Categories: Backdoor

SScope.Backdoor.Win32.Hupigon.cmpw removal tips

The SScope.Backdoor.Win32.Hupigon.cmpw is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What SScope.Backdoor.Win32.Hupigon.cmpw virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial binary language: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a copy of itself
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine SScope.Backdoor.Win32.Hupigon.cmpw?


File Info:
crc32: AFB54C51md5: 28ee9067d05fd74cdf00ecb2348e612bname: 28EE9067D05FD74CDF00ECB2348E612B.mlwsha1: b2d56ed3f5e71085f5b16943f2f96ed71b9015e1sha256: 8bcfd00ae2012e3d732e7231145b76d76e7d0ed17cebd7d8b7d9b90751177cfcsha512: ea4e9d4d7a11f9294bc3d02bea82e22d251e9638ea8148073117bf989281602c6a484978ee942a121a367e7bc644c8aa875c0487580c99e90f69c42ec940259cssdeep: 6144:1FExhi6m7uv9xyuR5FabPYOLOiIxQ+DQ01oNCI3gbZYd4M7UJlh0D9F6YSsF+tah:0Xrv9piyxQRHN0mdN+lhMF67ylgotype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
FileVersion: 1.2.3.10CompanyName: x51e4x51f0x5de5x4f5cx5ba4Comments: x7070x9e3dx5b50x8fdcx7a0bx7ba1x7406ProductVersion: 1.2.3.0FileDescription: x51e4x51f0x5de5x4f5cx5ba4OriginalFilename: H_Client.exeTranslation: 0x0804 0x03a8

SScope.Backdoor.Win32.Hupigon.cmpw also known as:

K7AntiVirus	Trojan ( 004bcce41 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Packed.551
Cynet	Malicious (score: 100)
ALYac	Gen:Trojan.Malware.ym2@aKCSNkg
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_90% (W)
K7GW	Trojan ( 004bcce41 )
Cybereason	malicious.7d05fd
Cyren	W32/SuspPack.AC.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Hupigon
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Trojan.Malware.ym2@aKCSNkg
MicroWorld-eScan	Gen:Trojan.Malware.ym2@aKCSNkg
Ad-Aware	Gen:Trojan.Malware.ym2@aKCSNkg
Comodo	Packed.Win32.MUPX.Gen@24tbus
BitDefenderTheta	AI:Packer.755E44071D
VIPRE	VirTool.Win32.Obfuscator.nm (v)
TrendMicro	TROJ_GEN.R005C0DF721
McAfee-GW-Edition	BehavesLike.Win32.Sytro.fc
FireEye	Generic.mg.28ee9067d05fd74c
Emsisoft	Gen:Trojan.Malware.ym2@aKCSNkg (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Backdoor/Hupigon.ayjb
Avira	BDS/Hupigon.Gen
Microsoft	Backdoor:Win32/Hupigon
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Trojan.Malware.ym2@aKCSNkg
AhnLab-V3	Backdoor/Win32.Hupigon.R839
Acronis	suspicious
McAfee	BackDoor-AWQ.gen.r
MAX	malware (ai score=89)
VBA32	SScope.Backdoor.Win32.Hupigon.cmpw
Malwarebytes	Malware.AI.747942345
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_GEN.R005C0DF721
Rising	Malware.Heuristic!ET#100% (RDMK:cmRtazr6uOK7/mR1niuySju+Mn8/)
Yandex	Trojan.Hupigon.Gen!Pac.6
Ikarus	Trojan-Dropper.Win32.Hupigon
Fortinet	W32/Kryptik.KYT!tr
AVG	Win32:Trojan-gen