Malware

Doina.48991 removal tips

Malware Removal

The Doina.48991 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.48991 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • CAPE detected the RedLine malware family
  • Attempts to identify installed AV products by installation directory
  • Attempts to modify proxy settings
  • Appears to use command line obfuscation
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Doina.48991?



File Info:

name: B6B6FA6DAC328E42D783.mlw
path: /opt/CAPEv2/storage/binaries/94617fe81cbcb72f91ed7a827468b9da11e0f7ef0a1296920ab7f55ba2afae71
crc32: A1C0CE78
md5: b6b6fa6dac328e42d783e1a444c7f5be
sha1: 8a0d870c1f6785592ad3df97e460d0b131bcea43
sha256: 94617fe81cbcb72f91ed7a827468b9da11e0f7ef0a1296920ab7f55ba2afae71
sha512: da1d13f67e267d730b8c6a6b8e2367c99f6c0e33aa170a7170744c7065cd40a780f50c6a1ee862a92b5cfccc97efe873f97338d438779daef62dfdeba91068f3
ssdeep: 12288:BMrFy90vnwZPLVPpHcP4K6MiqluHJS9SnfwFdNO1noxPyv6t6HUvZv1SsI:Eymw9jHcAK6Misw6Sn5n8PyytGWN1I
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16E051207E6E88973E5B5677058F102C30A36BE919E34939B798F6D6A2C731B06631337
sha3_384: b8aa28ba9e24d8a2eab62c1abeb9373e382431b740a079c2aca81512129c70d479955b7c0db21564bca1cb8542ba1e5a
ep_bytes: e8f0060000e9000000006a5868b87240
timestamp: 2022-05-24 22:49:06


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Самоизвлечение CAB-файлов Win32                                           
FileVersion: 11.00.17763.1 (WinBuild.160101.0800)
InternalName: Wextract                
LegalCopyright: © Корпорация Майкрософт. Все права защищены.
OriginalFilename: WEXTRACT.EXE            .MUI
ProductName: Internet Explorer
ProductVersion: 11.00.17763.1
Translation: 0x0419 0x04b0

Doina.48991 also known as:

Elasticmalicious (high confidence)
ClamAVWin.Packed.Disabler-9987080-0
FireEyeGeneric.mg.b6b6fa6dac328e42
CAT-QuickHealTrojan.MSIL
McAfeeArtemis!F3485715FE2D
MalwarebytesGeneric.Trojan.Injector.DDS
K7AntiVirusTrojan-Downloader ( 0057994f1 )
K7GWTrojan-Downloader ( 0057994f1 )
Cybereasonmalicious.dac328
CyrenW32/KillAV.KMEF-6536
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
CynetMalicious (score: 99)
KasperskyUDS:Trojan.Win32.Zenpak.gen
NANO-AntivirusTrojan.Win32.Disabler.junsud
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
AvastWin32:TrojanX-gen [Trj]
TencentTrojan-Ransom.Win32.Stop.gen
BaiduMulti.Threats.InArchive
DrWebTrojan.Siggen19.32857
VIPRETrojan.GenericKD.65331035
TrendMicroTROJ_GEN.R002C0PBK23
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
Trapminemalicious.high.ml.score
IkarusTrojan-Downloader.Win32.Amadey
GDataGeneric.Trojan.PSEB.WGPCII
AviraTR/Disabler.ocayi
Antiy-AVLTrojan[Downloader]/Win32.Amadey
XcitiumApplicUnwnt@#1ftfc2ja2g1dd
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
ALYacGen:Variant.Doina.48991
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002C0PBK23
RisingDownloader.Amadey!8.125AC (TFE:5:HlAGNWrdXqP)
YandexTrojan.Disabler!G6z7qDxyklM
SentinelOneStatic AI – Malicious SFX
FortinetPossibleThreat
AVGWin32:TrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Doina.48991?

Doina.48991 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment