English
Deutsch
Francais
Español
Italian
Home
Virus Info
BDS/Hupigon.cia
Search
Home
Support
Solutions
Products
Downloads
Virus Info
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Company
Press
Partners
Newsletter
BDS/Hupigon.cia - Backdoor Server
In alte limbi
Scurta descriere
Descriere completa
Statistici
How would you rate this information?
Worthless
Excellent
Nume:
BDS/Hupigon.cia
Descoperit pe data de:
12/09/2006
Tip:
Backdoor Server
ITW:
Nu
Numar infectii raportate:
Scazut
Potential de raspandire:
Scazut
Potential de distrugere:
Mediu
Fisier static:
Da
Marime:
393.728 Bytes
MD5:
d74c79a4c815e086a1b90033988cea3b
Versiune VDF:
6.35.01.215
Versiune IVDF:
6.35.01.219
General
Metoda de raspandire:
• Nu are rutina proprie de raspandire
Alias:
• Mcafee: BackDoor-AWQ
• Kaspersky: Backdoor.Win32.Hupigon.cia
• TrendMicro: BKDR_HUPIGON.BMI
• F-Secure: Backdoor.Win32.Hupigon.cia
• Eset: Win32/Hupigon.CIA
Sistem de operare:
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Efecte secundare:
• Creeaza fisiere
• Modificari in registri
• Posibilitatea accesului neautorizat la computer
Fisiere
Se copiaza in urmatoarea locatie:
•
%WINDIR%
\Hacker.com
Sterge copia initiala a virusului.
Sunt create fisierele:
–
%WINDIR%
\uninstal.bat Fisierul este executat dupa ce a fost creat. Fisierul batch este folosit pentru stergerea unui fisier.
–
%SYSDIR%
\SVKP.sys
Registrii sistemului
Urmatoarele chei sunt adaugate in registri pentru a incarca serviciile la repornirea sistemului:
– [HKLM\SYSTEM\CurrentControlSet\Services\SVKP]
• "Type"=dword:00000001
• "Start"=dword:00000002
• "ErrorControl"=dword:00000001
• "ImagePath"="\??\
%SYSDIR%
\SVKP.sys"
• "DisplayName"="SVKP"
– [HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Security]
• "Security"=
%valori hex%
– [HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Enum]
• "0"="Root\\LEGACY_SVKP\\0000"
• "Count"=dword:00000001
• "NextInstance"=dword:00000001
– [HKLM\SYSTEM\CurrentControlSet\Services\Hacker.com]
• "Type"=dword:00000110
• "Start"=dword:00000002
• "ErrorControl"=dword:00000000
• "ImagePath"="
%WINDIR%
\Hacker.com"
• "DisplayName"="Hacker.com"
• "ObjectName"="LocalSystem"
• "Description"="·þÎñ¶Ë³ÌÐò"
– [HKLM\SYSTEM\CurrentControlSet\Services\Hacker.com\Security]
• "Security"=
%valori hex%
– [HKLM\SYSTEM\CurrentControlSet\Services\Hacker.com\Enum]
• "0"="Root\\LEGACY_HACKER.COM\\0000"
• "Count"=dword:00000001
• "NextInstance"=dword:00000001
Backdoor
Servere contactate:
Urmatorul:
• mule63.3322.**********:8000
Astfel se pot transmite informatii si se poate obtine control la distanta.
Injectarea codului malware in alte procese
– Se injecteaza intr-un proces.
Numele procesului:
• iexplore.exe
Detaliile fisierului
Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit urmatorul program de arhivare:
• SVKP
Pentru o descriere scurta click
aici
.
Descriere introdusa de Adriana Popa la Tue, 10 Oct 2006 15:59 (GMT+1)
Descriere actualizata de Adriana Popa la Wed, 11 Oct 2006 11:25 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« back
Print this page
Worm/Bagle.FJ
W32/Elkern.C
Worm/Mytob.DH
Worm/Mytob.CR
Worm/Netsky.D.Dam
TR/Dldr.Agent.aizj
JS/Dldr.Small.CR.2
TR/Dldr.Agent.XAE
JS/Dldr.Agent.bbt
HTML/IFrame.800
Get comfortable up to the minute info from Avira as
Detects and removes the following malware and its variants:
Worm/Sober.J
Worm/Sober.P
Worm/Sober.Y
W32/Stanit.A
Worm/NetSky.AA
Worm/NetSky.B.1
Worm/NetSky.C
Worm/Netsky.D.Dam
Worm/NetSky.P
Worm/NetSky.X
Worm/Mytob.IN.2
Worm/Mytob.KS
TR/Spy.Banker.AATZ
TR/Spy.Banker.AATZ.1
TR/Spy.Banker.AATZ.2
TR/Spy.Banker.AATZ.3
Download here
Click
here
to get the panel...
© 2008 Avira GmbH
Copyright
Privacy
Sitemap
Feedback
Imprint
FAQ
Contact
Virus Info BDS/Hupigon.cia
Print this page
.gif)
