Malware

Should I remove “Doina.48991”?

Malware Removal

The Doina.48991 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.48991 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • CAPE detected the RedLine malware family
  • Attempts to identify installed AV products by installation directory
  • Attempts to modify proxy settings
  • Appears to use command line obfuscation
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Doina.48991?



File Info:

name: 8DBF9ECAA2A685CB9982.mlw
path: /opt/CAPEv2/storage/binaries/402901181c0f5a29a7c3170e32b425e1d60173867facf4e72f926b3d2106bb7c
crc32: D6601D23
md5: 8dbf9ecaa2a685cb998247420c03a80f
sha1: 6985e3637d198fe6b47ce560109cd27ec8aea4fd
sha256: 402901181c0f5a29a7c3170e32b425e1d60173867facf4e72f926b3d2106bb7c
sha512: 6942ddb15b589b6167ec2db8840e6bae9822f394c98dc22a066613694eaa4db9ed560ae75feda984397cea025f8a9cf8c7bf46ef14abd9bc49b391fc5de6418e
ssdeep: 12288:SMrey90QU/hxJQ9/4i3nNG9V4hLko9E5XK0d70t1P2z6dn7czqR8B1BrnKG:0y58hxJ279koQKi0ttlJw9nnN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15DD41217B6ED8433D87847B019F602D30A36BD515B38935B674FAC6E1C72AB0A23136B
sha3_384: ee892e865c4a31fdddd838af0a503379524dddc01b2c138a5c6f9fe2592969f3c98e847016dd81c6222b0566b15e84d2
ep_bytes: e8f0060000e9000000006a5868b87240
timestamp: 2022-05-24 22:49:06


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Самоизвлечение CAB-файлов Win32                                           
FileVersion: 11.00.17763.1 (WinBuild.160101.0800)
InternalName: Wextract                
LegalCopyright: © Корпорация Майкрософт. Все права защищены.
OriginalFilename: WEXTRACT.EXE            .MUI
ProductName: Internet Explorer
ProductVersion: 11.00.17763.1
Translation: 0x0419 0x04b0

Doina.48991 also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Siggen19.32857
FireEyeGeneric.mg.8dbf9ecaa2a685cb
CAT-QuickHealTrojan.Amadey
ALYacGen:Variant.Doina.48991
MalwarebytesGeneric.Trojan.Injector.DDS
K7AntiVirusTrojan-Downloader ( 0057994f1 )
K7GWTrojan-Downloader ( 0057994f1 )
CrowdStrikewin/malicious_confidence_70% (D)
CyrenW32/KillAV.KMEF-6536
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
ClamAVWin.Packed.Disabler-9987080-0
KasperskyUDS:Trojan-Spy.Win32.Stealer.gen
NANO-AntivirusTrojan.Win32.Nekark.jusmlw
AvastWin32:TrojanX-gen [Trj]
TencentTrojan.MSIL.Agent.hg
VIPRETrojan.GenericKD.65331035
TrendMicroRansom.Win32.STOP.SMYXDBTB.hp
Trapminemalicious.moderate.ml.score
SentinelOneStatic AI – Malicious SFX
GDataWin32.Trojan.PSE.1MQ6JJ9
GoogleDetected
AviraTR/AD.Nekark.pvdhm
Antiy-AVLTrojan[Downloader]/Win32.Amadey
SUPERAntiSpywareTrojan.Agent/Gen-Crypt
MicrosoftTrojan:Script/Phonzy.A!ml
CynetMalicious (score: 99)
McAfeeArtemis!2A208E540D5A
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002C0DBP23
RisingDownloader.Amadey!8.125AC (TFE:5:yPwj9I12RHS)
YandexTrojan.Disabler!G6z7qDxyklM
IkarusTrojan-Downloader.Win32.Amadey
FortinetMSIL/Disabler.DR!tr
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.aa2a68

How to remove Doina.48991?

Doina.48991 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment