Malware

About “Doina.69082” infection

Malware Removal

The Doina.69082 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.69082 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Uses Windows utilities for basic functionality
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Deletes executed files from disk
  • Attempts to disable UAC
  • Attempts to modify Explorer settings to prevent file extensions from being displayed
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Uses suspicious command line tools or Windows utilities

How to determine Doina.69082?



File Info:

name: D6B1B7CC0C97DE4309F8.mlw
path: /opt/CAPEv2/storage/binaries/805895a98cc61b605017ef5caca6d43973ecb8d1e5eec321076047d45af2d079
crc32: A8E45DF9
md5: d6b1b7cc0c97de4309f8965398208603
sha1: 9ee73f795ad05ad6cfd9e0786f4e9352620e9c23
sha256: 805895a98cc61b605017ef5caca6d43973ecb8d1e5eec321076047d45af2d079
sha512: 8555767994114568f4ea532c7c86cba076ab993c479d7b4300e133a7ae6011eb99d188ed0d8c8f8cd2c481ebfcdd8e3af64672e1c91756b4824f65027074122b
ssdeep: 12288:47T2R8gmG13hTyC4ixOzUpAS/VBpU7/0ZWfJx0byAL4fiT64yteAaT:4HRgmCeC7xyUqSNBpC0ohx0bygnxyM9T
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T149D4234AF45391E0F8B84874445BA29926FA54CB85B279EC4DEFDBE810763F9323431B
sha3_384: a5c2ced85ab79e75aef959bb6dd6eb746d9568cb6154e60d12ce5c8ec4cd9353658b6df866db02b283f0b1d0df41070b
ep_bytes: 60be001043008dbe0000fdff57eb0b90
timestamp: 2015-01-06 00:36:08


Version Info:

0: [No Data]

Doina.69082 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.VirLock.4!c
DrWebWin32.VirLock.10
MicroWorld-eScanGen:Variant.Doina.69082
FireEyeGeneric.mg.d6b1b7cc0c97de43
CAT-QuickHealWin95.SK
SkyhighBehavesLike.Win32.VirRansom.hc
ALYacGen:Variant.Doina.69082
Cylanceunsafe
SangforTrojan.Win32.Save.a
K7AntiVirusVirus ( 005662d71 )
K7GWVirus ( 005662d71 )
Cybereasonmalicious.c0c97d
BitDefenderThetaAI:Packer.E060438C1F
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Virlock.D
APEXMalicious
KasperskyUDS:Trojan-Ransom.Win32.PolyRansom
BitDefenderGen:Variant.Doina.69082
NANO-AntivirusVirus.Win32.Gen.ccmw
AvastWin32:VirLock-B [Trj]
TACHYONVirus/W32.VirRansom
EmsisoftGen:Variant.Doina.69082 (B)
GoogleDetected
F-SecureTrojan.TR/Crypt.XPACK.Gen
VIPREGen:Variant.Doina.69082
Trapminemalicious.high.ml.score
SophosW32/VirRnsm-C
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.ezwgz
VaristW32/Virlock.N.gen!Eldorado
AviraTR/Crypt.XPACK.Gen
Kingsoftmalware.kb.b.952
MicrosoftVirus:Win32/Nabucur.A
ArcabitTrojan.Doina.D10DDA
GDataGen:Variant.Doina.69082
CynetMalicious (score: 100)
Acronissuspicious
McAfeeArtemis!D6B1B7CC0C97
MAXmalware (ai score=82)
VBA32Win32.Trojan.Dropper.Heur
MalwarebytesGeneric.Malware.AI.DDS
RisingTrojan.Generic@AI.100 (RDML:7VgOLaLfLKOMHf8DT8BHFQ)
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Virlock.D
AVGWin32:VirLock-B [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Doina.69082?

Doina.69082 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment