Backdoor

What is “Backdoor:Win32/GwGirl.A”?

Malware Removal

The Backdoor:Win32/GwGirl.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/GwGirl.A virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Backdoor:Win32/GwGirl.A?



File Info:

name: 80BFDE379978AE881F06.mlw
path: /opt/CAPEv2/storage/binaries/2de765cc74216171cce6c694191dba0346aa38e6d496cbbf4eb6e775d3c32208
crc32: 8478B378
md5: 80bfde379978ae881f062e50d58e1920
sha1: cfe084f77bf3f7b6b35e0848a5f472906b0982c0
sha256: 2de765cc74216171cce6c694191dba0346aa38e6d496cbbf4eb6e775d3c32208
sha512: ec4d7081a146fddae52f1e8cc5d6145a5799f2cd434b96b97ef9f6c797514efa080fc54dd14b0497d0a21b631922233f6677693a413586cb1a7aee131385be45
ssdeep: 6144:Cv0wwUpscpdcNFr/7ODU1etJwYvAfanndRd5PrF2oi1SP9+Ge:u0bUtcrQU1eTwY4EndHxExgP9Ve
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14364235E1AAD5F42E2D62EFC000D1F5E5794E90330820E3B4AEA5D7A3F6D71A1B480BD
sha3_384: 6bd88f7ed85a0173790b525bc8350a3ce569838d6839350a7eae80b6e5042fd50b998bb64d5268d52bf9b2c48fdc545d
ep_bytes: 907500e918ae07000000000000000000
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Backdoor:Win32/GwGirl.A also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.GWGirl.l8oZ
MicroWorld-eScanBackdoor.Gwgirl.1.0.A
FireEyeGeneric.mg.80bfde379978ae88
SkyhighBehavesLike.Win32.Dropper.fc
ALYacBackdoor.Gwgirl.1.0.A
MalwarebytesMalware.AI.4189289086
VIPREBackdoor.Gwgirl.1.0.A
SangforBackdoor.Win32.Gwgirl.V78t
CrowdStrikewin/malicious_confidence_90% (D)
BitDefenderBackdoor.Gwgirl.1.0.A
K7GWTrojan ( 7000000f1 )
K7AntiVirusTrojan ( 7000000f1 )
ArcabitBackdoor.Gwgirl.1.0.A
BitDefenderThetaGen:NN.ZelphiF.36792.uKXbayhOEyab
VirITBackdoor.Win32.GWG
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/GWGirl.10.A
CynetMalicious (score: 100)
APEXMalicious
KasperskyBackdoor.Win32.GWGirl.10
AlibabaBackdoor:Win32/GWGirl.1d9f14c3
NANO-AntivirusTrojan.Win32.GWGirl.dhlz
ViRobotBackdoor.Win32.GWGirl_10.Client
RisingBackdoor.GwGirl!8.4AC3 (TFE:5:MVu50jnsCSI)
SophosMal/Generic-S
F-SecureBackdoor.BDC/GWGirl.10.A
DrWebBackDoor.GWGirl.10
ZillyaBackdoor.GWGirl.Win32.31
TrendMicroBKDR_GWG.A
EmsisoftBackdoor.Gwgirl.1.0.A (B)
IkarusBackdoor.Win32.Way
JiangminBackdoor/GWGirl.10
VaristW32/Risk.VAJL-0597
AviraBDC/GWGirl.10.A
MAXmalware (ai score=100)
Antiy-AVLTrojan[Backdoor]/Win32.GWGirl
XcitiumBackdoor.Win32.GWGirl.10.A@1fqk
MicrosoftBackdoor:Win32/GwGirl.A
ZoneAlarmBackdoor.Win32.GWGirl.10
GDataBackdoor.Gwgirl.1.0.A
GoogleDetected
AhnLab-V3Win-Trojan/GWGirl_v10.327680
McAfeeBackDoor-SP
DeepInstinctMALICIOUS
VBA32Backdoor.GWGirl
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallBKDR_GWG.A
TencentWin32.Backdoor.Gwgirl.Uwhl
YandexBackdoor.GWGirl!56Dv+jr59yM
MaxSecureTrojan.Malware.1599819.susgen
FortinetW32/GWGirl.A!tr.bdr
AVGWin32:Trojan-gen
Cybereasonmalicious.77bf3f
AvastWin32:Trojan-gen

How to remove Backdoor:Win32/GwGirl.A?

Backdoor:Win32/GwGirl.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment