Malware

About “Doina.38452” infection

Malware Removal

The Doina.38452 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Doina.38452 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Generates suspicious DNS queries indicative of DNS tunneling
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Doina.38452?


File Info:

name: 3E444794874F9B0F06E1.mlw
path: /opt/CAPEv2/storage/binaries/a1975b64e96124a4f70c77af4a48fc2648581d7f0cf53a08796320346f818593
crc32: A861BCD6
md5: 3e444794874f9b0f06e192384122bc68
sha1: e0717d4172c063b92b570834b96261ed621a97bd
sha256: a1975b64e96124a4f70c77af4a48fc2648581d7f0cf53a08796320346f818593
sha512: cd266a4bc38cfd97f693ad81acd99abc589ae52c6ffed21b62b998c3d5062fc83c020c41a8f81138bd1d144829b5816189bb6598b78803321dc4d4d4056567b1
ssdeep: 6144:4f86ryphtQ7nHL0YzriWO7G24FZ5y31fc6plvcfM86v16cOFARiO:ooMnHgYzrXO7Ge1fc56BRiO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A3A4E515AA908072C772417FB4A3766EAA6174233F10CDFB62500ED75ED2FB269352CB
sha3_384: 3413debe151516daa9de688c36172cb890d3048e2b33289ac877bb7aa4103b9394f7bc9888819b14deaacac4f78ec247
ep_bytes: e8f23a0000e979feffff8bff558bec5d
timestamp: 2022-01-02 07:47:27

Version Info:

0: [No Data]

Doina.38452 also known as:

BkavW32.AIDetect.malware1
MicroWorld-eScanGen:Variant.Doina.38452
FireEyeGeneric.mg.3e444794874f9b0f
McAfeeGenericRXTF-DL!3E444794874F
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0054a11a1 )
K7GWTrojan ( 0054a11a1 )
Cybereasonmalicious.172c06
BitDefenderThetaGen:NN.ZexaF.34742.DuZ@aOH6@7gi
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Sfuzuan.AB
KasperskyHEUR:Backdoor.Win32.Gulpix.gen
BitDefenderGen:Variant.Doina.38452
NANO-AntivirusTrojan.Win32.Gulpix.jpckuq
APEXMalicious
TencentMalware.Win32.Gencirc.10d065fa
Ad-AwareGen:Variant.Doina.38452
EmsisoftGen:Variant.Doina.38452 (B)
DrWebTrojan.Siggen17.61104
ZillyaTrojan.Sfuzuan.Win32.736
McAfee-GW-EditionBehavesLike.Win32.Generic.gh
Trapminemalicious.high.ml.score
SophosMal/Generic-S
IkarusTrojan.Win32.Sfuzuan
GDataWin32.Trojan.WinDownloader.A
JiangminBackdoor.Gulpix.abo
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=84)
ZoneAlarmHEUR:Backdoor.Win32.Gulpix.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C5155271
Acronissuspicious
VBA32BScope.TrojanDownloader.Upatre
ALYacGen:Variant.Doina.38452
MalwarebytesMalware.AI.2915880422
AvastWin32:TrojanX-gen [Trj]
RisingTrojan.Sfuzuan!1.DC08 (CLASSIC)
YandexTrojan.Sfuzuan!kRsfzNtiR5g
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Sfuzuan.AB!tr
AVGWin32:TrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Doina.38452?

Doina.38452 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment