Backdoor

Should I remove “Backdoor.Hupigon.AYPY (B)”?

Malware Removal

The Backdoor.Hupigon.AYPY (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Hupigon.AYPY (B) virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Queries information on disks, possibly for anti-virtualization
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Anomalous binary characteristics

How to determine Backdoor.Hupigon.AYPY (B)?



File Info:

crc32: 6F813597
md5: 0ad9252287b53c35a9a7b183248e3a7b
name: 0AD9252287B53C35A9A7B183248E3A7B.mlw
sha1: 8bffca744079ee8573f506ada49e741e1245ba2e
sha256: baa76c492f2ef57de408d8913f41800b6b77f94d8a4edc5127a12a332a7b0c9b
sha512: d4fbac893743ac33ffd8f517150f4414e8d5284a962a99d6c1dbf4d694bb6754f33380c58325bd2d7a4930c0a3fe97bce89958aa44a1eee3db9fb291f630c9cf
ssdeep: 12288:RgEFclcGIVB0wn9brQiuDLSUKfNtTird:GEFclc3029bcK3TEd
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: (C) Microsoft Corporation. All rights reserved.
InternalName: Wextract                
FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
CompanyName: Microsoft Corporation
ProductName: Microsoft(R) Windows(R) Operating System
ProductVersion: 6.00.2900.2180
FileDescription: Win32 Cabinet Self-Extractor                                           
OriginalFilename: WEXTRACT.EXE            
Translation: 0x0804 0x04b0

Backdoor.Hupigon.AYPY (B) also known as:

K7AntiVirusTrojan ( 000000f91 )
LionicTrojan.Win32.Hupigon.lazY
Elasticmalicious (high confidence)
DrWebBackDoor.Pigeon1.5760
CynetMalicious (score: 100)
ALYacBackdoor.Hupigon.AYPY
CylanceUnsafe
ZillyaBackdoor.Hupigon.Win32.117379
SangforBackdoor.Win32.Hupigon.mt
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaTrojan:Win32/Starter.ali2000005
K7GWTrojan ( 000000f91 )
Cybereasonmalicious.287b53
CyrenW32/Hupigon.O.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Hupigon
ZonerProbably Heur.ExeHeaderH
APEXMalicious
AvastWin32:Evo-gen [Susp]
KasperskyPacked.Win32.PePatch.ko
BitDefenderBackdoor.Hupigon.AYPY
NANO-AntivirusTrojan.Win32.Hupigon.bcexm
MicroWorld-eScanBackdoor.Hupigon.AYPY
TencentWin32.Packed.Pepatch.Isv
Ad-AwareBackdoor.Hupigon.AYPY
SophosML/PE-A + Mal/Emogen-E
ComodoPacked.Win32.Klone.~KI@1kg7sm
BitDefenderThetaAI:Packer.215B450723
VIPRETrojan.Win32.Generic!BT
TrendMicroBKDR_GRAYBIR.JX
FireEyeGeneric.mg.0ad9252287b53c35
EmsisoftBackdoor.Hupigon.AYPY (B)
JiangminBackdoor/Agent.akef
WebrootW32.Bifrose.Gen
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.75574F
KingsoftWin32.Troj.Unknown.c.(kcloud)
MicrosoftBackdoor:Win32/Hupigon
GDataBackdoor.Hupigon.AYPY
Acronissuspicious
McAfeeNew Malware.kb
MAXmalware (ai score=94)
VBA32Backdoor.Bladabindi
PandaTrj/CI.A
TrendMicro-HouseCallBKDR_GRAYBIR.JX
RisingBackdoor.Hupigon!1.6484 (CLASSIC)
YandexBackdoor.Hupigon.EBCV
IkarusPacker.Win32.Klone
MaxSecureTrojan.Malware.2043290.susgen
FortinetW32/Hupigon.DSK!tr.bdr
AVGWin32:Evo-gen [Susp]
Paloaltogeneric.ml

How to remove Backdoor.Hupigon.AYPY (B)?

Backdoor.Hupigon.AYPY (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment