Backdoor

Backdoor:Win32/Hupigon.DZ (file analysis)

Malware Removal

The Backdoor:Win32/Hupigon.DZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Hupigon.DZ virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Deletes its original binary from disk
  • Checks for the presence of known windows from debuggers and forensic tools
  • Mimics the file times of a Windows system file
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Backdoor:Win32/Hupigon.DZ?



File Info:

crc32: EE7CFF84
md5: ac25f1d0883fe06dd463298be464ce07
name: AC25F1D0883FE06DD463298BE464CE07.mlw
sha1: 5c81435bcef40f24892fe3b4da724589c1f29499
sha256: 00c7df4b852343e47c0359f7a148faac1af5175823baf4053786109c478574a5
sha512: 66380030d836ce9bef909eb84700ee4a68b70629004fdeaaae65616046e5a991633d6d686d7024aa36c418161a22016a7859ef47949c2134a864e1fdfe524e30
ssdeep: 12288:0KJP6aigJzHGpfF+xu05qNgSggUXG4lCQRSu1afVc:0sPkgJ6jQu0qagUXG4lCQR0a
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: (C) Microsoft Corporation. All rights reserved.
InternalName: ACCWIZ
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
CompanyName: Microsoft Corporation
ProductName: Microsoft(R) Windows(R) Operating System
ProductVersion: 5.1.2600.2180
FileDescription: Microsoft Accessibility Wizard
OriginalFilename: ACCWIZ.EXE
Translation: 0x0804 0x04b0

Backdoor:Win32/Hupigon.DZ also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 7000000f1 )
LionicTrojan.Win32.Agent.lbip
Elasticmalicious (high confidence)
DrWebBackDoor.Pigeon.9671
CynetMalicious (score: 100)
ALYacGenPack:Backdoor.Delf.HSY
CylanceUnsafe
ZillyaTrojan.Delf.Win32.26551
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaBackdoor:Win32/Hupigon.796639cf
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.0883fe
CyrenW32/Agent.LD.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Delf.NHC
APEXMalicious
AvastWin32:Agent-RXW [Trj]
KasperskyTrojan.Win32.Delf.arq
BitDefenderGenPack:Backdoor.Delf.HSY
NANO-AntivirusVirus.Win32.Agent.dvixmz
MicroWorld-eScanGenPack:Backdoor.Delf.HSY
TencentWin32.Trojan.Delf.Lmuf
Ad-AwareGenPack:Backdoor.Delf.HSY
SophosMal/Generic-S + W32/Pidgeon-A
ComodoTrojWare.Win32.Spy.Banker.Gen@1qlojk
BitDefenderThetaAI:Packer.DB12D2341C
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_DELF.EJU
McAfee-GW-EditionBehavesLike.Win32.Virut.hc
FireEyeGeneric.mg.ac25f1d0883fe06d
EmsisoftGenPack:Backdoor.Delf.HSY (B)
SentinelOneStatic AI – Malicious PE
JiangminBackdoor/Huigezi.djd
WebrootW32.Bifrose.Gen
AviraTR/ATRAPS.Gen
Antiy-AVLTrojan/Generic.ASMalwS.961AC1
KingsoftWin32.Troj.Generic_01.p.(kcloud)
MicrosoftBackdoor:Win32/Hupigon.DZ
GDataGenPack:Backdoor.Delf.HSY
AhnLab-V3Backdoor/Win32.Hupigon.R46320
Acronissuspicious
McAfeeFlyagent.d
MAXmalware (ai score=100)
VBA32Trojan.Win32.Delf.dbm
PandaGeneric Malware
TrendMicro-HouseCallTROJ_DELF.EJU
RisingBackdoor.Win32.RWX.jq (CLASSIC)
YandexTrojan.GenAsa!efM5uRSwyHM
IkarusTrojan-Dropper.Delf
MaxSecureTrojan.Malware.17683.susgen
FortinetW32/CoinMiner.BELF!tr
AVGWin32:Agent-RXW [Trj]
Paloaltogeneric.ml

How to remove Backdoor:Win32/Hupigon.DZ?

Backdoor:Win32/Hupigon.DZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment