W32.hupigon virus

It is very rare for a Hupigon variant to be smaller than kB. When the backdoor's file is started, it copies itself as a file named something similar to "Hacker.

Hupigon variants have several different types of features. The following list is an example of some:. Hupigon doesn't have any automatic mechanisms to spread itself. Hupigon variants are created using kit software. The kit is maintained in a very professional fashion with a highly developed User Interface UI. There is also a "rootkit" option available. The kit as default settings to create mutexes.

Many Hupigon variants therefore create mutexes in the following format:. Javascript is disabled in your web browser For full functionality of this site it is necessary to enable JavaScript. Classification Category :. Type :. Aliases :. Summary A remote administration tool RAT that bypasses the security features of a program, computer or network to give unauthorized access or control to its user. Removal Automatic action Suspect a file is incorrectly detected a False Positive?

Automatic action Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

The following Microsoft products detect and remove this threat:. It creates the following registry entries so that the DLL file automatically runs every time Windows starts:. Allows backdoor access and control. FN connects to a remote server to receive instructions from an attacker. It connects to the server located in " 8. The commands it receives include, but are not limited to:.

Analysis by Horea Coroiu. DLL file to contain the main malware files. It will also create a copy of itself in the setuplog. After execution, an additional created uninstal. Once installed, the backdoor program first attempts to connect to a remote server, to notify the malware author that an infection has taken place. If successfully connected, it then incrementally scans one port after another on the host machine to find an open one that would allow a remote user to connect to the infected system.

Once a remote user has gained access, any of the following actions can be performed on the infected system:. Javascript is disabled in your web browser For full functionality of this site it is necessary to enable JavaScript. Classification Category :. Type :. Aliases :. Summary A remote administration tool RAT that bypasses the security features of a program, computer or network to give unauthorized access or control to its user.

Removal Automatic action Suspect a file is incorrectly detected a False Positive? Automatic action Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.