Categories: Backdoor

Should I remove “Backdoor.Hupigon.AYPY (B)”?

The Backdoor.Hupigon.AYPY (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Hupigon.AYPY (B) virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Reads data out of its own binary image
Drops a binary and executes it
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Queries information on disks, possibly for anti-virtualization
Executed a process and injected code into it, probably while unpacking
Installs itself for autorun at Windows startup
Creates a hidden or system file
Anomalous binary characteristics

How to determine Backdoor.Hupigon.AYPY (B)?


File Info:
crc32: 6F813597md5: 0ad9252287b53c35a9a7b183248e3a7bname: 0AD9252287B53C35A9A7B183248E3A7B.mlwsha1: 8bffca744079ee8573f506ada49e741e1245ba2esha256: baa76c492f2ef57de408d8913f41800b6b77f94d8a4edc5127a12a332a7b0c9bsha512: d4fbac893743ac33ffd8f517150f4414e8d5284a962a99d6c1dbf4d694bb6754f33380c58325bd2d7a4930c0a3fe97bce89958aa44a1eee3db9fb291f630c9cfssdeep: 12288:RgEFclcGIVB0wn9brQiuDLSUKfNtTird:GEFclc3029bcK3TEdtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: (C) Microsoft Corporation. All rights reserved.InternalName: Wextract                FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)CompanyName: Microsoft CorporationProductName: Microsoft(R) Windows(R) Operating SystemProductVersion: 6.00.2900.2180FileDescription: Win32 Cabinet Self-Extractor                                           OriginalFilename: WEXTRACT.EXE            Translation: 0x0804 0x04b0

Backdoor.Hupigon.AYPY (B) also known as:

K7AntiVirus	Trojan ( 000000f91 )
Lionic	Trojan.Win32.Hupigon.lazY
Elastic	malicious (high confidence)
DrWeb	BackDoor.Pigeon1.5760
Cynet	Malicious (score: 100)
ALYac	Backdoor.Hupigon.AYPY
Cylance	Unsafe
Zillya	Backdoor.Hupigon.Win32.117379
Sangfor	Backdoor.Win32.Hupigon.mt
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Trojan:Win32/Starter.ali2000005
K7GW	Trojan ( 000000f91 )
Cybereason	malicious.287b53
Cyren	W32/Hupigon.O.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Hupigon
Zoner	Probably Heur.ExeHeaderH
APEX	Malicious
Avast	Win32:Evo-gen [Susp]
Kaspersky	Packed.Win32.PePatch.ko
BitDefender	Backdoor.Hupigon.AYPY
NANO-Antivirus	Trojan.Win32.Hupigon.bcexm
MicroWorld-eScan	Backdoor.Hupigon.AYPY
Tencent	Win32.Packed.Pepatch.Isv
Ad-Aware	Backdoor.Hupigon.AYPY
Sophos	ML/PE-A + Mal/Emogen-E
Comodo	Packed.Win32.Klone.~KI@1kg7sm
BitDefenderTheta	AI:Packer.215B450723
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	BKDR_GRAYBIR.JX
FireEye	Generic.mg.0ad9252287b53c35
Emsisoft	Backdoor.Hupigon.AYPY (B)
Jiangmin	Backdoor/Agent.akef
Webroot	W32.Bifrose.Gen
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan/Generic.ASMalwS.75574F
Kingsoft	Win32.Troj.Unknown.c.(kcloud)
Microsoft	Backdoor:Win32/Hupigon
GData	Backdoor.Hupigon.AYPY
Acronis	suspicious
McAfee	New Malware.kb
MAX	malware (ai score=94)
VBA32	Backdoor.Bladabindi
Panda	Trj/CI.A
TrendMicro-HouseCall	BKDR_GRAYBIR.JX
Rising	Backdoor.Hupigon!1.6484 (CLASSIC)
Yandex	Backdoor.Hupigon.EBCV
Ikarus	Packer.Win32.Klone
MaxSecure	Trojan.Malware.2043290.susgen
Fortinet	W32/Hupigon.DSK!tr.bdr
AVG	Win32:Evo-gen [Susp]
Paloalto	generic.ml