Malware

Doina.63197 (file analysis)

Malware Removal

The Doina.63197 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.63197 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Doina.63197?



File Info:

name: 54580BF4D931B7D46D17.mlw
path: /opt/CAPEv2/storage/binaries/7b9b615ee3bbc425f270a5123d575fb550be3ae2ad03a48541961f4a590d9a32
crc32: C36AD94A
md5: 54580bf4d931b7d46d170e13d4d29cc2
sha1: b798ccf65bfa934e92a4974d7cedf695b08f49aa
sha256: 7b9b615ee3bbc425f270a5123d575fb550be3ae2ad03a48541961f4a590d9a32
sha512: 17e0f35caf25f5eac74c4e5cbd4e1ffe7bb0df643308a864c5a19b234e81a67f003a26546b9511a021d299d2006a860fafbd37c2e4fc65c34588eafaeca323b7
ssdeep: 12288:aJ6ULaaeA9NdCawI4Txv9A6Jjd75byJ4ogI+YLOa6:aJ6BhmGawpT7A6dboRnOa6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13B94E0B271C0D831C9267430A679CB602A737D7EE5E0844F67E83A7D3F766E1061968E
sha3_384: 3f07dbe0606790cbef134021d360701b53ccce07f289e4682f637b08cf13ca7ec606ec074ec69ef034c1263b5b031b19
ep_bytes: e80bbb0000e989feffff8bff558bec83
timestamp: 2019-12-11 02:53:14


Version Info:

CompanyName: Oracle Corporation
FileDescription: Java(TM) Platform SE binary
FileVersion: 8.0.2410.7
Full Version: 1.8.0_241-b07
InternalName: javaw
LegalCopyright: Copyright © 2019
OriginalFilename: javaw.exe
ProductName: Java(TM) Platform SE 8
ProductVersion: 8.0.2410.7
Translation: 0x0000 0x04b0

Doina.63197 also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Doina.63197
FireEyeGeneric.mg.54580bf4d931b7d4
ALYacGen:Variant.Doina.63197
Cylanceunsafe
VIPREGen:Variant.Doina.63197
SangforTrojan.Win32.Save.a
Cybereasonmalicious.65bfa9
ESET-NOD32a variant of Win32/Patched.IP
APEXMalicious
KasperskyHEUR:Backdoor.Win32.Convagent.gen
BitDefenderGen:Variant.Doina.63197
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
EmsisoftGen:Variant.Doina.63197 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.gc
GDataGen:Variant.Doina.63197
ArcabitTrojan.Doina.DF6DD
ZoneAlarmHEUR:Backdoor.Win32.Convagent.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Malware/Win.Generic.R603328
MAXmalware (ai score=87)
IkarusVirus.Win32.Expiro
BitDefenderThetaGen:NN.ZexaF.36662.Au0@aSHsgQk
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Doina.63197?

Doina.63197 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment