Malware

Doina.48214 malicious file

Malware Removal

The Doina.48214 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.48214 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • CAPE detected the RedLine malware family
  • Attempts to identify installed AV products by installation directory
  • Attempts to modify proxy settings
  • Appears to use command line obfuscation
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Doina.48214?



File Info:

name: 62B428A4CAE7355C9258.mlw
path: /opt/CAPEv2/storage/binaries/e16b6fe8f2b1c1767dda6d502bcdfb706cacded7e357fe1c136b5333960d023e
crc32: B739DFD1
md5: 62b428a4cae7355c9258642fa82bed93
sha1: 7d49b6397b4b04dafdf7bb2dc368fba0d1f089a2
sha256: e16b6fe8f2b1c1767dda6d502bcdfb706cacded7e357fe1c136b5333960d023e
sha512: 0322c445380ecda14cc6de4b4a147ee9a8c37bc0dcede3af25cc0e5e189439dab7d13aa3db3371f21e3cc0fc39f51c5db5ca3e6fffc5036faf93ac318995cf8c
ssdeep: 12288:+MrGy90wGrODNmS1RdRhGxOAurr9IBHWW+QJITsx:0yfsS1RdKIAGqHWWF2TY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16FC4021BF6DC8172E9B557B01CF603C3063B7EA15A78839A234E6C4A09B3564B67173B
sha3_384: 8846b519483887915eb1c1d865aa66ef042370fd1316a1ce8552535ba0bc83f8ee560fb92b9cd5cc95f9a3f2a9b5a9ea
ep_bytes: e8f0060000e9000000006a5868b87240
timestamp: 2022-05-24 22:49:06


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Самоизвлечение CAB-файлов Win32                                           
FileVersion: 11.00.17763.1 (WinBuild.160101.0800)
InternalName: Wextract                
LegalCopyright: © Корпорация Майкрософт. Все права защищены.
OriginalFilename: WEXTRACT.EXE            .MUI
ProductName: Internet Explorer
ProductVersion: 11.00.17763.1
Translation: 0x0419 0x04b0

Doina.48214 also known as:

Elasticmalicious (high confidence)
CynetMalicious (score: 99)
CAT-QuickHealTrojan.MSIL
McAfeeArtemis!21305A412B31
Cylanceunsafe
VIPRETrojan.GenericKD.65331035
K7AntiVirusTrojan-Downloader ( 0057994f1 )
K7GWTrojan-Downloader ( 0057994f1 )
CrowdStrikewin/malicious_confidence_60% (W)
CyrenW32/KillAV.KMEF-6536
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
ClamAVWin.Packed.Disabler-9987080-0
KasperskyVHO:Trojan-Ransom.Win32.Stop.gen
SUPERAntiSpywareTrojan.Agent/Gen-Crypt
AvastWin32:TrojanX-gen [Trj]
RisingDownloader.Amadey!8.125AC (TFE:5:HlAGNWrdXqP)
DrWebTrojan.Siggen19.32857
TrendMicroRansom.Win32.STOP.SMYXDBTB.hp
McAfee-GW-EditionBehavesLike.Win32.Generic.hc
Trapminesuspicious.low.ml.score
FireEyeGeneric.mg.62b428a4cae7355c
IkarusTrojan-Downloader.Win32.Amadey
AviraTR/AD.Nekark.vtrdi
Antiy-AVLTrojan[Downloader]/Win32.Amadey
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
ALYacGen:Variant.Doina.48214
MalwarebytesGeneric.Trojan.Injector.DDS
TrendMicro-HouseCallTROJ_GEN.R002C0PBP23
TencentTrojan.MSIL.Agent.hg
YandexTrojan.Disabler!G6z7qDxyklM
SentinelOneStatic AI – Suspicious SFX
FortinetMSIL/Disabler.DR!tr
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.4cae73

How to remove Doina.48214?

Doina.48214 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment