Categories: Malware

Doina.58676 (file analysis)

The Doina.58676 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Doina.58676 virus can do?

A file was accessed within the Public folder.
HTTPS urls from behavior.
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid
Attempts to modify proxy settings
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Doina.58676?


File Info:
name: 1C4DB77738FFB3C2E078.mlwpath: /opt/CAPEv2/storage/binaries/ae95086632dfe12eedbe82a7253e84fec10b40a1021be8e2816ec2903887cb0ccrc32: 41E68C8Fmd5: 1c4db77738ffb3c2e07830e3af1bb10esha1: d9f2719de3f5b02f83f5a02a037faa9a53c23048sha256: ae95086632dfe12eedbe82a7253e84fec10b40a1021be8e2816ec2903887cb0csha512: c62058a6dd85da5dedbe6b3dfac767fcade498c7cb992f8bc30e78bb03b301de175add70494900f6fc91d1bbb740280448fc2b28c5a2140b09bcb65dcb9a3732ssdeep: 49152:OoCoEbVLNoEF4q6PiCCEJ6u51DagzQh+h6s0eTxdK/gfIoGo7HnOlqM:3EbVLNN4q6PgEJ6u51DagzQh8NfTx+Y+type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T180857E31369094BAC2323970975EB3F9F3BDA9704A79424727904F3D2A744D369287AFsha3_384: 30c18f1192b6b2f6299fd1936016989b210662cbfe96a5bcb66f1b5e91cf576ad9c9acd2a9d2e08fe762782e814281d2ep_bytes: e873a80000e989feffff8bff558bec53timestamp: 2023-05-13 11:22:36
Version Info:
FileVersion: 1.0.1.5ProductVersion: 1.0.1.5Translation: 0x0804 0x04b0

Doina.58676 also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Agent.Y!c
MicroWorld-eScan	Gen:Variant.Doina.58676
FireEye	Generic.mg.1c4db77738ffb3c2
ALYac	Gen:Variant.Doina.58676
Cylance	unsafe
Sangfor	Downloader.Win32.Agent.Vhmw
K7AntiVirus	Trojan-Downloader ( 005a58d91 )
Alibaba	TrojanDownloader:Win32/DropperX.864ab0a4
K7GW	Trojan-Downloader ( 005a58d91 )
BitDefenderTheta	Gen:NN.ZexaE.36318.Sv0@a8nN9Ibj
Cyren	W32/ABRisk.WVKF-7838
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/TrojanDownloader.Agent.GWV
APEX	Malicious
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Trojan-Dropper.Win32.Agent.gen
BitDefender	Gen:Variant.Doina.58676
Avast	Win32:DropperX-gen [Drp]
Tencent	Malware.Win32.Gencirc.11a09dbf
Emsisoft	Gen:Variant.Doina.58676 (B)
F-Secure	Trojan.TR/Dldr.Agent.poten
VIPRE	Gen:Variant.Doina.58676
TrendMicro	TROJ_GEN.R002C0XEQ23
McAfee-GW-Edition	BehavesLike.Win32.Dropper.th
Sophos	Mal/Generic-S
GData	Gen:Variant.Doina.58676
Avira	TR/Dldr.Agent.poten
Antiy-AVL	Trojan[Downloader]/Win32.Agent
Arcabit	Trojan.Doina.DE534
ZoneAlarm	HEUR:Trojan-Dropper.Win32.Agent.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5433456
McAfee	Artemis!1C4DB77738FF
MAX	malware (ai score=80)
Malwarebytes	Generic.Malware/Suspicious
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002C0XEQ23
Rising	Trojan.Generic@AI.93 (RDML:St+b0b/DxPVTmdFgZTJSyg)
Yandex	Trojan.DL.Agent!E/aK6AetqL0
MaxSecure	Trojan.Malware.12026031.susgen
Fortinet	W32/Agent.GWV!tr.dldr
AVG	Win32:DropperX-gen [Drp]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)