Malware

About “Doina.63197 (B)” infection

Malware Removal

The Doina.63197 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.63197 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Doina.63197 (B)?



File Info:

name: 2DAA7440134FCA4194EA.mlw
path: /opt/CAPEv2/storage/binaries/c938bd13db64b8f964a7c32398957f0fae1b5ef91cc3bca640cc60917aace5c9
crc32: 38233A33
md5: 2daa7440134fca4194ea3850a48dc53e
sha1: 31ea0b71b26acee71fdf3f9f8a8fa4e7e5451f73
sha256: c938bd13db64b8f964a7c32398957f0fae1b5ef91cc3bca640cc60917aace5c9
sha512: 6a8009516026560644dad72ff7c27eed71434adae69cdd6fa2f4686d2bf7cc6e08be7c5d93c7ae52317e063b1ce9db96d35631e384542cca6023419ed876691f
ssdeep: 6144:4RWdDLzrf9jc53fN369GfUn8ivDj8vOZmD3RNO04SRGVLl:hdfzr1MfU8Mj8vmiNO1SRGJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19664E017378345B2C2E7037F8DE4B3A6D186A8788F386BE33359274F251416DCE9A649
sha3_384: 3c5095c29be0733b7cef250fdc408d0bfd7d7bd527f53bcdb0c72b4ce3048162e1fbbfdda28762e5f67c33cb7c2809d6
ep_bytes: e84af2ffffe949feffffff2588c14000
timestamp: 2016-12-24 02:02:55


Version Info:

CompanyName: Adobe Systems Incorporated
FileDescription: Eula display
FileVersion: 15.23.20053.211670
InternalName: Eula.exe
LegalCopyright: Copyright 2010-2017 Adobe Systems Incorporated.  All rights reserved.
OriginalFilename: Eula.exe
ProductName: EULA
ProductVersion: 15.23.20053.211670
Translation: 0x0409 0x04e4

Doina.63197 (B) also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanGen:Variant.Doina.63197
FireEyeGeneric.mg.2daa7440134fca41
Cybereasonmalicious.1b26ac
BitDefenderThetaGen:NN.ZexaE.36662.su0@a0PRb0bi
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Patched.IP
CynetMalicious (score: 100)
KasperskyVHO:Trojan-Ransom.Win32.Convagent.gen
BitDefenderGen:Variant.Doina.63197
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
AvastWin32:TrojanX-gen [Trj]
EmsisoftGen:Variant.Doina.63197 (B)
VIPREGen:Variant.Doina.63197
Trapminemalicious.high.ml.score
IkarusVirus.Win32.CTX
GDataGen:Variant.Doina.63197
MAXmalware (ai score=89)
Antiy-AVLTrojan/Win32.Patched
ArcabitTrojan.Doina.DF6DD
ZoneAlarmVHO:Trojan-Ransom.Win32.Convagent.gen
MicrosoftTrojan:Win32/Sabsik.RD.A!ml
GoogleDetected
AhnLab-V3Malware/Win.Generic.R603636
Cylanceunsafe
APEXMalicious
AVGWin32:TrojanX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Doina.63197 (B)?

Doina.63197 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment