Backdoor

Should I remove “Backdoor.Win32.Gulpix.yda”?

Malware Removal

The Backdoor.Win32.Gulpix.yda is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor.Win32.Gulpix.yda virus can do?

  • Performs some HTTP requests
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Behavior consistent with a dropper attempting to download the next stage.
  • Attempts to modify proxy settings

Related domains:

www.tengfeidn.com
www.tengfeidn.cn

How to determine Backdoor.Win32.Gulpix.yda?


File Info:

crc32: 44FCD2A3
md5: 7ebe17ece9ffafd179c4d0ef118b009c
name: fw.exe
sha1: bd75b895d4e0040194f2a1bd4c09297189a03a54
sha256: fc88e7d6a12f52ac91a0089e64a9f725c21c023ea003937282fc72fd113c6721
sha512: 21df4604bf66d826ec9ef494822126a46e3107cf8f7a70b1b73a4160e6b95fd0779aad1d6bb1ee4d0330fa961d69876edc7702fe73e3f70058a2cee622ccdf17
ssdeep: 6144:E9rFgwi6oeeZV3hWZS3+Je/4ofSZkGOCV3L4pc:E9uBX3hWg+Je/4oFGOk3LK
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

LegalCopyright: Microsoft Corporation. All rights reserved. x7248x6743x6240x6709
FileVersion: 6.1.7600.16385
CompanyName: Microsoft Corporation. All rights reserved.
Comments: CTF Loader
ProductName: Microsoft? Windows? Operating System2
ProductVersion: 6.1.7600.16385
FileDescription: CTF Loader
Translation: 0x0804 0x04b0

Backdoor.Win32.Gulpix.yda also known as:

FireEyeGeneric.mg.7ebe17ece9ffafd1
CAT-QuickHealTrojan.Mauvaise.SL1
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Malicious.4!c
SangforMalware
K7AntiVirusTrojan ( 005376ae1 )
K7GWTrojan ( 005376ae1 )
Cybereasonmalicious.5d4e00
Invinceaheuristic
BitDefenderThetaGen:NN.ZexaF.34084.tmKfa83Cr3lb
F-ProtW32/OnlineGames.HI.gen!Eldorado
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
AvastWin32:Malware-gen
ClamAVWin.Malware.Zusy-6840460-0
KasperskyBackdoor.Win32.Gulpix.yda
AlibabaTrojan:Application/Generic.afb478a9
NANO-AntivirusTrojan.Win32.Gulpix.fusyzw
RisingTrojan.Tiggre!8.ED98 (CLOUD)
Endgamemalicious (moderate confidence)
SophosMal/Generic-S
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
F-SecureTrojan.TR/Crypt.FKM.Gen
McAfee-GW-EditionBehavesLike.Win32.Fujacks.fc
SentinelOneDFI – Malicious PE
Trapminemalicious.high.ml.score
APEXMalicious
CyrenW32/OnlineGames.HI.gen!Eldorado
JiangminTrojanDownloader.Generic.fwr
WebrootW32.Trojan.TR.Crypt.FKM
AviraTR/Crypt.FKM.Gen
eGambitUnsafe.AI_Score_99%
Antiy-AVLGrayWare/Win32.FlyStudio.a
MicrosoftTrojan:Win32/Tiggre!rfn
ZoneAlarmBackdoor.Win32.Gulpix.yda
Acronissuspicious
McAfeeArtemis!7EBE17ECE9FF
VBA32suspected of Trojan.Downloader.gen.h
TencentWin32.Backdoor.Gulpix.Amda
IkarusTrojan.Crypt
MaxSecureTrojan.Malware.74467863.susgen
FortinetW32/QQWare.A!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor.Win32.Gulpix.yda?

Backdoor.Win32.Gulpix.yda removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment