Malware

About “Doina.7734 (B)” infection

Malware Removal

The Doina.7734 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.7734 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Deletes its original binary from disk
  • Created a process from a suspicious location
  • Attempts to modify proxy settings

How to determine Doina.7734 (B)?



File Info:

name: 024F846AD245D8E149FA.mlw
path: /opt/CAPEv2/storage/binaries/d0cc969578fd7071a1d7d1eb84846854d1961d77a2bf282ab9fbdf73a549de23
crc32: EEEDEE77
md5: 024f846ad245d8e149fa52c74dd5966c
sha1: c34921244720f384bb79940de768e80955f60082
sha256: d0cc969578fd7071a1d7d1eb84846854d1961d77a2bf282ab9fbdf73a549de23
sha512: a090eb1f22a924ec8a72a16aba3ed6bc3fa4fd39e6fae4fb08264ea84dd1dceb20960b742f2df5c330d9c25b40cf38137d8763f0d2eb3059e17c7e40d732d1ad
ssdeep: 98304:jDeJwxVKo0rbRZG4+t7eYzRvBRk533VSX8:0wJ0hk4meYzRvBR0l
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16706F201F3828072D7261A3008E6D7799A34BF461A21C7CBA7E4FE79AD73191973A35D
sha3_384: 18050c0773a7312654242162992ac8e74c37d827d66fdd35052b1dc3923a8d852afa4161117e930344d446f803638b94
ep_bytes: 558bec6aff68f8c176006864034b0064
timestamp: 2021-07-08 08:30:20


Version Info:

FileVersion: 10.18.1.0
FileDescription: MySkin LOL
ProductName: MySkin
ProductVersion: 10.18.1.0
CompanyName: sky
LegalCopyright: sky的版权所有
Comments: MySkin LOL
Translation: 0x0804 0x04b0

Doina.7734 (B) also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.StartPage1.59770
MicroWorld-eScanGen:Variant.Doina.7734
FireEyeGeneric.mg.024f846ad245d8e1
ALYacGen:Variant.Doina.7734
CylanceUnsafe
ZillyaTrojan.Bingoml.Win32.4808
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005246d51 )
AlibabaTrojan:Win32/Bingoml.8bfa006a
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.44720f
BitDefenderThetaGen:NN.ZexaF.34084.Ot2@aeP@lsgb
CyrenW32/Trojan.CLL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Bulz-9889678-0
KasperskyHEUR:Trojan.Win32.Bingoml.gen
BitDefenderGen:Variant.Doina.7734
NANO-AntivirusTrojan.Win32.Bingoml.ixktzi
AvastWin32:MiscX-gen [PUP]
Ad-AwareGen:Variant.Doina.7734
SophosMal/Agent-AVP
ComodoWorm.Win32.Dropper.RA@1qraug
TrendMicroTROJ_GEN.R003C0RL521
McAfee-GW-EditionBehavesLike.Win32.Trojan.wc
EmsisoftGen:Variant.Doina.7734 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Bingoml.axd
AviraTR/Spy.Gen3
Antiy-AVLTrojan/Generic.ASCommon.FA
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataWin32.Trojan.PSE.12FI8JT
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R429599
Acronissuspicious
McAfeeGenericRXAA-AA!024F846AD245
MAXmalware (ai score=82)
VBA32BScope.Trojan.StartPage
MalwarebytesTrojan.MalPack.FlyStudio
TrendMicro-HouseCallTROJ_GEN.R003C0RL521
YandexTrojan.Bingoml!P/jznNdJyms
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.65CA!tr
AVGWin32:MiscX-gen [PUP]
PandaTrj/GdSda.A

How to remove Doina.7734 (B)?

Doina.7734 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment