktool.NetScanner!8.11513 (RDMK:cmRtazqYZGqaIRERqIL+SlY6ozUY)
Fortinet	W32/PossibleThreat
BitDefenderTheta	Gen:NN.ZexaF.34666.@B1@am3twRpj
AVG	Win32:TrojanX-gen [Trj]