Categories: Malware

Win32/Injector.DOOQ (file analysis)

The Win32/Injector.DOOQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.DOOQ virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
The binary likely contains encrypted or compressed data.
Deletes its original binary from disk
Executed a process and injected code into it, probably while unpacking
Steals private information from local Internet browsers
Installs itself for autorun at Windows startup
Spoofs its process name and/or associated pathname to appear as a legitimate process
Creates a hidden or system file
Harvests credentials from local FTP client softwares
Harvests information related to installed instant messenger clients
Harvests information related to installed mail clients
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

nckyosl.ks.ua

How to determine Win32/Injector.DOOQ?


File Info:
crc32: 3F919775md5: a53040bc85b7a52fc9f0e917b75cd8abname: A53040BC85B7A52FC9F0E917B75CD8AB.mlwsha1: 66cfdbe81c2f6490aa0b8de55d8d41377be6f61csha256: dd68ddb0afa4a3c50e527a3fd558c79dc71771129a0a9533892957558d469890sha512: 6f5f88e24db0268baa7349584763a9ac9d485ed6e04be257a3610e70a6cc48d112ca2db1bf3a4aba125db86947012bdd88b17d077568212f235ee9b3bccc9017ssdeep: 6144:JR12jCBCP6EDJ/g18MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM:4sU6EDJ/gtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
Translation: 0x0409 0x04b0LegalCopyright: stEllar InformaTIon SYStems ltd h vpn  InternalName: MegaweberFileVersion: 5.06.0006CompanyName: peerblOCK, llc    ProductName: uvnc BvBaProductVersion: 5.06.0006OriginalFilename: Megaweber.exe

Win32/Injector.DOOQ also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.PonyStealer.um0@cOakdloi
FireEye	Generic.mg.a53040bc85b7a52f
McAfee	Packed-KK!A53040BC85B7
Cylance	Unsafe
Zillya	Trojan.naKocTb.Win32.511
Sangfor	Malware
K7AntiVirus	Trojan ( 0050d46c1 )
BitDefender	Gen:Heur.PonyStealer.um0@cOakdloi
K7GW	Trojan ( 0050d46c1 )
Cybereason	malicious.c85b7a
Cyren	W32/Gosys.C.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Trojan.Win32.Agentb.inac
NANO-Antivirus	Trojan.Win32.NaKocTb.eowtmw
AegisLab	Trojan.Win32.naKocTb.4!c
Ad-Aware	Gen:Heur.PonyStealer.um0@cOakdloi
Emsisoft	Gen:Heur.PonyStealer.um0@cOakdloi (B)
Comodo	Malware@#29qmoqs9volww
F-Secure	Heuristic.HEUR/AGEN.1112815
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TSPY_HPFAREIT.SME
McAfee-GW-Edition	Packed-KK!A53040BC85B7
Sophos	ML/PE-A + Mal/FareitVB-I
SentinelOne	Static AI – Malicious PE
Avira	HEUR/AGEN.1112815
MAX	malware (ai score=89)
Antiy-AVL	Trojan/Win32.NaKocTb
Microsoft	VirTool:Win32/VBInject.OT!bit
Arcabit	Trojan.PonyStealer.E841CC
ZoneAlarm	Trojan.Win32.Agentb.inac
GData	Gen:Heur.PonyStealer.um0@cOakdloi
Cynet	Malicious (score: 100)
AhnLab-V3	Win-Trojan/VBKrypt.RP.X1764
BitDefenderTheta	Gen:NN.ZevbaF.34804.um0@aOakdloi
ALYac	Gen:Heur.PonyStealer.um0@cOakdloi
VBA32	Backdoor.Androm
Malwarebytes	MachineLearning/Anomalous.100%
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Injector.DOOQ
TrendMicro-HouseCall	TSPY_HPFAREIT.SME
Yandex	Trojan.naKocTb!fwWBmuhFE54
Ikarus	Trojan.Win32.Injector
Fortinet	W32/GenKryptik.AFGL!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (D)
Qihoo-360	Win32/Trojan.545