Backdoor

Backdoor.Win32.Hupigon.vfco removal guide

Malware Removal

The Backdoor.Win32.Hupigon.vfco is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Hupigon.vfco virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor.Win32.Hupigon.vfco?



File Info:

name: C35F8E8DFEFC27C4C02C.mlw
path: /opt/CAPEv2/storage/binaries/34ed6618fdc6a03023b800980df7a9730b337284691752fcc76ec8560c00894a
crc32: 635029E0
md5: c35f8e8dfefc27c4c02cd70d1a918442
sha1: e30acf8cbdf2ec53f11fdad9fb5c13b6a50ded7f
sha256: 34ed6618fdc6a03023b800980df7a9730b337284691752fcc76ec8560c00894a
sha512: 0bd3c8424d57a63f0df8c12c888f362ff51aab0aca353ae559579ef09f5467f4affb0c65129770cb874cba434796509aa0a900a1b0d2cd9c084c48ae05513ef9
ssdeep: 196608:0PBHDznjUEpKDPqhBNzNk3bn8pEjjUvGoYQztgBMHoMwLZWVV:KBH3jUEpGQpNk3bn8p2jawjqV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T170A623227BE1C037D67216740E69A379D1BDB9700A31894F63E41B3EAB709C29E35F16
sha3_384: 54ad80df95d8f1b85ab6f5c6788a69d7075e1f2b54ed003f1a337982b3007a07035e306888399f52d5dc8d0597d162a2
ep_bytes: e819a90000e979feffff8bff558bec83
timestamp: 2010-05-03 08:15:49


Version Info:

CompanyName: 博奕证券版本系统
FileDescription: 此 Installer 数据库包含了安装 赢股策证券数据终端-至尊版 所需的逻辑和数据。
FileVersion: 145.1.1.1
InternalName: BoYiSetup
LegalCopyright: Copyright (C) 博奕证券版本系统
OriginalFileName: BoYiSetup.exe
ProductName: 赢股策证券数据终端-至尊版
ProductVersion: 145.1.1.1
Translation: 0x0804 0x04b0

Backdoor.Win32.Hupigon.vfco also known as:

ZillyaBackdoor.Hupigon.Win32.213213
AlibabaBackdoor:Win32/Hupigon.8ad7c576
BitDefenderThetaGen:NN.ZexaF.36662.@t0@a837oSpH
VirITTrojan.Win32.DownLoader12.CBST
KasperskyBackdoor.Win32.Hupigon.vfco
NANO-AntivirusTrojan.Win32.Hupigon.fzkrkj
AvastWin32:Malware-gen
Rising[email protected] (RDML:IcPqB6Rpgg1C+TmB8VmoOg)
McAfee-GW-EditionGenericRXIE-VD!D613E1CBD665
SophosMal/Generic-S
IkarusTrojan.SuspectCRC
GoogleDetected
Antiy-AVLTrojan[Backdoor]/Win32.Hupigon
ZoneAlarmBackdoor.Win32.Hupigon.vfco
MicrosoftTrojan:Win32/Occamy.C44
VBA32BScope.Backdoor.Hupigon
MalwarebytesGeneric.Malware/Suspicious
AVGWin32:Malware-gen
CrowdStrikewin/grayware_confidence_60% (D)

How to remove Backdoor.Win32.Hupigon.vfco?

Backdoor.Win32.Hupigon.vfco removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment