Search
Keyword: bkdr_hupigon.cfm
This backdoor arrives as a file that exports the functions of other malware/grayware. It requires its main component to successfully perform its intended routine. Arrival Details This backdoor
This backdoor may be dropped by other malware. Arrival Details This backdoor may be dropped by the following malware: TROJ_ARTIEF.KER Installation This backdoor drops the following files: %system
This backdoor has received attention from independent media sources and/or other security firms. To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram
However, as of this writing, the said sites are inaccessible. It connects to a website to send and receive information. Arrival Details However, as of this writing, the said sites are inaccessible.
This backdoor opens a hidden Internet Explorer window. Other Details This backdoor connects to the following possibly malicious URL: http://{malware file name}{7 random characters}/ It opens a hidden
This backdoor may be dropped by other malware. It arrives as a component bundled with malware/grayware packages. It opens random ports. It saves downloaded files into certain folders. It requires its
This backdoor may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. Arrival Details This backdoor
Upon execution, this backdoor terminates certain processes. This backdoor may be dropped by other malware. It deletes itself after execution. Arrival Details This backdoor may be dropped by the
This backdoor monitors the browsing activities of the user and logs keystroke when the user is accessing sites with certain strings. This backdoor arrives on a system as a file dropped by other
This backdoor may be dropped by other malware. Arrival Details This backdoor may be dropped by other malware. Other System Modifications This backdoor adds the following registry keys:
This backdoor has received attention from independent media sources and/or other security firms. This backdoor opens a hidden Internet Explorer window. It logs a user's keystrokes to steal
This backdoor may be dropped by other malware. Arrival Details This backdoor may be dropped by other malware. Installation This backdoor drops the following copies of itself into the affected system:
This backdoor connects to a website to send and receive information. Backdoor Routine This backdoor connects to the following websites to send and receive information: http://{BLOCKED
This backdoor initially queries certain registry entries to check if the system is running under a proxy server. Otherwise, without a proxy server, the malware will just keep on attempting to resolve
This backdoor opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, the remote user executes commands on the affected system.
This backdoor may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious websites. Arrival Details This backdoor may be
This backdoor may be dropped by other malware. It deletes itself after execution. Arrival Details This backdoor may be dropped by the following malware: TROJ_ADOBFP.SM Installation This backdoor
It monitors user activities and records messages posted to the system message queue which may include keystrokes to steal user information such as username and password. This backdoor may be dropped
It did not exhibit information theft routines during testing. It has no rootkit capabilities. It executes commands from a remote malicious user, effectively compromising the affected system. This
It is an encrypted configuration file that is used by the WORM_QAKBOT family. Once decrypted, it contains the following: reference to the components and their corresponding random file names in the