Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description
This signature detects Backdoor Hugly activity on the compromised computer.
Additional Information
When the Trojan is executed, it creates a mutex to ensure it is the only copy of itself running on the compromised computer.
Then it drops and executes the following files:
%ProgramFiles%\[CHINESE CHARACTERS].hwp
%ProgramFiles%\Common Files\config.exe
Next, the Trojan injects code into the following file before executing it:
calc.exe
The Trojan then deletes the following file:
%CurrentFolder%\[SAMPLE_NAME].exe
It then drops the following file:
%ProgramFiles%\Windows NT\hyper.dll
Affected
- Windows 2000, Windows 7, Windows NT, Windows Vista, Windows XP