Home / malwarePDF  

Backdoor:Win32/Hupigon.FD


First posted on 24 September 2010.
Source: SecurityHome

Aliases :

Backdoor:Win32/Hupigon.FD is also known as BKDR_INJECT.SMJ (Trend Micro), Trojan-GameThief.Win32.Magania.dkay (Kaspersky), Troj/Bckdr-RBI (Sophos).

Explanation :

Backdoor:Win32/Hupigon.FD is a member of Win32/Hupigon - a family of backdoor trojans. A Win32/Hupigon infection typically includes a dropper component (Trojandropper:Win32/Hupigon) and two to three additional files that the dropper installs. These additional files include Backdoor:Win32/Hupigon, the main backdoor component, and Backdoor:Win32/Hupigon!hook, a stealth component that hides files and processes associated with Win32/Hupigon. The trojan dropper may also install PWS:Win32/Hupigon, a plugin that logs keystrokes and steals passwords. Win32/Hupigon may support other malicious plugins as well.
Top

Backdoor:Win32/Hupigon.FD is a member of Win32/Hupigon - a family of backdoor trojans. A Win32/Hupigon infection typically includes a dropper component (Trojandropper:Win32/Hupigon) and two to three additional files that the dropper installs. These additional files include Backdoor:Win32/Hupigon, the main backdoor component, and Backdoor:Win32/Hupigon!hook, a stealth component that hides files and processes associated with Win32/Hupigon. The trojan dropper may also install PWS:Win32/Hupigon, a plugin that logs keystrokes and steals passwords. Win32/Hupigon may support other malicious plugins as well. Installation Backdoor:Win32/Hupigon.FD creates the following files on an affected computer:

  • <system folder>\inortslka.exe
  • <system folder>\inortslka.exe_lang.ini
  • c:\documents and settings\administrator\local settings\temp\162250_res.tmp

    • Note: <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
    The malware utilizes code injection in order to hinder detection and removal. When Backdoor:Win32/Hupigon.FD executes, it may inject code into running processes, including the following, for example:

  • userinit.exe
  • winlogon.exe

    • Payload Allows backdoor access and control Backdoor:Win32/Hupigon.FD allows unauthorized access and control of an affected computer. An attacker can perform any number of different actions on an affected computer using Backdoor:Win32/Hupigon.FD. This could include, but is not limited to, the following actions:
  • Download and execute arbitrary files
  • Upload files
  • Spread to other computers using various methods of propagation
  • Log keystrokes or steal sensitive data
  • Modify system settings
  • Run or terminate applications
  • Delete files

    • This malware description was produced and published using our automated analysis system's examination of file SHA1 c26d1a8534e7add72d4ccd7416a48b2aaad3d81b.

    Last update 24 September 2010

     

    TOP

    Malware :

    Family: