Categories: Backdoor

Should I remove “Backdoor:Win32/Winsec.D!dha”?

The Backdoor:Win32/Winsec.D!dha is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Winsec.D!dha virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Sample contains Overlay data
Presents an Authenticode digital signature
Possible date expiration check, exits too soon after checking local time
Dynamic (imported) function loading detected
Unconventionial language used in binary resources: Korean
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Deletes its original binary from disk
Deletes executed files from disk

How to determine Backdoor:Win32/Winsec.D!dha?


File Info:
name: EE40D99C7DDE0605DDBA.mlwpath: /opt/CAPEv2/storage/binaries/49112b6739fe518dc826ee02ff11688491096f931d2ffd656c3f7b21b28656b0crc32: 1C899A94md5: ee40d99c7dde0605ddba163daa53a7a4sha1: 71ded0d6cd353d4c7e3b7cc576591465cb2eb073sha256: 49112b6739fe518dc826ee02ff11688491096f931d2ffd656c3f7b21b28656b0sha512: 73727cc82bc46016a0c70a743ed0b8f8a2210e5c526d8d3a6c245bd669591de7b563d3dc262c5ac89bcb3805c63ab37160f8c2975f3e218532693288bd679491ssdeep: 768:fv6//+oDIajrOVvjuu+tIJ3YdP6aX/QWVnumTKuSG0+Cx/ABKePWDTquk1PcPW/8:fk7DIajC7p+EIdMW1T0rJxvJ0PTEzhtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1DA336C491D53D063E4830C70C7A9A5D6BFFE6DB33095B16FDF80A44814B9299D228F7Asha3_384: f5fb6b3909920a70f2c066281cbd013906ba7413120baf6fa7090ba0ae403af113e91c8aeaf192787ea5d801b6a7c41eep_bytes: 558bec6aff6860814000680461400064timestamp: 2015-06-05 00:16:38
Version Info:
CompanyName: Microsoft CorporationFileDescription: 네트워크 액세스 보호 클라이언트 UIFileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)InternalName: napstat.exeLegalCopyright: © Microsoft Corporation. All rights reserved.OriginalFilename: napstat.exe.muiProductName: Microsoft® Windows® Operating SystemProductVersion: 6.3.9600.16384Translation: 0x0412 0x04b0

Backdoor:Win32/Winsec.D!dha also known as:

MicroWorld-eScan	Gen:Variant.Fugrafa.7885
FireEye	Generic.mg.ee40d99c7dde0605
McAfee	Suspect-CZ!EE40D99C7DDE
Cylance	Unsafe
VIPRE	Gen:Variant.Fugrafa.7885
Sangfor	[ARMADILLO V1.71]
K7AntiVirus	Trojan ( 004be5271 )
K7GW	Trojan ( 004be5271 )
Cybereason	malicious.c7dde0
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/NukeSped.IN
APEX	Malicious
ClamAV	Win.Trojan.Mikey-9958102-0
Kaspersky	HEUR:Trojan-Banker.Win32.Alreay.gen
BitDefender	Gen:Variant.Fugrafa.7885
Avast	Win32:Crypt-RXQ [Trj]
Tencent	Malware.Win32.Gencirc.11d1723c
Ad-Aware	Gen:Variant.Fugrafa.7885
Comodo	TrojWare.Win32.PSW.GamePass.C@2mkvnv
DrWeb	Trojan.MulDrop5.59555
Zillya	Trojan.Agent.Win32.728057
McAfee-GW-Edition	New Malware.x
Emsisoft	Gen:Variant.Fugrafa.7885 (B)
SentinelOne	Static AI – Suspicious PE
GData	Gen:Variant.Fugrafa.7885
Jiangmin	Trojan.Banker.Alreay.bs
Avira	TR/Bruter.45056.1
Antiy-AVL	Trojan/Generic.ASMalwS.330C
Arcabit	Trojan.Fugrafa.D1ECD
ViRobot	Trojan.Win32.Agent.45056.ND
Microsoft	Backdoor:Win32/Winsec.D!dha
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Skeeyah.R500168
BitDefenderTheta	Gen:NN.ZexaF.34806.dq2@aKgAfpcO
ALYac	Gen:Variant.Fugrafa.7885
MAX	malware (ai score=85)
VBA32	BScope.Trojan.Fuerboos
Malwarebytes	Malware.AI.2325467466
Yandex	Trojan.Bruter!SqLBR/1TERE
AVG	Win32:Crypt-RXQ [Trj]
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_70% (D)