Categories: Malware

Doina.40845 (file analysis)

The Doina.40845 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Doina.40845 virus can do?

Sample contains Overlay data
Uses Windows utilities for basic functionality
Reads data out of its own binary image
Drops a binary and executes it
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Disables Windows firewall
Touches a file containing cookies, possibly for information gathering
Clears web history
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Doina.40845?


File Info:
name: 3202E6D7FB081E066544.mlwpath: /opt/CAPEv2/storage/binaries/6e6c5712b32386377eeab596fa83a9e668063160b9a52561df3555140d7fb7ebcrc32: 78451E8Cmd5: 3202e6d7fb081e066544a59b40e66197sha1: 2fac9d97fb2b96f96de7670ac4c4b960f3fee6aasha256: 6e6c5712b32386377eeab596fa83a9e668063160b9a52561df3555140d7fb7ebsha512: cc458dd9ed40e8610495f5b3e3263474d85bedd7500514fb2f66464b267321a6a08176af487730a939f497feb1d68286cd5a277ffc115f8075e8289a573a604fssdeep: 98304:bazo+78Wftj4puoeuaKhlrH9L7TRZ+ZHJtj/IcikcskwvOC+:ezo+wWftLoeghlpzX+ZHTgZwvktype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1D60633B3FBD98836F13736388C8066A91316FC19EC7DC51774C83A4D19B926A24A93D7sha3_384: d164b74d58379f6dc5780eea37e0dfcd4dbab6e80e95c2fa9e5a5322bae3f84117b68ec88df001f038dda0e1eb6bec8cep_bytes: 558becb9130000006a006a004975f951timestamp: 1992-06-19 22:22:17
Version Info:
FileVersion: 2.1.2.1FileDescription: Ftp系统核心服务ProductName: Ftp系统核心服务ProductVersion: 2.1.2.1CompanyName: Windows系统Ftp核心服务LegalCopyright: Windows系统Ftp核心服务 版权所有Comments: Ftp系统核心服务Translation: 0x0804 0x04b0

Doina.40845 also known as:

Bkav	W32.MoneroMinerAI.Trojan
Lionic	Trojan.Win32.EquationDrug.tphT
tehtris	Generic.Malware
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Doina.40845
Cylance	unsafe
VIPRE	Gen:Variant.Doina.40845
Sangfor	Trojan.Win32.Agent.Vm77
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Trojan:Win32/EquationDrug.c56df83b
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.7fb2b9
Cyren	W32/Trojan.CLL.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Generik.JIHAJWZ
APEX	Malicious
Kaspersky	Trojan.Win32.Eb.air
BitDefender	Gen:Variant.Doina.40845
NANO-Antivirus	Trojan.Win32.Eb.hhwnel
MicroWorld-eScan	Gen:Variant.Doina.40845
Avast	Win32:Trojan-gen
Tencent	Malware.Win32.Gencirc.115a2e71
Emsisoft	Gen:Variant.Doina.40845 (B)
F-Secure	Trojan.TR/AD.EquationDrug.kjvwg
DrWeb	Trojan.DownLoader25.6485
Zillya	Trojan.SchoolGirl.Win32.86
McAfee-GW-Edition	BehavesLike.Win32.Dropper.wc
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.3202e6d7fb081e06
Sophos	Mal/Generic-S
Ikarus	PUA.HackTool.Patcher
Jiangmin	Trojan.Qhost.it
Webroot	W32.Malware.Gen
Avira	TR/AD.EquationDrug.kjvwg
Microsoft	Trojan:Win32/Wacatac.B!ml
Xcitium	Malware@#2c7hgcei6ldu9
Arcabit	Trojan.Doina.D9F8D
ZoneAlarm	Trojan.Win32.Eb.air
GData	Gen:Variant.Doina.40845
Google	Detected
McAfee	Artemis!3202E6D7FB08
MAX	malware (ai score=100)
VBA32	Trojan.Win64.Miner
Malwarebytes	Generic.Trojan.Malicious.DDS
Panda	Trj/CI.A
Rising	Trojan.Generic@AI.100 (RDML:kNxSXzAWJ0lgtRSf3DLfYw)
Fortinet	W32/Eb.AIR!tr
BitDefenderTheta	Gen:NN.ZelphiF.36738.QJ3@aOt8DOab
AVG	Win32:Trojan-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)