Backdoor.Hupigon

tag:computer virus

Written in Delphi, often packed with various packers: Hmimys, NsPack, Svkp, UPX, AsPack and others.

When first executed Hupigon copies itself to other location (usually windows folder) and deletes itself after that.
To ensure that it will start every time Windows starts it installs its copy as a Windows service with automatic startup type.

To hide its presence from a process list viewer (taskmgr.exe, tasklist.exe ...) it starts a common Windows program (iexplore.exe, svchost.exe, services.exe ...) and overwrites the program Please let BitDefender disinfect your files.

Internet traffic while no user program is accessing the network.
Presence of common Windows processes (iexplore.exe, calc.exe ...) that have no window.
Presence of a Windows service that have description string containing Chinese characters.

previous:Trojan.Agent.AJJX
previous:Backdoor.BotGet.FtpB.Gen

Virus Source from:

New articles

TROJ_ARTIEF.SMThis Trojan exploits the RTF Stack Overflow vulnerability to drop and execute TROJ_INJECT.ART. This Trojan may be unknowingly downloaded by a user while visi...ANDROIDOS_GEINIMI.AThis backdoor may be unknowingly downloaded by a user while visiting malicious websites. Backdoor Routine This backdoor executes the following commands from...P2P-Worm.Win32.BlackControl.gThe malicious program intercepts the user’s requests to various sites and redirects them to a malicious URL. It also contains a tool for sending phishin...Backdoor.Win32.Bredolab.euaA malicious program that receives commands from a management server to download other malware to a computer. To ensure that it is launched automatically when t...Backdoor.Farfli.ABCommonly it commes as an installer so it can drop several files, detected by Bitdefender as adware (Adware.Cinmus) or tojan-downloaders.It modifies the memory o...

Hot Articles

Backdoor.Hupigon

Computer Virus Clounds