Win32/Huhk [Threat Name] go to Threat

Win32/Huhk.C [Threat Variant Name]

Category virus
Size 7005 B
Detection created Jun 04, 2009
Detection database version 4129
Aliases Worm.Win32.Huhk.d (Kaspersky)
  Virus:Win32/Huhk.7005 (Microsoft)
  W32.Huhk.A (Symantec)
Short description

Win32/Huhk.C is a file infector.

Installation

The virus creates copies of the following files (source, destination):

  • %windir%\­explorer.exe, %temp%\­lorer.exe
  • %windir%\­explorer.exe, %system%\­dllcache\­explorer.exe
File infection

Win32/Huhk.C is a file infector.


It infects the following files:

  • %windir%\­explorer.exe
  • %system%\­dllcache\­explorer.exe

The virus infects executables accesed by "explorer.exe" .


The virus infects files with the following extensions:

  • .exe

It also infects files stored on removable and network drives.


The host file is modified in a way that causes the virus to be executed prior to running the original code. The size of the inserted code is 7005 B .


The virus avoids infecting files which contain one of the following strings in their file name:

  • aspack.exe
  • eghost.exe
  • firefox.exe
  • icesword.exe
  • iexplore.exe
  • iparmor.exe
  • iris.exe
  • kav32.exe
  • kavpfw.exe
  • kavsvc.exe
  • kavsvcui.exe
  • kvfw.exe
  • kvmonxp.kxp
  • kvsrvxp.exe
  • kvwsc.exe
  • kvxp.kvxp.kxp
  • kwatchui.exe
  • mailmon.exe
  • navapsvc.exe
  • navapw32.exe
  • navw32.exe
  • nmain.exe
  • pfw.exe
  • qq.exe
  • rav.exe
  • ravmon.exe
  • ravmon.exe
  • ravmond.exe
  • ravtimer.exe
  • ravtimer.exe
  • readbook.exe
  • rising.exe
  • thguard.exe
  • trojanhunter.exe

If a folder name matches one of the following strings, files inside it are not infected:

  • dllcache
  • system
  • system32
  • windows
  • winnt
Other information

The virus acquires data and commands from a remote computer or the Internet.


The virus contains a list of (2) URLs. The HTTP protocol is used.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files

The virus hooks the following Windows APIs:

  • connect (ws2_32.dll)
  • CreateProcessW (kernel32.dll)

Please enable Javascript to ensure correct displaying of this content and refresh this page.