Backdoor

How to remove “Backdoor.Win32.Gulpix.xue”?

Malware Removal

The Backdoor.Win32.Gulpix.xue is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor.Win32.Gulpix.xue virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Transacted Hollowing
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the PoisonIvy malware family
  • Uses suspicious command line tools or Windows utilities

How to determine Backdoor.Win32.Gulpix.xue?


File Info:

name: FB8C172C964E6740963E.mlw
path: /opt/CAPEv2/storage/binaries/12979d85d37a7e246757d5ebf238c6ac91e6641950cf45d95b104eb7dbb7db71
crc32: D3AA8783
md5: fb8c172c964e6740963eb223407a917c
sha1: 4448a3cd278d6c7b85987f0c9ba5dfeef7be8dad
sha256: 12979d85d37a7e246757d5ebf238c6ac91e6641950cf45d95b104eb7dbb7db71
sha512: eec704ea3a336efe61f46d2f49e95389c544ffa33c3cd94f6b681a7c8c59c94ec91e1495a47ce71fc9178d9fd28fea983cd52248a8881a99a7f8a5fb111648d0
ssdeep: 3072:DQIURTXJ+MvNTRT7mewnpOY0J0MuBmpvkgnhH+nS/ZR:Ds9vBRT73wnpOp0UsgnhHMShR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FFA3F11B36C1D4F7FADB493119B2D726D37BD300522B06175B640FAF2A62283C9162EB
sha3_384: 6f8df289962192bf077be3e65e7b4d2553b7374ff864768e16a71236916aafc4b7fb6c1218ee3d664f4d810fa9274ca1
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-12-05 22:50:46

Version Info:

0: [No Data]

Backdoor.Win32.Gulpix.xue also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Gulpix.4!c
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader29.4342
MicroWorld-eScanTrojan.GenericKD.45101691
FireEyeTrojan.GenericKD.45101691
McAfeeArtemis!FB8C172C964E
CylanceUnsafe
SangforTrojan.Win32.Agent.gen
K7AntiVirusRiskware ( 0040eff71 )
AlibabaBackdoor:Win32/Gulpix.22707384
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.c964e6
BitDefenderThetaGen:NN.ZedlaF.34742.aq4@a0xFV8g
VirITTrojan.Win32.Genus.BNY
CyrenW32/Gulpix.NNKG-7583
ESET-NOD32a variant of Win32/Korplug.SB
TrendMicro-HouseCallTROJ_FRS.0NA103C320
Paloaltogeneric.ml
ClamAVWin.Trojan.SoftCell-7156347-0
KasperskyBackdoor.Win32.Gulpix.xue
BitDefenderTrojan.GenericKD.45101691
NANO-AntivirusVirus.Win32.Gen.ccmw
SUPERAntiSpywareTrojan.Agent/Gen-Tracur
AvastWin32:Malware-gen
TencentWin32.Backdoor.Gulpix.Efku
Ad-AwareTrojan.GenericKD.45101691
EmsisoftTrojan.GenericKD.45101691 (B)
ComodoMalware@#3662aam7z604k
ZillyaBackdoor.Gulpix.Win32.518
TrendMicroTROJ_FRS.0NA103C320
McAfee-GW-EditionBackDoor.gen.b
Trapminemalicious.moderate.ml.score
SophosMal/Generic-R
IkarusTrojan.Win32.Korplug
GDataTrojan.GenericKD.45101691
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1233752
MAXmalware (ai score=100)
MicrosoftTrojan:Win32/Malgent.C!dha
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C2988240
VBA32Trojan.Wacatac
ALYacBackdoor.Gulpix
MalwarebytesTrojan.Happili
APEXMalicious
RisingBackdoor.Gulpix!8.3DA (CLOUD)
YandexBackdoor.Gulpix!c7a4HMhDPdc
SentinelOneStatic AI – Suspicious PE
FortinetW32/Gulpix.XUE!tr.bdr
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor.Win32.Gulpix.xue?

Backdoor.Win32.Gulpix.xue removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment