Backdoor

Backdoor:Win32/Winsec.C!dha malicious file

Malware Removal

The Backdoor:Win32/Winsec.C!dha is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Winsec.C!dha virus can do?

  • Possible date expiration check, exits too soon after checking local time
  • Authenticode signature is invalid

How to determine Backdoor:Win32/Winsec.C!dha?



File Info:

name: 2BFE0BF9F06BBE05B75D.mlw
path: /opt/CAPEv2/storage/binaries/cbb63d2773e1f468dd99a200753dcfc3cf76ac0c3529d819ee908e1f53507c7a
crc32: 1C5B8C2F
md5: 2bfe0bf9f06bbe05b75d8a5a0494cc3d
sha1: ad17f711f32da813440ca97e1d21cb2002b8300d
sha256: cbb63d2773e1f468dd99a200753dcfc3cf76ac0c3529d819ee908e1f53507c7a
sha512: cfc413335135ff607b42ab84d43de0112649c7d53fa8819aaf50d6e22442982a2180b6b62c99baa66213bd75ac60446d3b692d97848f554b5ecee6c000de089d
ssdeep: 1536:8uN9S4A3BiXsSuqyizrJlINcCjaqTAA3g+N9S4A3YdathwBWYT:wXicTiTI+Cjjo2wthwdT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T140F3AF22FAD2C272D90540300C3BAF3B9F7EAB794B25ABC797949D461C236E19533617
sha3_384: 2a6d57eb45987ffdd925c3ee56a3ad28d5a2ae43130a577938660105ce0007f4b5efb0673e494c1ba555b70e435652a8
ep_bytes: 558bec6aff68487b4000680a33400064
timestamp: 2013-12-14 06:32:02


Version Info:

Comments: 
CompanyName: Microsoft Coporation
FileDescription: InstallerService
FileVersion: 2.5.1
InternalName: WMPNetworkSvc
LegalCopyright: Copyright ¨Ï 2010
LegalTrademarks: 
OriginalFilename: InstallerService.exe
PrivateBuild: 
ProductName: THMASPC InstallerService
ProductVersion: 1, 0, 0, 1
SpecialBuild: 2.71.3256
Translation: 0x0409 0x04b0

Backdoor:Win32/Winsec.C!dha also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Agent.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Symmi.21908
FireEyeGeneric.mg.2bfe0bf9f06bbe05
ALYacBackdoor.Agent.AD159744
CylanceUnsafe
ZillyaTrojan.Agent.Win32.654337
Sangfor[ARMADILLO V1.71]
K7AntiVirusTrojan ( 00464f291 )
AlibabaBackdoor:Win32/Winsec.7da65644
K7GWTrojan ( 00464f291 )
CrowdStrikewin/malicious_confidence_100% (W)
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Agent.QEF
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.11880709-1
KasperskyTrojan.Win32.Agent.iidl
BitDefenderGen:Variant.Symmi.21908
NANO-AntivirusTrojan.Win32.Agent.eangeh
AvastWin32:Malware-gen
TencentWin32.Trojan.Agent.Hvtu
Ad-AwareGen:Variant.Symmi.21908
EmsisoftGen:Variant.Symmi.21908 (B)
ComodoMalware@#2tcmbl974irky
DrWebTrojan.MulDrop6.33701
VIPREGen:Variant.Symmi.21908
TrendMicroBKDR_SCADPRV.B
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.cm
Trapminemalicious.moderate.ml.score
SophosMal/Generic-R + Troj/FakeMS-N
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Symmi.21908
JiangminTrojan.Agent.uqt
AviraTR/Agent.159744.324
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.330C
MicrosoftBackdoor:Win32/Winsec.C!dha
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Winsec.C1340601
McAfeeGenericRXFF-KZ!2BFE0BF9F06B
VBA32BScope.Trojan.Agent
MalwarebytesMalware.AI.4271619980
TrendMicro-HouseCallBKDR_SCADPRV.B
IkarusTrojan.Win32.Agent
MaxSecureTrojan.Malware.1728101.susgen
FortinetW32/Agent.QEF!tr
BitDefenderThetaGen:NN.ZexaF.34806.jq0@aGWhL9di
AVGWin32:Malware-gen
Cybereasonmalicious.9f06bb
PandaTrj/GdSda.A

How to remove Backdoor:Win32/Winsec.C!dha?

Backdoor:Win32/Winsec.C!dha removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment