Home / malware Backdoor:Win32/Hupigon.EC
First posted on 06 March 2019.
Source: MicrosoftAliases :
Backdoor:Win32/Hupigon.EC is also known as Trj/Thed.A, Mal/Behav-374, BKDR_HUPIGO.SMX.
Explanation :
Backdoor:Win32/Hupigon.EC is a component of Win32/Hupigon, a family of backdoor Trojans. The malware connects to remote websites to send infection notification messages. Installation Backdoor:Win32/Hupigon.EC copies itself to the computer using any of the following file names: _backupuser.exe _msbackup.exe _recycled.scr autodialer.exe backupuser.exe msbackup.exe ntprint.exe recycled.scr svcfwwm.exe Backdoor:Win32/Hupigon.EC also injects its code into a running copy of Internet Explorer when run. Payload Connects to a remote website Backdoor:Win32/Hupigon.EC tries connect to different remote websites to send notification of infecting the computer. The domain name of the site may vary according to the following format: mysguser
.okebox.com ttos .okebox.com For example: mysguser8675.okebox.com mysguser8680.okebox.com ttos019101.okebox.com ttos019102.okebox.com Analysis by Jireh Sanico Last update 06 March 2019
