SYS.EXE – Backdoor Hupigon

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

SYS.EXE – Backdoor Hupigon removal

FileMD5Virus Alias
SYS.EXE 63e8d5647bfef8d259d1f5a3e4ff2401 Backdoor Hupigon
SYS.EXE 63e8d5647bfef8d259d1f5a3e4ff2401 Trojan Eldorado
SYS.EXE 63e8d5647bfef8d259d1f5a3e4ff2401 Backdoor Pigeon
SYS.EXE 63e8d5647bfef8d259d1f5a3e4ff2401 Trojan Delf
SYS.EXE 63e8d5647bfef8d259d1f5a3e4ff2401 Trojan Banker

SYS.EXE size: 393728 bytes
SYS.EXE hash: 63E8D5647BFEF8D259D1F5A3E4FF2401

Created files:

%WinDir%\love.exe
%WinDir%\sys.exe
%SysDir%\love.exe
%SysDir%\LOVEHKS.DLL
%TEMP%\tmp2B.exe
%TEMP%\tmp2D.exe
%TEMP%\tmp2F.exe
%WinDir%\wint.DLL
%WinDir%\wint.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\LOVE_SERVICE\Type: 10010000
HKLM\System\CurrentControlSet\Services\LOVE_SERVICE\Start: 02000000
HKLM\System\CurrentControlSet\Services\LOVE_SERVICE\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\LOVE_SERVICE\DisplayName: LOVE Service
HKLM\System\CurrentControlSet\Services\LOVE_SERVICE\ImagePath: “%WinDir%\System32\love.exe” /service
HKLM\System\CurrentControlSet\Services\wint\Type: 10010000
HKLM\System\CurrentControlSet\Services\wint\Start: 02000000
HKLM\System\CurrentControlSet\Services\wint\DisplayName: win_t
HKLM\System\CurrentControlSet\Services\wint\ImagePath: %WinDir%\wint.exe

Detected by UnHackMe:

SYS.EXE
Default location: %WinDir%\SYS.EXE

Dropper information:
MD5: 217ba9217d5e110b6ca9a1f5830e4448
File size: 600148 bytes

Leave a Reply