What is “Backdoor.Win32.Gulpix.zdf”?

The Backdoor.Win32.Gulpix.zdf is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Gulpix.zdf virus can do?

• SetUnhandledExceptionFilter detected (possible anti-debug)
• Behavioural detection: Executable code extraction – unpacking
• Attempts to connect to a dead IP:Port (1 unique times)
• Scheduled file move on reboot detected
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Creates RWX memory
• Possible date expiration check, exits too soon after checking local time
• Dynamic (imported) function loading detected
• Enumerates running processes
• Expresses interest in specific running processes
• Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
• CAPE extracted potentially suspicious content
• Drops a binary and executes it
• Authenticode signature is invalid
• Deletes its original binary from disk
• Behavioural detection: Injection (Process Hollowing)
• Executed a process and injected code into it, probably while unpacking
• Behavioural detection: Injection (inter-process)
• Installs itself for autorun at Windows startup
• Installs itself for autorun at Windows startup
• Creates a hidden or system file
• Anomalous binary characteristics

How to determine Backdoor.Win32.Gulpix.zdf?

File Info:
name: 4C184B068B14E80B5CF0.mlw
path: /opt/CAPEv2/storage/binaries/1dcd88b55ad590d1fbe4f3db4bc0bb4a9da56306770e4f17ad63b96b48fe6de1
crc32: 2CA38BB0
md5: 4c184b068b14e80b5cf0fb51f4ea91ed
sha1: d8bd6ce3fd87ea35a013745d00b6ce4ad2342dd4
sha256: 1dcd88b55ad590d1fbe4f3db4bc0bb4a9da56306770e4f17ad63b96b48fe6de1
sha512: 890a062cda906f3b013e814acbd91ca640bbc57a264e4023a441840384a44e3647a93b1f5f979afe7c81910b15dad71f635c26c26dc0e8a261f382803df35fea
ssdeep: 49152:ngsVkpscq6rA1jl9f0oAeK0Q3xABJpgWDxaDqIbTcH+2oESlPjWJIr2h0Kpi8JmS:gsSeP9fHsxipNDGt1KWGvpCCZtgbmt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BB664B309501C02AFCA305B69EFED58D605CBA912B2840F37184FEFEEE29AD16D36557
sha3_384: 2e5139443ce323d273ac9428e812678fc30d3c8f13ececd7713a9bafd4fb4934ef745099f47b0e21bb99ef92bec8d52d
ep_bytes: 558bece858fdffff5dc3cccccccccccc
timestamp: 2020-07-16 01:53:02

Version Info:
CompanyName: 
FileDescription: Clock MFC Application
FileVersion: 1, 0, 0, 1
InternalName: Clock
LegalCopyright: Copyright (C) 1997
LegalTrademarks: 
OriginalFilename: Clock.EXE
ProductName: Clock Application
ProductVersion: 1, 0, 0, 1
Translation: 0x0409 0x04b0

Backdoor.Win32.Gulpix.zdf also known as:

How to remove Backdoor.Win32.Gulpix.zdf?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.