QQNEWS.EXE – Backdoor Hupigon

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

QQNEWS.EXE – Backdoor Hupigon removal

File MD5 Virus Alias
QQNEWS.EXE a1a6ec848f9efbf5057049e94546cb21 Backdoor Hupigon
QQNEWS.EXE a1a6ec848f9efbf5057049e94546cb21 Trojan SuspiciousFile
QQNEWS.EXE a1a6ec848f9efbf5057049e94546cb21 Trojan Artemis
QQNEWS.EXE a1a6ec848f9efbf5057049e94546cb21 Trojan Downloader
QQNEWS.EXE a1a6ec848f9efbf5057049e94546cb21 Trojan Comroki
QQNEWS.EXE a1a6ec848f9efbf5057049e94546cb21 Trojan Agent

QQNEWS.EXE size: 60928 bytes
QQNEWS.EXE hash: A1A6EC848F9EFBF5057049E94546CB21

Created files:

%Program Files%\QQNews\QQNews.exe
%Program Files%\svhost.exe
%WinDir%\abaadgfs.exe
%WinDir%\abjjjhfbdsa.exe
%WinDir%\adsagsafds.exe
%WinDir%\agfdsgadf.exe
%WinDir%\Cursors\taskhost.exe
%WinDir%\dsgasdgs.exe
%WinDir%\khjdsfa.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Schedulo\Type: 10010000
HKLM\System\CurrentControlSet\Services\Schedulo\Start: 02000000
HKLM\System\CurrentControlSet\Services\Schedulo\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Schedulo\DisplayName: Schedulo
HKLM\System\CurrentControlSet\Services\Schedulo\ImagePath: C:\Windows\Cursors\taskhost.exe Star
HKLM\System\CurrentControlSet\Services\Schedulo\ObjectName: LocalSystem
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\QQNews: “%Program Files%\QQNews\QQNews.exe” /r  -Software\Microsoft\Wind

Detected by UnHackMe:

QQNEWS.EXE
Default location: %PROGRAM FILES%\QQNEWS\QQNEWS.EXE

Dropper information:
MD5: 220288d788a9151e2f6f01944e5ea7b7
File size: 1222949 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images