Categories: Backdoor

What is “Backdoor.Win32.Gulpix.zdf”?

The Backdoor.Win32.Gulpix.zdf is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Gulpix.zdf virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Attempts to connect to a dead IP:Port (1 unique times)
Scheduled file move on reboot detected
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Dynamic (imported) function loading detected
Enumerates running processes
Expresses interest in specific running processes
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
CAPE extracted potentially suspicious content
Drops a binary and executes it
Authenticode signature is invalid
Deletes its original binary from disk
Behavioural detection: Injection (Process Hollowing)
Executed a process and injected code into it, probably while unpacking
Behavioural detection: Injection (inter-process)
Installs itself for autorun at Windows startup
Installs itself for autorun at Windows startup
Creates a hidden or system file
Anomalous binary characteristics

How to determine Backdoor.Win32.Gulpix.zdf?


File Info:
name: 4C184B068B14E80B5CF0.mlwpath: /opt/CAPEv2/storage/binaries/1dcd88b55ad590d1fbe4f3db4bc0bb4a9da56306770e4f17ad63b96b48fe6de1crc32: 2CA38BB0md5: 4c184b068b14e80b5cf0fb51f4ea91edsha1: d8bd6ce3fd87ea35a013745d00b6ce4ad2342dd4sha256: 1dcd88b55ad590d1fbe4f3db4bc0bb4a9da56306770e4f17ad63b96b48fe6de1sha512: 890a062cda906f3b013e814acbd91ca640bbc57a264e4023a441840384a44e3647a93b1f5f979afe7c81910b15dad71f635c26c26dc0e8a261f382803df35feassdeep: 49152:ngsVkpscq6rA1jl9f0oAeK0Q3xABJpgWDxaDqIbTcH+2oESlPjWJIr2h0Kpi8JmS:gsSeP9fHsxipNDGt1KWGvpCCZtgbmttype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1BB664B309501C02AFCA305B69EFED58D605CBA912B2840F37184FEFEEE29AD16D36557sha3_384: 2e5139443ce323d273ac9428e812678fc30d3c8f13ececd7713a9bafd4fb4934ef745099f47b0e21bb99ef92bec8d52dep_bytes: 558bece858fdffff5dc3cccccccccccctimestamp: 2020-07-16 01:53:02
Version Info:
CompanyName: FileDescription: Clock MFC ApplicationFileVersion: 1, 0, 0, 1InternalName: ClockLegalCopyright: Copyright (C) 1997LegalTrademarks: OriginalFilename: Clock.EXEProductName: Clock ApplicationProductVersion: 1, 0, 0, 1Translation: 0x0409 0x04b0

Backdoor.Win32.Gulpix.zdf also known as:

Lionic	Trojan.Win32.Gulpix.m!c
MicroWorld-eScan	Trojan.GenericKD.37349394
FireEye	Trojan.GenericKD.37349394
Malwarebytes	Generic.Malware/Suspicious
Sangfor	Backdoor.Win32.Gulpix.zdf
Alibaba	Backdoor:Win32/Gulpix.3620a6db
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
Cyren	W32/Trojan.WSJQ-8418
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Backdoor.Win32.Gulpix.zdf
BitDefender	Trojan.GenericKD.37349394
NANO-Antivirus	Trojan.Win32.Gulpix.izclzs
Avast	Win32:Trojan-gen
Tencent	Malware.Win32.Gencirc.11a9f403
Zillya	Backdoor.Gulpix.Win32.693
McAfee-GW-Edition	BehavesLike.Win32.Dropper.vh
Sophos	Mal/Generic-S
Jiangmin	Backdoor.Gulpix.rx
Avira	HEUR/AGEN.1110275
Arcabit	Trojan.Generic.D239E812
AhnLab-V3	Trojan/Win.Generic.C4557821
VBA32	BScope.Trojan.Occamy
MAX	malware (ai score=84)
Yandex	Trojan.Agent!E76ZSsaAyM8
Ikarus	Trojan.Win32.DllCheck
Fortinet	W32/PossibleThreat
AVG	Win32:Trojan-gen
Panda	Trj/GdSda.A