Virus:TR/Buzus.iij
Type:Trojan
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:565.248 Bytes
MD5 checksum:1C1D8C231799D9BA5E983D5D23648459
VDF version:7.00.04.159
IVDF version:7.00.04.162 - Monday, June 9, 2008

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Backdoor.Win32.Hupigon.cmgp
   •  Bitdefender: Trojan.Delf.Inject.Z


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Registry modification
   • Steals information
   • Third party control

 Files It copies itself to the following location:
   • %WINDIR%\temote.exe



It deletes the initially executed copy of itself.

 Registry The following registry keys are added in order to load the service after reboot:

– [HKLM\System\CurrentControlSet\Services\Fast Compatibi\ImagePath]
   • "%WINDIR%\temote.exe"

 Backdoor Contact server:
The following:
   • xs12.3322.org:8000

As a result remote control capability is provided.

 Injection – It injects itself into a process.

    Process name:
   • svchost.exe


 File details Programming language:
 The malware program was written in Delphi.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Irina Diaconescu on Monday, January 5, 2009
Description updated by Andrei Gherman on Tuesday, January 6, 2009

Back . . . .