Win32/Hupigon [Threat Name] go to Threat

Win32/Hupigon.NTV [Threat Variant Name]

Category trojan
Size 374272 B
Aliases Backdoor.Win32.Hupigon.bbhx (Kaspersky)
  Backdoor:Win32/Hupigon.FI (Microsoft)
Short description

The trojan serves as a backdoor. It can be controlled remotely.


When executed, the trojan copies itself into the following location:

  • %windir%\­

The trojan registers itself as a system service using the following name:

  • windows

This causes the trojan to be executed on every system start.

The trojan launches the following processes:

  • %systemdrive%\­Program Files\­Internet Explorer\­IEXPLORE.EXE

The trojan creates and runs a new thread with its own code within these running processes.

After the installation is complete, the trojan deletes the original executable file.

Information stealing

The trojan collects the following information:

  • operating system version
  • computer name
  • CPU information
  • memory status
  • user name
  • the path to specific folders
  • current screen resolution

The trojan can send the information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a URL address. The TCP protocol is used.

It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • execute shell commands
  • update itself to a newer version
  • send files to a remote computer
  • capture screenshots
  • capture webcam video/voice
  • send the list of running processes to a remote computer
  • terminate running processes
  • send the list of disk devices and their type to a remote computer
  • send the list of files on a specific drive to a remote computer
  • open ports
  • set up a proxy server
  • delete folders
  • create folders
  • move files
  • delete files
  • create Registry entries
  • delete Registry entries
  • steal information from the Windows clipboard
  • start/stop services
  • shut down/restart the computer
  • log off the current user

Please enable Javascript to ensure correct displaying of this content and refresh this page.