Malware

Doina.48991 removal guide

Malware Removal

The Doina.48991 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.48991 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • CAPE detected the RedLine malware family
  • Attempts to identify installed AV products by installation directory
  • Attempts to modify proxy settings
  • Appears to use command line obfuscation
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Doina.48991?



File Info:

name: 7DF48A4EE961963ECE47.mlw
path: /opt/CAPEv2/storage/binaries/a3751d6b3494e934fa2a3f40469526f03da980deb823f00c30b290a608576aa8
crc32: C1DEE70E
md5: 7df48a4ee961963ece4763f424e5a751
sha1: 233491578c83f5a1f31c90c9f77e1cf283c2ea47
sha256: a3751d6b3494e934fa2a3f40469526f03da980deb823f00c30b290a608576aa8
sha512: fe2c989353ca225bbcce34d5c7579f342d4af1eb23f9081d86d74cdee5bf1ddbd66b128851500562af18d91eb05e361ed9bf5350ef427d64a1ce024705e94018
ssdeep: 12288:fMrpy90FTgBYrEGQ7pGQee0TQ1X/6xFpav28rHniZvJQOLJZKbhB7mVlcFqJ8My:Kyq8OO7H2T8gav3rHyv5tAn7mVl9Jm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FE05230BEAFDC972D8B553B015F613D309727D905A3882A7274AAD4E0C726B4E632377
sha3_384: 71d94fc9f2cee63dd7e2b70b063bebe77941384295292d29df98e71930b7d495ebf96b0d4bbb023ff86b652179b25ae1
ep_bytes: e8f0060000e9000000006a5868b87240
timestamp: 2022-05-24 22:49:06


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Самоизвлечение CAB-файлов Win32                                           
FileVersion: 11.00.17763.1 (WinBuild.160101.0800)
InternalName: Wextract                
LegalCopyright: © Корпорация Майкрософт. Все права защищены.
OriginalFilename: WEXTRACT.EXE            .MUI
ProductName: Internet Explorer
ProductVersion: 11.00.17763.1
Translation: 0x0419 0x04b0

Doina.48991 also known as:

ClamAVWin.Packed.Disabler-9987080-0
FireEyeGeneric.mg.7df48a4ee961963e
CAT-QuickHealTrojan.MSIL
ALYacGen:Variant.Doina.48991
MalwarebytesGeneric.Trojan.Injector.DDS
VIPRETrojan.GenericKD.65331035
K7AntiVirusTrojan-Downloader ( 0057994f1 )
K7GWTrojan-Downloader ( 0057994f1 )
Cybereasonmalicious.ee9619
BaiduMulti.Threats.InArchive
CyrenW32/Agent.FRF.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32multiple detections
APEXMalicious
CynetMalicious (score: 99)
KasperskyVHO:Backdoor.MSIL.Agent.gen
NANO-AntivirusTrojan.Win32.Disabler.junsud
AvastWin32:TrojanX-gen [Trj]
TencentTrojan-Ransom.Win32.Stop.gen
DrWebTrojan.Siggen19.32857
TrendMicroTROJ_GEN.R002C0PBK23
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
Trapminemalicious.high.ml.score
SentinelOneStatic AI – Malicious SFX
GDataGeneric.Trojan.PSEB.WGPCII
AviraTR/Disabler.ocayi
Antiy-AVLTrojan[Downloader]/Win32.Amadey
XcitiumApplicUnwnt@#1ftfc2ja2g1dd
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
MicrosoftTrojan:Script/Phonzy.A!ml
GoogleDetected
McAfeeArtemis!7E93BACBBC33
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002C0PBK23
RisingDownloader.Amadey!8.125AC (TFE:5:HlAGNWrdXqP)
IkarusTrojan-Downloader.Win32.Amadey
FortinetPossibleThreat
AVGWin32:TrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Doina.48991?

Doina.48991 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment