Malware

Doina.35035 (file analysis)

Malware Removal

The Doina.35035 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.35035 virus can do?

  • Performs HTTP requests potentially not found in PCAP.
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • CAPE detected the embedded pe malware family
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Doina.35035?



File Info:

name: 15A72016F1521B797D85.mlw
path: /opt/CAPEv2/storage/binaries/cef39cb5e7780da64a7e6d665654569d0f84798b0430ca62fae100030a4d0839
crc32: 84EEC26C
md5: 15a72016f1521b797d8560d1ff4c1baa
sha1: ac783fb56ba9ace789bf4dadbfb73f402b7a77a3
sha256: cef39cb5e7780da64a7e6d665654569d0f84798b0430ca62fae100030a4d0839
sha512: 66883dd47a73e8e46ddb501ba1ab26dbad805506960673a84303d44d21357297569130192e9d19cf9ee5899f82826af7509ece83576bdb36cd53a8d6c38b9993
ssdeep: 12288:PsLIbUNRvcb1m3KVllw66JARyHQxLwUHXHpWXVMoW21bm98aAr:PsLIYrvC1OKfz6JAEHQxZpWFCKmWa
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B3D48D32B6B19437C2B31B788DBBAB716439BF501E28464777E41E4C8F796503A0A397
sha3_384: 5fe30930804116bf5809b1a450c2fafc22421196a30a0257c09de22e69aae4995fd181e86c8f006dc99dddcdf0f1fe7f
ep_bytes: eb1066623a432b2b484f4f4b90e998d0
timestamp: 2010-08-01 13:58:26


Version Info:

CompanyName: Shenzhen QVOD Technology Co.,Ltd
FileDescription: QvodTerminal
FileVersion: 3.5.1.1
InternalName: QvodTerminal
LegalCopyright: Copyright(C) 2006-2009 QVOD
LegalTrademarks: 
OriginalFilename: QvodTerminal.exe"
ProductName: QvodTerminal
ProductVersion: 3, 5, 1, 11
Comments: 
Translation: 0x0804 0x03a8

Doina.35035 also known as:

LionicTrojan.Win32.Mifeng.4!c
AVGWin32:Downloader-FET [Trj]
MicroWorld-eScanGen:Variant.Doina.35035
FireEyeGen:Variant.Doina.35035
SkyhighGenericRXMI-AV!15A72016F152
McAfeeGenericRXMI-AV!15A72016F152
MalwarebytesGeneric.Malware/Suspicious
ZillyaTrojan.Mifeng.Win32.126
SangforTrojan.Win32.Clicker.Voos
K7AntiVirusSpyware ( 00591bc71 )
AlibabaTrojanClicker:Win32/Mifeng.5c4c239f
K7GWSpyware ( 00591bc71 )
Cybereasonmalicious.6f1521
VirITTrojan.Win32.Generic.AQUH
SymantecTrojan.Gen.2
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanClicker.Delf.NWH
CynetMalicious (score: 99)
ClamAVWin.Trojan.Mifeng-33
KasperskyTrojan-Clicker.Win32.Agent.cbro
BitDefenderGen:Variant.Doina.35035
NANO-AntivirusTrojan.Win32.Agent.cxxqok
AvastWin32:Downloader-FET [Trj]
RisingTrojan.Generic@AI.81 (RDMK:OXFK/e+KAZXR4mNxpPbktg)
TACHYONTrojan-PWS/W32.WebGame.636928.B
SophosMal/Generic-S
F-SecureTrojan.TR/PSW.Mifeng.GA
DrWebTrojan.DownLoader7.38287
VIPREGen:Variant.Doina.35035
EmsisoftGen:Variant.Doina.35035 (B)
GDataGen:Variant.Doina.35035
JiangminTrojan/PSW.Mifeng.bp
AviraTR/PSW.Mifeng.GA
Antiy-AVLTrojan[Clicker]/Win32.Agent
KingsoftWin32.Troj.Unknown.a
XcitiumMalware@#1th6pf2yqm8qp
ArcabitTrojan.Doina.D88DB
ViRobotTrojan.Win32.A.Clicker.636928
ZoneAlarmTrojan-Clicker.Win32.Agent.cbro
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win32.Agent.R52050
VBA32TrojanClicker.Agent
ALYacGen:Variant.Doina.35035
MAXmalware (ai score=100)
Cylanceunsafe
PandaTrj/CI.A
TencentWin32.Trojan.Agent.Ncnw
YandexTrojan.GenAsa!XdhFAfmahqo
Ikarusnot-a-virus:AdWare.Bibibey
MaxSecureTrojan.Malware.2814246.susgen
FortinetW32/Mifeng.GA!tr.pws
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_60% (D)
alibabacloudWorm:Win/Delf.NWH

How to remove Doina.35035?

Doina.35035 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment