QQNEWS.EXE – Backdoor Hupigon removal

QQNEWS.EXE size: 60928 bytes
QQNEWS.EXE hash: 80866C93C153531540CCBE92A87AECD7

Created files:

%Program Files%\QQNews\QQNews.exe
%Temporary Internet Files%\Content.IE5\1HVEIEYW\background_gradient[1]
%Temporary Internet Files%\Content.IE5\1HVEIEYW\dnserrordiagoff_webOC[1]
%Temporary Internet Files%\Content.IE5\1HVEIEYW\ErrorPageTemplate[1]
%Temporary Internet Files%\Content.IE5\1HVEIEYW\info_48[1]
%Temporary Internet Files%\Content.IE5\8OZFYSFM\dnserrordiagoff_webOC[1]
%Temporary Internet Files%\Content.IE5\8OZFYSFM\errorPageStrings[1]
%Temporary Internet Files%\Content.IE5\8OZFYSFM\info_48[1]
%Temporary Internet Files%\Content.IE5\9ZXDM8KN\background_gradient[1]
%Temporary Internet Files%\Content.IE5\9ZXDM8KN\errorPageStrings[1]
%Temporary Internet Files%\Content.IE5\9ZXDM8KN\httpErrorPagesScripts[1]
%Temporary Internet Files%\Content.IE5\M3TXLF4P\bullet[1]
%Temporary Internet Files%\Content.IE5\M3TXLF4P\ErrorPageTemplate[1]
%Temporary Internet Files%\Content.IE5\M3TXLF4P\httpErrorPagesScripts[1]

Autostart registry keys:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\QQNews: “%Program Files%\QQNews\QQNews.exe” /r?
DC:\Program F

Detected by UnHackMe:

QQNEWS.EXE
Default location: %PROGRAM FILES%\QQNEWS\QQNEWS.EXE

Dropper information:
MD5: 80866c93c153531540ccbe92a87aecd7
File size: 60928 bytes