Trojan

How to remove “Trojan.Win64.Donut.gew”?

Malware Removal

The Trojan.Win64.Donut.gew is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.Win64.Donut.gew virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the EnigmaStub malware family
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Trojan.Win64.Donut.gew?


File Info:

name: E08074A492F8A37DBD78.mlw
path: /opt/CAPEv2/storage/binaries/1b3a6c95d298ee5fda6abecde6254e165bce585fb4e7c2df71b62f249a029ba1
crc32: 7D3A387C
md5: e08074a492f8a37dbd7826f88b4f1144
sha1: 0ac40f0fc827329dd5a970eaf9acf12429ff2135
sha256: 1b3a6c95d298ee5fda6abecde6254e165bce585fb4e7c2df71b62f249a029ba1
sha512: 5e8d3b6cc8ccd5c0006ccdd7876e4c722b0f4a86820b0cc5c527eb93ebc7df4db0351c43d060ef423eb0c5aef52e1ff4f4a442bd2dbcff8146d3bd1725c1f614
ssdeep: 98304:lYMxDTOJse208dVUZ11GNEz9xKOri8u+h3s2HDhm+LRUw9DA2:mMxDTQsekVUZnoEz9xKoi893s2HDTRnb
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T14F3633596A9CB6EAEA8BF6B235BFC04BC6275343F2D68463D3B413FD161A0410D5F089
sha3_384: db83d9d6c4b72b5d2324ab32056a12ed8bf5b687f66a84a0829effce5f0226471d5b98f66955e301a7339dd87b594149
ep_bytes: eb080066230000000000505152535556
timestamp: 1970-01-01 00:00:00

Version Info:

CompanyName: Google Inc.
FileTitle: chrome.exe
FileDescription: Google Chrome
FileVersion: 70,0,3538,110
LegalCopyright: Copyright 2017 Google Inc. All rights reserved.
LegalTrademark:
ProductName: Google Chrome
ProductVersion: 70,0,3538,110
Translation: 0x0409 0x04b0

Trojan.Win64.Donut.gew also known as:

LionicTrojan.MSIL.Inject.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Inject4.21523
MicroWorld-eScanTrojan.GenericKDZ.80635
FireEyeGeneric.mg.e08074a492f8a37d
McAfeeArtemis!E08074A492F8
CylanceUnsafe
ZillyaTrojan.Enigma.Win64.168
K7AntiVirusTrojan ( 005823691 )
AlibabaTrojan:Win64/Donut.08ab4b39
K7GWTrojan ( 005823691 )
CyrenW64/Enigma.CLIB-2337
SymantecTrojan.Gen.6
ESET-NOD32a variant of Win64/Packed.Enigma.BV
TrendMicro-HouseCallTROJ_GEN.R011C0DL921
Paloaltogeneric.ml
KasperskyTrojan.Win64.Donut.gew
BitDefenderTrojan.GenericKDZ.80635
AvastWin64:Trojan-gen
TencentWin64.Trojan.Donut.Aihk
Ad-AwareTrojan.GenericKDZ.80635
TrendMicroTROJ_GEN.R011C0DL921
EmsisoftTrojan.GenericKDZ.80635 (B)
IkarusTrojan.Win64.Enigma
GDataTrojan.GenericKDZ.80635
AviraTR/Redcap.erwxp
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASMalwS.34E802E
GridinsoftRansom.Win64.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Trojan-gen.R457830
VBA32Trojan.MSIL.Inject
ALYacTrojan.GenericKDZ.80635
MalwarebytesTrojan.MalPack.Themida
APEXMalicious
YandexTrojan.Igent.bXcQFg.2
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/PossibleThreat
AVGWin64:Trojan-gen
PandaTrj/CI.A

How to remove Trojan.Win64.Donut.gew?

Trojan.Win64.Donut.gew removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment