Home / malware Backdoor:Win32/Hupigon.FC
First posted on 24 March 2019.
Source: MicrosoftAliases :
Backdoor:Win32/Hupigon.FC is also known as Backdoor.Win32.Hupigon.jmft, Suspicious.Graybird.1.
Explanation :
Backdoor:Win32/Hupigon.FC is a member of Win32/Hupigon - a family of backdoor trojans. A Win32/Hupigon infection typically includes a dropper component (Trojandropper:Win32/Hupigon) and two to three additional files that the dropper installs. These additional files include Backdoor:Win32/Hupigon, the main backdoor component, and Backdoor:Win32/Hupigon!hook, a stealth component that hides files and processes associated with Win32/Hupigon. The trojan dropper may also install PWS:Win32/Hupigon, a plugin that logs keystrokes and steals passwords. Win32/Hupigon may support other malicious plugins as well. Installation When executed, Backdoor:Win32/Hupigon.FC copies itself to the following locations:
%programfiles%kkoany.exe %programfiles%common filesmicrosoft sharedmsinfokoany.exe
The malware creates the following files on an affected computer:
%programfiles%common filesmicrosoft sharedmsinfo2010.txt c:autorun.inf c:koany.exe Payload Allows backdoor access and control Backdoor:Win32/Hupigon.FC allows unauthorized access and control of an affected computer. An attacker can perform any number of different actions on an affected computer using Backdoor:Win32/Hupigon.FC. This could include, but is not limited to, the following actions:
Download and execute arbitrary files Upload files Spread to other computers using various methods of propagation Log keystrokes or steal sensitive data Modify system settings Run or terminate applications Delete files
This malware description was produced and published using our automated analysis system's examination of file SHA1 ec604951bc3f21b69f5a924e8fdcbb0333ab3313.Last update 24 March 2019