BINDOK.EXE – Backdoor Hupigon

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

BINDOK.EXE – Backdoor Hupigon removal

FileMD5Virus Alias
BINDOK.EXE 553dc4f5e7ab449290a62bbab383bf4d Backdoor Hupigon
BINDOK.EXE 553dc4f5e7ab449290a62bbab383bf4d Trojan Genome
BINDOK.EXE 553dc4f5e7ab449290a62bbab383bf4d Trojan Eldorado
BINDOK.EXE 553dc4f5e7ab449290a62bbab383bf4d Trojan Downloader
BINDOK.EXE 553dc4f5e7ab449290a62bbab383bf4d Trojan CI
BINDOK.EXE 553dc4f5e7ab449290a62bbab383bf4d Worm Autorun

BINDOK.EXE size: 88576 bytes
BINDOK.EXE hash: 553DC4F5E7AB449290A62BBAB383BF4D

Created files:

C:\misc.sys
%SysDir%\actmov.exe
%TEMP%\Bindok.exe
%TEMP%\IXP000.TMP\nod1.exe
%TEMP%\IXP000.TMP\SDT56218.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\ReStoreSdtSvc\Type: 01000000
HKLM\System\CurrentControlSet\Services\ReStoreSdtSvc\Start: 03000000
HKLM\System\CurrentControlSet\Services\ReStoreSdtSvc\DisplayName: ReStoreSdtSvc
HKLM\System\CurrentControlSet\Services\ReStoreSdtSvc\ImagePath: C:\misc.sys
HKLM\System\CurrentControlSet\Services\Windowsactmov\Type: 10010000
HKLM\System\CurrentControlSet\Services\Windowsactmov\Start: 02000000
HKLM\System\CurrentControlSet\Services\Windowsactmov\DisplayName: Performance Logs and Ale
HKLM\System\CurrentControlSet\Services\Windowsactmov\ImagePath: %WinDir%\System32\actmov.exe

Detected by UnHackMe:

BINDOK.EXE
Default location: %TEMP%\BINDOK.EXE

Dropper information:
MD5: 16216c8dbd358031dbdee98fb1960c68
File size: 1272124 bytes

Leave a Reply