Trojan

Trojan.Win64.Donut.hsg (file analysis)

Malware Removal

The Trojan.Win64.Donut.hsg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win64.Donut.hsg virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine Trojan.Win64.Donut.hsg?



File Info:

name: 55E0B67A36BC4437FC75.mlw
path: /opt/CAPEv2/storage/binaries/51638d1e338197756a6bf4b00fec31029549391efcc2286975d2166423e689fa
crc32: 6484C967
md5: 55e0b67a36bc4437fc752f0f5fbde58a
sha1: 46104e92f0fb0d929fa12e573a5c705b5d417fd1
sha256: 51638d1e338197756a6bf4b00fec31029549391efcc2286975d2166423e689fa
sha512: 901db7e553b3bd6f063baf42f3572cb3d394dc0dd782f77ed78539c88aec983fe8584931d5a0cf436d42166bf8c9bddfb939fe5b15711bc5d3b98f0a4a8a9a8a
ssdeep: 98304:sqUYE5hpGmpJmdvjz7vFmHDrPr+aIYtnVcdTtkQixiqZ72:sQE5hphfmdvLtmHj+aPnVSaF2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E01633A07BE5D8F9F09431326CC4472137E6D52C576191CBDB80448AAC2B6C1E6FE6EB
sha3_384: 5292234a09fece6c4963b6e0fcccb4bc6fa574a80287a673fc241192059cf98c168a6854891d4df7cf652f5ce16976dc
ep_bytes: 558bec6aff6860a0410068506a410064
timestamp: 2012-01-21 00:49:04


Version Info:

CompanyName: ESET
LegalCopyright: Copyright (c) ESET, spol. s r.o. 1992-2021. All rights reserved.
LegalTrademarks: NOD, NOD32, AMON, ESET are registered trademarks of ESET.
ProductName: ESET Security
FileVersion: 10.24.13.0
OriginalFilename: Bootstrapper.exe
FileDescription: ESET Live Installer
InternalName: Bootstrapper.exe
ProductVersion: 15.0.5.0
Created: 7z SFX Constructor v4.5.0.0 (http://usbtor.ru/viewtopic.php?t=798)
Builder: lolsasha123zzz@gmail.com 22:36:19 11/01/2022
Translation: 0x0000 0x04b0

Trojan.Win64.Donut.hsg also known as:

LionicTrojan.Win64.Donut.4!c
DrWebTrojan.Starter.8002
McAfeeArtemis!55E0B67A36BC
SangforTrojan.Win64.Donut.hsg
K7AntiVirusTrojan ( 0057d78e1 )
SymantecTrojan.Gen.MBT
ESET-NOD32BAT/TrojanDropper.Agent.NFZ
ClamAVWin.Trojan.Coinminer-9835184-0
KasperskyTrojan.Win64.Donut.hsg
AvastWin32:Trojan-gen
McAfee-GW-EditionArtemis
SophosMal/Generic-S
IkarusTrojan-Dropper.BAT.Agent
GDataWin32.Packed.Kryptik.95BXSG
AviraTR/Drop.Agent.lhvhw
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Malware/Win.Generic.C4518703
MalwarebytesTrojan.Dropper
AVGWin32:Trojan-gen

How to remove Trojan.Win64.Donut.hsg?

Trojan.Win64.Donut.hsg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment