Trojan

About “TrojanDownloader:Win32/Dofoil!pz” infection

Malware Removal

The TrojanDownloader:Win32/Dofoil!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Dofoil!pz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded win api malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine TrojanDownloader:Win32/Dofoil!pz?



File Info:

name: 26E9B53A0881CE5C745C.mlw
path: /opt/CAPEv2/storage/binaries/892c74bfe242900da18dfa939345ade1df7ad4a2fe178b50dbd6587889cff97c
crc32: 8AF6D6F9
md5: 26e9b53a0881ce5c745c7ab624ca3d1e
sha1: 8b08833a3015539ffcf9717892194b1b265f4413
sha256: 892c74bfe242900da18dfa939345ade1df7ad4a2fe178b50dbd6587889cff97c
sha512: ac555db385bedc0db31607e4d968b0426f03a82a960bd197c4bed443d804a55d7ce58ed145208d0e70d0163c7260a849a15e07ece210d9070673c04eccf2e578
ssdeep: 6144:ZCE6fmUQJ531nIUliViSZbLhaZfvMlLXICgc:z6MOUMBQf0ljWc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18C84F927A489A2B6F4F34CB2164FA2B2A1715B301719D643B60CDF6AE7703D1A5243DF
sha3_384: dd6430b0f61d612122d985baba3aec1a0a78d416fdabb8bbc3c87c949177e4069a4a5d995c6e73aa2d4539991128acda
ep_bytes: e88a120000e950feffffcccccccc9055
timestamp: 1993-07-29 09:59:49


Version Info:

CompanyName: Microsoft Corporation
FileDescription: PANOSE(tm) Font Mapper
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName: PANMAP
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: PANMAP.DLL
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7600.16385
Translation: 0x0409 0x04b0

TrojanDownloader:Win32/Dofoil!pz also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.433908
ClamAVWin.Trojan.Tinba-6169133-0
FireEyeGeneric.mg.26e9b53a0881ce5c
CAT-QuickHealBackdoor.Hupigon.18637
SkyhighBehavesLike.Win32.Virut.fh
McAfeeGenericRXMP-SW!26E9B53A0881
MalwarebytesCrypt.Trojan.Malicious.DDS
VIPREGen:Variant.Zusy.433908
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
VirITTrojan.Win32.Tinba.FS
SymantecSMG.Heur!gen
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.DGEY
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Tinba.pef
BitDefenderGen:Variant.Zusy.433908
NANO-AntivirusTrojan.Win32.Tinba.erausx
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
AvastWin32:Crypt-SAF [Trj]
TencentTrojan.Win32.Tinba.fa
SophosMal/Vawtrak-H
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.DownLoader46.50608
TrendMicroTROJ_TINBA.SMALY
EmsisoftGen:Variant.Zusy.433908 (B)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.105SOSL
JiangminTrojan.Generic.dsitt
WebrootW32.Trojan.Gen
GoogleDetected
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=80)
Antiy-AVLGrayWare/Win32.Generic
Kingsoftmalware.kb.a.1000
XcitiumTrojWare.Win32.Tinba.BE@6ujvp3
ArcabitTrojan.Zusy.D69EF4
ZoneAlarmHEUR:Trojan.Win32.Tinba.pef
MicrosoftTrojanDownloader:Win32/Dofoil!pz
VaristW32/Agent.BGEW-7875
Acronissuspicious
BitDefenderThetaAI:Packer.A96FFF4F1F
ALYacGen:Variant.Zusy.433908
VBA32Malware-Cryptor.Limpopo
Cylanceunsafe
ZonerTrojan.Win32.71284
TrendMicro-HouseCallTROJ_TINBA.SMALY
RisingSpyware.Tinba!1.AE6E (CLASSIC)
YandexTrojan.GenAsa!a8Y7Wxsq32E
IkarusTrojan.Win32.Crypt
FortinetW32/Tinba.BE!tr
AVGWin32:Crypt-SAF [Trj]
Cybereasonmalicious.a30155
DeepInstinctMALICIOUS

How to remove TrojanDownloader:Win32/Dofoil!pz?

TrojanDownloader:Win32/Dofoil!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment