Categories: Backdoor

How to remove “Backdoor.Win32.Gulpix.xue”?

The Backdoor.Win32.Gulpix.xue is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Gulpix.xue virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Transacted Hollowing
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the PoisonIvy malware family
  • Uses suspicious command line tools or Windows utilities

How to determine Backdoor.Win32.Gulpix.xue?



File Info:

name: FB8C172C964E6740963E.mlwpath: /opt/CAPEv2/storage/binaries/12979d85d37a7e246757d5ebf238c6ac91e6641950cf45d95b104eb7dbb7db71crc32: D3AA8783md5: fb8c172c964e6740963eb223407a917csha1: 4448a3cd278d6c7b85987f0c9ba5dfeef7be8dadsha256: 12979d85d37a7e246757d5ebf238c6ac91e6641950cf45d95b104eb7dbb7db71sha512: eec704ea3a336efe61f46d2f49e95389c544ffa33c3cd94f6b681a7c8c59c94ec91e1495a47ce71fc9178d9fd28fea983cd52248a8881a99a7f8a5fb111648d0ssdeep: 3072:DQIURTXJ+MvNTRT7mewnpOY0J0MuBmpvkgnhH+nS/ZR:Ds9vBRT73wnpOp0UsgnhHMShRtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1FFA3F11B36C1D4F7FADB493119B2D726D37BD300522B06175B640FAF2A62283C9162EBsha3_384: 6f8df289962192bf077be3e65e7b4d2553b7374ff864768e16a71236916aafc4b7fb6c1218ee3d664f4d810fa9274ca1ep_bytes: 81ec8001000053555633db57895c2418timestamp: 2009-12-05 22:50:46

Version Info:

0: [No Data]

Backdoor.Win32.Gulpix.xue also known as:

Bkav W32.AIDetect.malware2
Lionic Trojan.Win32.Gulpix.4!c
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader29.4342
MicroWorld-eScan Trojan.GenericKD.45101691
FireEye Trojan.GenericKD.45101691
McAfee Artemis!FB8C172C964E
Cylance Unsafe
Sangfor Trojan.Win32.Agent.gen
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Backdoor:Win32/Gulpix.22707384
K7GW Riskware ( 0040eff71 )
Cybereason malicious.c964e6
BitDefenderTheta Gen:NN.ZedlaF.34742.aq4@a0xFV8g
VirIT Trojan.Win32.Genus.BNY
Cyren W32/Gulpix.NNKG-7583
ESET-NOD32 a variant of Win32/Korplug.SB
TrendMicro-HouseCall TROJ_FRS.0NA103C320
Paloalto generic.ml
ClamAV Win.Trojan.SoftCell-7156347-0
Kaspersky Backdoor.Win32.Gulpix.xue
BitDefender Trojan.GenericKD.45101691
NANO-Antivirus Virus.Win32.Gen.ccmw
SUPERAntiSpyware Trojan.Agent/Gen-Tracur
Avast Win32:Malware-gen
Tencent Win32.Backdoor.Gulpix.Efku
Ad-Aware Trojan.GenericKD.45101691
Emsisoft Trojan.GenericKD.45101691 (B)
Comodo Malware@#3662aam7z604k
Zillya Backdoor.Gulpix.Win32.518
TrendMicro TROJ_FRS.0NA103C320
McAfee-GW-Edition BackDoor.gen.b
Trapmine malicious.moderate.ml.score
Sophos Mal/Generic-R
Ikarus Trojan.Win32.Korplug
GData Trojan.GenericKD.45101691
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1233752
MAX malware (ai score=100)
Microsoft Trojan:Win32/Malgent.C!dha
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Generic.C2988240
VBA32 Trojan.Wacatac
ALYac Backdoor.Gulpix
Malwarebytes Trojan.Happili
APEX Malicious
Rising Backdoor.Gulpix!8.3DA (CLOUD)
Yandex Backdoor.Gulpix!c7a4HMhDPdc
SentinelOne Static AI – Suspicious PE
Fortinet W32/Gulpix.XUE!tr.bdr
AVG Win32:Malware-gen
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_100% (W)

How to remove Backdoor.Win32.Gulpix.xue?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Backdoor.Win32.Gulpix.xue
2 years ago

Recent Posts

Malware.AI.1560801952 malicious file

The Malware.AI.1560801952 is considered dangerous by lots of security experts. When this infection is active,…

19 mins ago

Malware.AI.3778280684 removal tips

The Malware.AI.3778280684 is considered dangerous by lots of security experts. When this infection is active,…

24 mins ago

Should I remove “Jalapeno.777”?

The Jalapeno.777 is considered dangerous by lots of security experts. When this infection is active,…

24 mins ago

MSIL/Kryptik.ALMH (file analysis)

The MSIL/Kryptik.ALMH is considered dangerous by lots of security experts. When this infection is active,…

29 mins ago

Should I remove “Trojan.Win32.Agent.xbmkrx”?

The Trojan.Win32.Agent.xbmkrx is considered dangerous by lots of security experts. When this infection is active,…

54 mins ago

Tedy.179306 removal guide

The Tedy.179306 is considered dangerous by lots of security experts. When this infection is active,…

54 mins ago