Malware

Win32:BHO-MX [Trj] removal

Malware Removal

The Win32:BHO-MX [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:BHO-MX [Trj] virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

Related domains:

wpad.local-net

How to determine Win32:BHO-MX [Trj]?



File Info:

name: 05681CAF8D84BD3AF9A6.mlw
path: /opt/CAPEv2/storage/binaries/e83e7deb1e947ceb99c6c79e7f57f2344a003e9210b97fa684cd0580006907d1
crc32: DD9C0A9D
md5: 05681caf8d84bd3af9a61e363d87069f
sha1: 90cfbd5ee3bb742e01ba3602ab285952019e37b4
sha256: e83e7deb1e947ceb99c6c79e7f57f2344a003e9210b97fa684cd0580006907d1
sha512: 5aeb7985b2a963dcac56c36c9fbe2821bfc436660aede1e81a3b07ea76936232bc465702e0efc0a19e9393c12f721d19bdb7ce3de6f98505c023471c5490a4a8
ssdeep: 6144:gjbeixzksPDsjXjQFVYmuTmNNKtTBfGY+n2wEWQV+XG8q1sin8Oku2Tt4LPlDh:guUwsPDdmmuTcIjGhnt2b60ITtuH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10E840212DAD1947BC0D463B485EE62E3A3B8F9D41F5A2797924E62C22C743C4363D36B
sha3_384: cb4df03579de83d969458b72ca08913701d3c5342ae21a38b3495163d3dab1720f4568a5ebba03abec025e3173532fc4
ep_bytes: e80a000000e97affffffcccccccccc8b
timestamp: 2004-08-04 06:01:37


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: Wextract                
LegalCopyright: (C) Microsoft Corporation. All rights reserved.
OriginalFilename: WEXTRACT.EXE            
ProductName: Microsoft(R) Windows(R) Operating System
ProductVersion: 6.00.2900.2180
Translation: 0x0804 0x04b0

Win32:BHO-MX [Trj] also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanBackdoor.Hupigon.AYPY
FireEyeGeneric.mg.05681caf8d84bd3a
McAfeeArtemis!05681CAF8D84
CylanceUnsafe
K7AntiVirusTrojan ( 005376ae1 )
AlibabaBackdoor:Win32/PePatch.2222dac2
K7GWTrojan ( 005376ae1 )
Cybereasonmalicious.f8d84b
BitDefenderThetaAI:Packer.3A49B5731C
CyrenW32/SysVenFak.B.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Hupigon
APEXMalicious
AvastWin32:BHO-MX [Trj]
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderBackdoor.Hupigon.AYPY
NANO-AntivirusTrojan.Win32.Pigeon1.bxilgg
TencentWin32.Trojan.Generic.Eeq
Ad-AwareBackdoor.Hupigon.AYPY
TACHYONTrojan/W32.Inject.374784.E
EmsisoftBackdoor.Hupigon.AYPY (B)
ComodoBackdoor.Win32.Popwin.~IQ@ogvrk
DrWebTrojan.PWS.Qqpass.2940
VIPRETrojan.Win32.Packer.NsPacK (ep)
TrendMicroMal_Pai-8
McAfee-GW-EditionGeneric Packed.bz.e
SophosMal/Generic-S
Paloaltogeneric.ml
eGambitTrojan.Generic
AviraTR/Dropper.Gen
KingsoftWin32.Troj.Generic.v.(kcloud)
MicrosoftBackdoor:Win32/Hupigon
ArcabitBackdoor.Hupigon.AYPY
GDataBackdoor.Hupigon.AYPY
CynetMalicious (score: 99)
VBA32BScope.Trojan-Spy.Zbot
ALYacBackdoor.Hupigon.AYPY
MAXmalware (ai score=81)
TrendMicro-HouseCallMal_Pai-8
RisingBackdoor.Hupigon!1.A04C (CLASSIC)
YandexTrojan.Hupigon!cbPCCa/bt3g
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Legendmir.APN!tr
WebrootW32.Hupigon.DZ
AVGWin32:BHO-MX [Trj]
PandaGeneric Suspicious
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Win32:BHO-MX [Trj]?

Win32:BHO-MX [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment