Malware

Doina.48214 malicious file

Malware Removal

The Doina.48214 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.48214 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • CAPE detected the RedLine malware family
  • Attempts to identify installed AV products by installation directory
  • Attempts to modify proxy settings
  • Appears to use command line obfuscation
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Doina.48214?



File Info:

name: B9641A33E20F2CA46DDB.mlw
path: /opt/CAPEv2/storage/binaries/3dbeff8ab97576a84f94785dca56709c848d472fc89983711ab674f90423792b
crc32: 442AA8F3
md5: b9641a33e20f2ca46ddbac600cdf97ea
sha1: 3a196fbc34c6638e617085d61a8232ad94556ec9
sha256: 3dbeff8ab97576a84f94785dca56709c848d472fc89983711ab674f90423792b
sha512: 0b9c5f9357045711e2a421a514a91cdc2db1db9fce09c438b6bc319bf3b8c3054bb77deb98b9dfa8303b1f2f55b1581245dd108da4db033138897abe5e7ab9f0
ssdeep: 12288:jMrBy90XgP9zQwXDJBdlPZqZbdQfZgBIOVjLn2ui2gcI+THQBbPzj:yyma9zXDHfCtl2ogXZbj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19405231797EC8062E5F1277029F703E32A32BD616A78875B174EAE1D19736A09530B3F
sha3_384: a4769ab26847d0658906151434b5d6869505870b06c5bb8c320bd79174ce1cadedc77f11e5d48860f5a313ebb471b11e
ep_bytes: e8f0060000e9000000006a5868b87240
timestamp: 2022-05-24 22:49:06


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Самоизвлечение CAB-файлов Win32                                           
FileVersion: 11.00.17763.1 (WinBuild.160101.0800)
InternalName: Wextract                
LegalCopyright: © Корпорация Майкрософт. Все права защищены.
OriginalFilename: WEXTRACT.EXE            .MUI
ProductName: Internet Explorer
ProductVersion: 11.00.17763.1
Translation: 0x0419 0x04b0

Doina.48214 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Babar.167435
ClamAVWin.Packed.Disabler-9987080-0
FireEyeGeneric.mg.b9641a33e20f2ca4
CAT-QuickHealTrojan.MSIL
McAfeePWS-FDON!7E93BACBBC33
MalwarebytesGeneric.Trojan.Injector.DDS
VIPRETrojan.GenericKD.65331035
K7AntiVirusTrojan-Downloader ( 0057994f1 )
K7GWTrojan-Downloader ( 0057994f1 )
Cybereasonmalicious.3e20f2
BaiduMulti.Threats.InArchive
CyrenW32/Agent.FRF.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
CynetMalicious (score: 99)
KasperskyHEUR:Trojan.MSIL.Agent.gen
NANO-AntivirusTrojan.Win32.Disabler.junsud
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
AvastWin32:TrojanX-gen [Trj]
TencentTrojan-Ransom.Win32.Stop.gen
DrWebTrojan.Siggen19.32857
TrendMicroTROJ_GEN.R002C0PBK23
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
Trapminemalicious.high.ml.score
SentinelOneStatic AI – Malicious SFX
GDataGeneric.Trojan.PSEB.WGPCII
AviraTR/Disabler.ocayi
Antiy-AVLTrojan[Downloader]/Win32.Amadey
XcitiumApplicUnwnt@#1ftfc2ja2g1dd
MicrosoftTrojan:Script/Phonzy.A!ml
GoogleDetected
ALYacGen:Variant.Doina.48214
TrendMicro-HouseCallTROJ_GEN.R002C0PBK23
RisingDownloader.Amadey!8.125AC (TFE:5:HlAGNWrdXqP)
YandexTrojan.Disabler!G6z7qDxyklM
IkarusWin32.Outbreak
FortinetPossibleThreat
AVGWin32:TrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Doina.48214?

Doina.48214 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment