Backdoor

What is “Backdoor:Win32/GraceWire.D!dha”?

Malware Removal

The Backdoor:Win32/GraceWire.D!dha is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor:Win32/GraceWire.D!dha virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Binary file triggered YARA rule
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/GraceWire.D!dha?


File Info:

name: 56A4867B22BD6453F34B.mlw
path: /opt/CAPEv2/storage/binaries/41d63316a28bb5d205bdddc2b28b5c75bf4b4030fd1e59e2aa0fa6861b654bd1
crc32: 17B11B25
md5: 56a4867b22bd6453f34b4e2fa1864a98
sha1: 2cd1c40c956c1aafb99595e730423ce2b0a0284e
sha256: 41d63316a28bb5d205bdddc2b28b5c75bf4b4030fd1e59e2aa0fa6861b654bd1
sha512: f4eddc8d768716175b487d82ef331532860a41fdf0eafaf2217dd1c41cfc91fdb6522b5023518b2308096c854a0b1ef778ed996add6e01f236ef1cd06a84505e
ssdeep: 12288:jKMokyvDCqOfhurC9+vKXKsOgbdi2TyE4Ri251vXJFRFhepNL3p/u0DpPjkjBDZP:jKeybCqO0eJK/Ei2TyBRi251vXJFRFhe
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T115A4AE003351C9B2E1D141750AF8EEBE587C5AF02B6F88DBEBC98EAD55241E12B34B57
sha3_384: 022bfa170cf4c38411b0d9bad3266c36e9882c3bce928b0c0ba21af492765171d5473284d45f5d9c6309da69c4251951
ep_bytes: e8f3020000e98efeffff558beceb1fff
timestamp: 2017-11-20 18:54:59

Version Info:

0: [No Data]

Backdoor:Win32/GraceWire.D!dha also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Agent.GFAO
FireEyeGeneric.mg.56a4867b22bd6453
ALYacTrojan.Agent.GFAO
Cylanceunsafe
ZillyaTrojan.RA.Win32.185
SangforBackdoor.Win32.Flawedgrace.V79q
AlibabaBackdoor:Win32/GraceWire.a993a33d
K7GWTrojan ( 0050081e1 )
K7AntiVirusTrojan ( 0050081e1 )
BitDefenderThetaGen:NN.ZexaF.36804.ByW@aq0ryThi
SymantecTrojan.WatermWiper
ESET-NOD32a variant of Win32/FlawedGrace.A
APEXMalicious
AvastWin32:BackdoorX-gen [Trj]
KasperskyHEUR:Backdoor.Win32.FlawedGrace.b.gen
BitDefenderTrojan.Agent.GFAO
NANO-AntivirusTrojan.Win32.RAbased.fikypt
TencentMalware.Win32.Gencirc.10bf9ce3
EmsisoftTrojan.Agent.GFAO (B)
F-SecureHeuristic.HEUR/AGEN.1319251
DrWebBackDoor.Siggen2.2551
VIPRETrojan.Agent.GFAO
TrendMicroTROJ_GEN.R002C0DAU24
SophosGeneric Reputation PUA (PUA)
MAXmalware (ai score=80)
JiangminAdWare.Generic.qljo
GoogleDetected
AviraHEUR/AGEN.1319251
VaristW32/ABTrojan.WMYD-1826
Antiy-AVLTrojan/Win32.RA-based
Kingsoftmalware.kb.a.999
MicrosoftBackdoor:Win32/GraceWire.D!dha
ArcabitTrojan.Agent.GFAO
ZoneAlarmHEUR:Backdoor.Win32.FlawedGrace.b.gen
GDataTrojan.Agent.GFAO
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.FlawedGrace.C2772624
McAfeeGenericRXAA-FA!56A4867B22BD
VBA32Backdoor.FlawedGrace
MalwarebytesMalware.AI.4144483519
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002C0DAU24
RisingTrojan.RA-based!8.80 (TFE:5:uJD1lmpRSzV)
YandexTrojan.GenAsa!LAjkqnLRyRM
IkarusTrojan.Win32.RA
MaxSecureTrojan.Malware.74064600.susgen
FortinetW32/FlawedGrace.A!tr
AVGWin32:BackdoorX-gen [Trj]
DeepInstinctMALICIOUS
alibabacloudTrojan.Win.UnkAgent

How to remove Backdoor:Win32/GraceWire.D!dha?

Backdoor:Win32/GraceWire.D!dha removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment