Backdoor:Win32/Hupigon

Backdoor:Win32/Hupigon. This is the main backdoor component of Win32/Hupigon. TrojanDropper:Win32/Hupigon registers this component as a service. The service opens a backdoor server that allows other computers to connect to and control the infected computer in various ways. Backdoor:Win32/Hupigon connects to a specified Web site to notify the attacker of the infection. This backdoor component may have other functionality, such as the ability to host a telnet server and the means to connect to a video source such as a Web cam to spy on the user using Windows API functions for audio-video interleave (AVI) capture.

Backdoor:Win32/Hupigon!hook. This is the stealth component of Win32/Hupigon. This component hides files and processes associated with Win32/Hupigon by intercepting certain Windows API function calls. Backdoor:Win32/Hupigon!hook is injected into other processes by TrojanDropper:Win32/Hupigon using CreateRemoteThread.