Backdoor:Win32/Hupigon.DI removal instruction

Malware Removal

The Backdoor:Win32/Hupigon.DI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor:Win32/Hupigon.DI virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Deletes its original binary from disk
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Backdoor:Win32/Hupigon.DI?


File Info:

crc32: 884717E2
md5: 21508d8a135ee5685fd83e26b9f408b0
name: 21508D8A135EE5685FD83E26B9F408B0.mlw
sha1: 1c99aeceeadd0e05a9f67b85798ff961a6aba640
sha256: c801c85b481b190bfa740dc406c85e3bc039820c477e418f5c71c476ae3e130f
sha512: a0634cb752a16a7c17fd809bb7c4cb336a149af24bf39cd2fd3709a3b5ba232f217fd8cf623f661af5c5aadc1a990f2c40aad265937153528c15dc5c103034ed
ssdeep: 12288:8RycYktU4g/n/t0EW5AoEkOvJwQ5oalK+GOh6v6jIk6bQQ52LwRg08S5nt1ZwDq:gxnU4gf2EW5ANHJr1kch6vOIk6LXlP
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

FileVersion: 1.2.3.10
CompanyName: x51e4x51f0x5de5x4f5cx5ba4
Comments: x7070x9e3dx5b50x8fdcx7a0bx7ba1x7406
ProductVersion: 1.2.3.0
FileDescription: x51e4x51f0x5de5x4f5cx5ba4
OriginalFilename: H_Client.exe
Translation: 0x0804 0x03a8

Backdoor:Win32/Hupigon.DI also known as:

BkavW32.AIDetect.malware1
K7AntiVirusRiskware ( 7000000f1 )
Elasticmalicious (high confidence)
DrWebBackDoor.Pigeon.21851
CynetMalicious (score: 100)
CAT-QuickHealBackdoor.Hupigon.DI8
ALYacDropped:Generic.Malware.Bk!dld!g.6FA5F012
CylanceUnsafe
ZillyaBackdoor.Hupigon.Win32.1
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWRiskware ( 7000000f1 )
Cybereasonmalicious.a135ee
BaiduWin32.Trojan.Hupigon.b
CyrenW32/Hupigon.A.gen!Eldorado
SymantecTrojan Horse
ESET-NOD32a variant of Win32/Hupigon
APEXMalicious
AvastWin32:GenMalicious-BND [Trj]
ClamAVWin.Trojan.Delf-1526
KasperskyBackdoor.Win32.Hupigon.axbr
BitDefenderDropped:Generic.Malware.Bk!dld!g.6FA5F012
SUPERAntiSpywareTrojan.Agent/Gen-Graybird
MicroWorld-eScanDropped:Generic.Malware.Bk!dld!g.6FA5F012
TencentTrojan.Win32.Hupigon.pije
Ad-AwareDropped:Generic.Malware.Bk!dld!g.6FA5F012
SophosML/PE-A + Troj/Hupig-Gen
ComodoBackdoor.Win32.BlackHole.~G@f80ok
VIPREBehavesLike.Win32.Malware.eah (mx-v)
TrendMicroBKDR_HUPIGON.VEM
McAfee-GW-EditionBehavesLike.Win32.Backdoor.bh
FireEyeGeneric.mg.21508d8a135ee568
EmsisoftDropped:Generic.Malware.Bk!dld!g.6FA5F012 (B)
SentinelOneStatic AI – Malicious PE
JiangminBackdoor/Huigezi.Gen
AviraBDS/Hupigon.Gen
eGambitUnsafe.AI_Score_97%
MicrosoftBackdoor:Win32/Hupigon.DI
ZoneAlarmHEUR:Backdoor.Win32.Hupigon.gen
GDataDropped:Generic.Malware.Bk!dld!g.6FA5F012
AhnLab-V3Backdoor/Win32.Hupigon.R839
Acronissuspicious
McAfeeBackDoor-AWQ.svr.gen.e
MAXmalware (ai score=81)
VBA32SScope.Backdoor.Win32.Hupigon.cmpw
MalwarebytesGeneric.Trojan.Malicious.DDS
PandaBck/Hupigon.gen
TrendMicro-HouseCallBKDR_HUPIGON.VEM
RisingMalware.Heuristic!ET#90% (RDMK:cmRtazrHe2GO/7s4VrnnYpZGS4Zl)
YandexTrojanSpy.FlyStudio!dpZCKGJGBOw
IkarusBackdoor.Win32.Hupigon
FortinetW32/Hupigon!tr
AVGWin32:GenMalicious-BND [Trj]

How to remove Backdoor:Win32/Hupigon.DI?

Backdoor:Win32/Hupigon.DI removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment