UPDATES.EXE – Backdoor Hupigon

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

UPDATES.EXE – Backdoor Hupigon removal

FileMD5Virus Alias
UPDATES.EXE 1d435407af5fd7ade36bada42db09382 Backdoor Hupigon
UPDATES.EXE 1d435407af5fd7ade36bada42db09382 Trojan SuspiciousFile
UPDATES.EXE 1d435407af5fd7ade36bada42db09382 Trojan Generic
UPDATES.EXE 1d435407af5fd7ade36bada42db09382 Trojan Dadobra
UPDATES.EXE 1d435407af5fd7ade36bada42db09382 Trojan Agent
UPDATES.EXE 1d435407af5fd7ade36bada42db09382 Trojan Delf

UPDATES.EXE size: 134656 bytes
UPDATES.EXE hash: 1D435407AF5FD7ADE36BADA42DB09382

Created files:

%AppData%\Key Folder\hy78.dll
%AppData%\Key Folder\sql2005.dll
%AppData%\Key Folder\updates.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Key: %WinDir%\System32\config\Systemprofile\Application Data\Key Folder\updates.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Key: %WinDir%\System32\config\Systemprofile\Application Data\Key Folder\updates.exe

Detected by UnHackMe:

UPDATES.EXE
Default location: %APPDATA%\KEY FOLDER\UPDATES.EXE

Dropper information:
MD5: 1d435407af5fd7ade36bada42db09382
File size: 134656 bytes

Leave a Reply