Backdoor

Backdoor.Hupigon.AYGZ (file analysis)

Malware Removal

The Backdoor.Hupigon.AYGZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Hupigon.AYGZ virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Backdoor.Hupigon.AYGZ?



File Info:

name: 55B2F02D3D47F519C389.mlw
path: /opt/CAPEv2/storage/binaries/9be31c1d5b0945c6720ada0ab4b1083c71254853a47c9b28a8841ad5cfca1b8a
crc32: 47355056
md5: 55b2f02d3d47f519c389df0042be9933
sha1: e8dca309ec1458f68b1e72b479b5bf3aa0557119
sha256: 9be31c1d5b0945c6720ada0ab4b1083c71254853a47c9b28a8841ad5cfca1b8a
sha512: a0190d41155528bc1989f8c75633d8b1c5ed3f36ebaead53096c672cf7a59f62766d1daf4ec4f8ca3fa30caf14d3f03744f3b97f342780a8366fa93a66f2af10
ssdeep: 1536:DKg3dqG/nxYy3iNiQ1zIv9BrORLUrkOg2G2:OXG/KNYcY9BrORLUrXDB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A97302DDC312A8D7C9B5A87124536BDCA92B8901FB7C7D44F358B2974C7A6C70B48386
sha3_384: ba75ac4f180fb1f4ce28803e0d752032eb2d84441c67d0c74445a6d222e395e54b54c6a6674efdbb168906748b144c55
ep_bytes: 60be006042008dbe00b0fdffc787c470
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Backdoor.Hupigon.AYGZ also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanBackdoor.Hupigon.AYGZ
FireEyeGeneric.mg.55b2f02d3d47f519
CAT-QuickHealW32.Viking.B8.mue
ALYacBackdoor.Hupigon.AYGZ
CylanceUnsafe
ZillyaTrojan.OnLineGames.Win32.146777
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 7000000f1 )
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.d3d47f
BaiduWin32.Worm.BMW.c
CyrenW32/HLL-SysDlrSharer!Eldorado
SymantecW32.Fujacks.E
ESET-NOD32a variant of Win32/Fujacks
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Worm.Hupigon-54328
KasperskyWorm.Win32.AutoRun.aifb
BitDefenderBackdoor.Hupigon.AYGZ
NANO-AntivirusTrojan.Win32.AutoRun.mhdp
AvastWin32:Dh-A [Heur]
TencentVirus.Win32.BMW.b
Ad-AwareBackdoor.Hupigon.AYGZ
EmsisoftBackdoor.Hupigon.AYGZ (B)
ComodoWorm.Win32.AutoRun.~ADW@gdt9c
DrWebTrojan.AVKill.62308
VIPREWorm.Win32.Emerleox.gen.a (v)
TrendMicroMal_Otorun5
McAfee-GW-EditionBehavesLike.Win32.Autorun.lc
SophosML/PE-A + Mal/Behav-024
SentinelOneStatic AI – Malicious PE
GDataBackdoor.Hupigon.AYGZ
JiangminWorm/AutoRun.iou
AviraTR/Dldr.Delphi.Gen
Antiy-AVLTrojan/Generic.ASMalwS.D251
ArcabitBackdoor.Hupigon.AYGZ
ViRobotWorm.Win32.Autorun.74247.C
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.Fujack.R42686
McAfeeW32/Fujacks.bt.gen.a
MAXmalware (ai score=88)
VBA32TScope.Trojan.Delf
MalwarebytesMalware.AI.3786799285
TrendMicro-HouseCallMal_Otorun5
RisingMalware.Heuristic!ET#99% (RDMK:cmRtazrGzJdLpc7Mx8rhnndhQCUL)
YandexTrojan.GenAsa!4PcMVvQaEIw
IkarusWorm.Win32.Fujack
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Fujacks.AW
BitDefenderThetaAI:Packer.8766F93620
AVGWin32:Dh-A [Heur]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Backdoor.Hupigon.AYGZ?

Backdoor.Hupigon.AYGZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment