Home / malware Backdoor:Win32/Hupigon.gen!B
First posted on 09 February 2009.
Source: SecurityHomeAliases :
Backdoor:Win32/Hupigon.gen!B is also known as Also Known As:Mal/GrayBird-B (Sophos), Backdoor.Hupigon.AYPE (BitDefender), Backdoor.Win32.Hupigon.eqvw (Kaspersky), BackDoor-AWQ.b (McAfee), Backdoor.Graybird (Symantec).
Explanation :
Backdoor:Win32/Hupigon.gen!B is a generic detection for variants of the Win32/Hupigon family.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).
Backdoor:Win32/Hupigon.gen!B is a generic detection for variants of the Win32/Hupigon family.
Installation
Backdoor:Win32/Hupigon.gen!B drops its executable component in a preset folder in the system, which includes but is not limited to the following:%windir% %ProgramFiles% <system folder> It installs a system service so that its dropped executable runs every time Windows starts. It runs its dropped executable, and deletes its currently-running copy.
Payload
Backdoor FunctionalityWhen Internet Explorer is launched, Backdoor:Win32/Hupigon.gen!B injects its code in it to connect back to the remote attacker to report successful infection of the system and to wait for further commands. It is capable of performing various actions, such as the following:
Access files and the system registry
Start or terminate a process
Shut down or reboot computer
Log keystrokes
Capture screen and webcam snapshots
Steal stored passwords and credentials Drop a Rootkit ComponentCertain samples of Backdoor:Win32/Hupigon.gen!B may drop a rootkit component to hide its files, registry entries, and processes.
Analysis by Shawn WangLast update 09 February 2009
