Trojan

What is “Trojan.Win64.Donut.gfm”?

Malware Removal

The Trojan.Win64.Donut.gfm is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.Win64.Donut.gfm virus can do?

  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid

How to determine Trojan.Win64.Donut.gfm?


File Info:

name: 3F34BA4F49A3502FF691.mlw
path: /opt/CAPEv2/storage/binaries/43f02b70dca626753614cf06e9035d3d0f461575484b417e2523f0861693947c
crc32: 4139CC8B
md5: 3f34ba4f49a3502ff6913302dcb37cd5
sha1: 32748fba85122eccac73a916ef6f529281732b7b
sha256: 43f02b70dca626753614cf06e9035d3d0f461575484b417e2523f0861693947c
sha512: cb3d153c282b730bac10460f0dfb0d58e0211f0cdb84661289668df83e1ca171bf08eaeb0b36bbfcb6af9615a75114940ca96d8dfe4f212a24bddde1f6c34ef9
ssdeep: 196608:ZweEhvrLcH2ffBqjTMXBMKwezxkkz/boccMsjqKFsCnb:ZwZcH2XBqjTMXB1nmkz/8FsCnb
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1959623BD5144739CC41EC8348433EC45B2F61A1E47FDA9AAB1EBBED0779A424D90AF06
sha3_384: 3091891bb17231c0cf67bfd476fba5d5183a4516b710b11f79b031c2abe63be57e22e052d02f1128bfd03de20d07008d
ep_bytes: 68c1d24a63e80d177e009d6249f73432
timestamp: 1970-01-01 00:00:00

Version Info:

0: [No Data]

Trojan.Win64.Donut.gfm also known as:

LionicTrojan.Win64.Donut.4!c
FireEyeGeneric.mg.3f34ba4f49a3502f
McAfeeArtemis!3F34BA4F49A3
CylanceUnsafe
ZillyaTrojan.VMProtect.Win64.8122
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 005894081 )
AlibabaTrojan:Win64/Donut.5f49dc0a
K7GWTrojan ( 005894081 )
Cybereasonmalicious.a85122
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win64/Packed.VMProtect.NG
TrendMicro-HouseCallTROJ_GEN.R002H0CL921
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan.Win64.Donut.gfm
AvastWin64:Trojan-gen
TencentWin64.Trojan.Donut.Llrg
DrWebTrojan.Siggen16.76
McAfee-GW-EditionBehavesLike.Win64.Backdoor.rc
SentinelOneStatic AI – Suspicious PE
SophosMal/Generic-S
APEXMalicious
GDataWin32.Packed.Kryptik.7GAUL4
JiangminTrojan.Donut.wr
AviraTR/Redcap.kklfr
GridinsoftRansom.Win64.Sabsik.sa
MicrosoftProgram:Win32/Uwamson.A!ml
AhnLab-V3Malware/Win.Generic.C4817704
VBA32Trojan.Win64.Donut
IkarusPacked.Win32.Crypt
FortinetW32/PossibleThreat
AVGWin64:Trojan-gen

How to remove Trojan.Win64.Donut.gfm?

Trojan.Win64.Donut.gfm removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment