Full description

Nume:	BDS/Hupigon.BO
Descoperit pe data de:	02/08/2005
Tip:	Backdoor Server
ITW:	Nu
Numar infectii raportate:	Scazut
Potential de raspandire:	Scazut
Potential de distrugere:	Scazut spre mediu
Fisier static:	Da
Marime:	347.272 Bytes
MD5:	b5ca37ed32410574fbc5fa1aca343259
Versiune VDF:	6.31.1.2

General Metoda de raspandire:
   • Nu are rutina proprie de raspandire

Alias:
   • Symantec: Backdoor.Graybird.K
   • Mcafee: BackDoor-ARR.svr
   • Kaspersky: Backdoor.Win32.Hupigon.bo
   • VirusBuster: Backdoor.Hupigon.AB!AU
   • Bitdefender: Backdoor.Hupigon.BO

Sistem de operare:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP

Efecte secundare:
   • Modificari in registri
   • Sustrage informatii
   • Posibilitatea accesului neautorizat la computer

Fisiere Se copiaza in urmatoarea locatie:
• %SYSDIR%\Vrwx.exe

Sterge copia initiala a virusului.

Este creat fisierul:

– %SYSDIR%\Deleteme.bat Fisierul este executat dupa ce a fost creat.

Registrii sistemului Urmatoarele chei sunt adaugate in registri pentru a incarca serviciile la repornirea sistemului:

– [HKLM\SYSTEM\CurrentControlSet\Services\Videorwx]
   • "Type"=dword:00000110
   • "Start"=dword:00000002
   • "ErrorControl"=dword:00000000
   • "DisplayName"="Windows Video"
   • "ObjectName"="LocalSystem"
   • "Description"="ÎªÏµÍ³Ìá¹©±ØÒªµÄ·þÎñ"

– [HKLM\SYSTEM\CurrentControlSet\Services\Videorwx\Security]
   • "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
     00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
     00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
     05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
     20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
     00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
     00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

– [HKLM\SYSTEM\CurrentControlSet\Services\Videorwx]
   • "ImagePath"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
      5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,56,00,72,00,77,\
      00,78,00,2e,00,65,00,78,00,65,00,20,00,2d,00,4e,00,65,00,74,00,53,00,61,00,\
      74,00,61,00,00,00

Backdoor Deschide porturile:

– %fisier executat% pe portul TCP 1983 pentru a oferi functionalitate de backdoor.
– %fisier executat% pe portul UDP 1981 pentru a oferi functionalitate de backdoor.

Alte informatii Mutex:
Creeaza urmatorul mutex:
• eed3bd3a-a1ad-4e99-987b-d7cb3fcfa7f0

Detaliile fisierului Limbaj de programare:
Limbaj de programare folosit: Delphi.

Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit un program de compresie runtime.

Description inserted by Victor Tone on Tuesday, August 2, 2005
Description updated by Victor Tone on Friday, August 26, 2005

Back . . . .

Featured PC protection

Free products

Most popular

All products

Bundled Solutions

Workstation

Server

Bundled Solutions

Mail Gateways

Web Gateways

Collaboration Platforms

Home Products

Business Products

Virus Lab

More Support

Become an Avira Partner

Home Products

Business Products

Just want to evaluate a product?

Manuals and Tools