Trojan

About “Trojan:Win32/Doina!pz” infection

Malware Removal

The Trojan:Win32/Doina!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Doina!pz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Doina!pz?



File Info:

name: 36A7FA2EFFC277C04186.mlw
path: /opt/CAPEv2/storage/binaries/08bd6d5f1231714d4f1217d3e653aa7eebe51f2415608cacb5b4903cf122fbd6
crc32: FD7748D3
md5: 36a7fa2effc277c04186ad83b9d094ed
sha1: 0785dfc5d746bf39dd70a9b95a953b7930cf38e6
sha256: 08bd6d5f1231714d4f1217d3e653aa7eebe51f2415608cacb5b4903cf122fbd6
sha512: 8d6b5e5da2c3161f2530159697595086e73831cf954f5ed4599b41921c075bb1bb642d69de99540b6f89ec58a6342ffffe43d1b29e084655c62176d9ea46fbca
ssdeep: 49152:aMxmYDjD1cHvKnz3RVkAYZilATwedGeY4w1JGEPHwTvXSKVqXzNEK:/Io3RVkAYklATwYWA/X9sNEK
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T136F59D50EAD36116E0AB00B0917F6F6AA9382B241318C5F7D7C4ED3878357D276B2B97
sha3_384: 26f381181f25c277ba7e1461d50e74ee6671ab2a200990562878d6fb6b5651443e683cc392b78ceaf8c7f6964a63d424
ep_bytes: 558bec837d0c017505e821030000ff75
timestamp: 2022-08-10 08:50:06


Version Info:

CompanyName: Adobe Inc
FileDescription: Adobe Image Decode Encode Library
FileVersion: 3.0.1.51515
InternalName: AIDE
LegalCopyright: Copyright 1987 Adobe Inc. All Rights Reserved.
LegalTrademarks: Adobe ®
OriginalFilename: AIDE.dll
ProductName: AIDE 2022/08/10-12:48:20
ProductVersion: 79.b1a0722
BuildDate: 2022/08/10-12:48:20
BuildVersion: 79.b1a0722
Encryption: 128 bit
BuildType: Release
BinType: 32
BuildID: 51515
AIDE_IPID: 
Translation: 0x0409 0x04e4

Trojan:Win32/Doina!pz also known as:

BkavW32.AIDetectMalware
LionicVirus.Win32.Senoval.n!c
AVGWin32:Patched-AWW [Trj]
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Mint.Zard.5
FireEyeGen:Variant.Mint.Zard.5
SkyhighBehavesLike.Win32.Trojan.wh
ALYacGen:Variant.Mint.Zard.5
Cylanceunsafe
K7AntiVirusTrojan ( 005ab4bf1 )
AlibabaTrojan:Win32/Senoval.c78dd4da
K7GWTrojan ( 005ab4bf1 )
CrowdStrikewin/malicious_confidence_100% (W)
SymantecTrojan.Gen.6
ESET-NOD32a variant of Win32/Patched.NKM
CynetMalicious (score: 100)
KasperskyVirus.Win32.Senoval.a
BitDefenderGen:Variant.Mint.Zard.5
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
AvastWin32:Patched-AWW [Trj]
SophosW32/Patched-CD
F-SecureTrojan.TR/Patched.Gen
VIPREGen:Variant.Mint.Zard.5
EmsisoftGen:Variant.Mint.Zard.5 (B)
GDataGen:Variant.Mint.Zard.5
JiangminTrojan.Generic.hrksr
VaristW32/Patched.GQ1.gen!Eldorado
AviraTR/Patched.Gen
Antiy-AVLTrojan/Win32.Patched
KingsoftWin32.Infected.AutoInfector.a
ArcabitTrojan.Mint.Zard.5
ZoneAlarmVirus.Win32.Senoval.a
MicrosoftTrojan:Win32/Doina!pz
GoogleDetected
AhnLab-V3Malware/Win.Generic.R604241
McAfeeArtemis!36A7FA2EFFC2
MAXmalware (ai score=83)
VBA32BScope.Trojan.Meterpreter
PandaTrj/Genetic.gen
RisingTrojan.Generic@AI.100 (RDML:fCKeHBdoBHTfHCBqOZvQ0g)
IkarusTrojan.Win32.Krypt
FortinetW32/Patched.IP!tr

How to remove Trojan:Win32/Doina!pz?

Trojan:Win32/Doina!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment