Categories: Malware

Doina.35035 (file analysis)

The Doina.35035 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Doina.35035 virus can do?

Performs HTTP requests potentially not found in PCAP.
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid
CAPE detected the embedded pe malware family
Attempts to modify proxy settings
Touches a file containing cookies, possibly for information gathering
Yara detections observed in process dumps, payloads or dropped files

How to determine Doina.35035?


File Info:
name: 15A72016F1521B797D85.mlwpath: /opt/CAPEv2/storage/binaries/cef39cb5e7780da64a7e6d665654569d0f84798b0430ca62fae100030a4d0839crc32: 84EEC26Cmd5: 15a72016f1521b797d8560d1ff4c1baasha1: ac783fb56ba9ace789bf4dadbfb73f402b7a77a3sha256: cef39cb5e7780da64a7e6d665654569d0f84798b0430ca62fae100030a4d0839sha512: 66883dd47a73e8e46ddb501ba1ab26dbad805506960673a84303d44d21357297569130192e9d19cf9ee5899f82826af7509ece83576bdb36cd53a8d6c38b9993ssdeep: 12288:PsLIbUNRvcb1m3KVllw66JARyHQxLwUHXHpWXVMoW21bm98aAr:PsLIYrvC1OKfz6JAEHQxZpWFCKmWatype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1B3D48D32B6B19437C2B31B788DBBAB716439BF501E28464777E41E4C8F796503A0A397sha3_384: 5fe30930804116bf5809b1a450c2fafc22421196a30a0257c09de22e69aae4995fd181e86c8f006dc99dddcdf0f1fe7fep_bytes: eb1066623a432b2b484f4f4b90e998d0timestamp: 2010-08-01 13:58:26
Version Info:
CompanyName: Shenzhen QVOD Technology Co.,LtdFileDescription: QvodTerminalFileVersion: 3.5.1.1InternalName: QvodTerminalLegalCopyright: Copyright(C) 2006-2009 QVODLegalTrademarks: OriginalFilename: QvodTerminal.exe"ProductName: QvodTerminalProductVersion: 3, 5, 1, 11Comments: Translation: 0x0804 0x03a8

Doina.35035 also known as:

Lionic	Trojan.Win32.Mifeng.4!c
AVG	Win32:Downloader-FET [Trj]
MicroWorld-eScan	Gen:Variant.Doina.35035
FireEye	Gen:Variant.Doina.35035
Skyhigh	GenericRXMI-AV!15A72016F152
McAfee	GenericRXMI-AV!15A72016F152
Malwarebytes	Generic.Malware/Suspicious
Zillya	Trojan.Mifeng.Win32.126
Sangfor	Trojan.Win32.Clicker.Voos
K7AntiVirus	Spyware ( 00591bc71 )
Alibaba	TrojanClicker:Win32/Mifeng.5c4c239f
K7GW	Spyware ( 00591bc71 )
Cybereason	malicious.6f1521
VirIT	Trojan.Win32.Generic.AQUH
Symantec	Trojan.Gen.2
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/TrojanClicker.Delf.NWH
Cynet	Malicious (score: 99)
ClamAV	Win.Trojan.Mifeng-33
Kaspersky	Trojan-Clicker.Win32.Agent.cbro
BitDefender	Gen:Variant.Doina.35035
NANO-Antivirus	Trojan.Win32.Agent.cxxqok
Avast	Win32:Downloader-FET [Trj]
Rising	Trojan.Generic@AI.81 (RDMK:OXFK/e+KAZXR4mNxpPbktg)
TACHYON	Trojan-PWS/W32.WebGame.636928.B
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/PSW.Mifeng.GA
DrWeb	Trojan.DownLoader7.38287
VIPRE	Gen:Variant.Doina.35035
Emsisoft	Gen:Variant.Doina.35035 (B)
GData	Gen:Variant.Doina.35035
Jiangmin	Trojan/PSW.Mifeng.bp
Avira	TR/PSW.Mifeng.GA
Antiy-AVL	Trojan[Clicker]/Win32.Agent
Kingsoft	Win32.Troj.Unknown.a
Xcitium	Malware@#1th6pf2yqm8qp
Arcabit	Trojan.Doina.D88DB
ViRobot	Trojan.Win32.A.Clicker.636928
ZoneAlarm	Trojan-Clicker.Win32.Agent.cbro
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Trojan/Win32.Agent.R52050
VBA32	TrojanClicker.Agent
ALYac	Gen:Variant.Doina.35035
MAX	malware (ai score=100)
Cylance	unsafe
Panda	Trj/CI.A
Tencent	Win32.Trojan.Agent.Ncnw
Yandex	Trojan.GenAsa!XdhFAfmahqo
Ikarus	not-a-virus:AdWare.Bibibey
MaxSecure	Trojan.Malware.2814246.susgen
Fortinet	W32/Mifeng.GA!tr.pws
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_60% (D)
alibabacloud	Worm:Win/Delf.NWH