The program SYSYTEM32.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with SYSYTEM32.EXE.
Download for free: http://www.unhackme.com
Malware Analysis of SYSYTEM32.EXE
Full path on a computer: %WinDir%\sysytem32.exe
Detected by UnHackMe:
SYSYTEM32.EXE
Default location: %WinDir%\sysytem32.exe
Removal Results: Success
Number of reboot: 1
SYSYTEM32.EXE is known as:
Backdoor.Hupigon.AYPE, Backdoor.Hupigon.602112.B, Backdoor.Hupigon, Backdoor.Graybird, Win32.Pigeon.CBT, Hupigon.anpm, Backdoor.Hupigon.anpm, Packed.NSPack, Trojan.Agent.Gen-Falint, Backdoor.Hupigon.AYPE (B), Backdoor.Popwin.~IQ, BackDoor.Graybird, Backdoor.Hupigon (v), Mal.Packer, Backdoor.Huigezi.2007.biod, Hack.Huigezi.(kcloud), Backdoor.Hupigon.FI, suspected of Trojan-Dropper.Agent.109, Backdoor.Graybird.rem, a variant of Win32.Hupigon.NPI, Backdoor.Gpigeon.gem, Trojan-Dropper.Swisyn, BackDoor.Hupigon3.FWV, Trj.Thed.B
SYSYTEM32.EXE hash:
- MD5: 03da90d0c94a60d98c91f6d76d8ef151
Registry:- HKLM\System\CurrentControlSet\Services\Remote Procedure Call (RPC.)\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
- HKLM\System\CurrentControlSet\Services\Remote Procedure Call (RPC.)\Type: 0×00000110
- HKLM\System\CurrentControlSet\Services\Remote Procedure Call (RPC.)\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\Remote Procedure Call (RPC.)\ErrorControl: 0×00000000
- HKLM\System\CurrentControlSet\Services\Remote Procedure Call (RPC.)\ImagePath: “%WinDir%\sysytem32.exe”
- HKLM\System\CurrentControlSet\Services\Remote Procedure Call (RPC.)\DisplayName: “Remote Procedure Call (RPC.)”
- HKLM\System\CurrentControlSet\Services\Remote Procedure Call (RPC.)\ObjectName: “LocalSystem”
- HKLM\System\CurrentControlSet\Services\Remote Procedure Call (RPC.)\Description: “?aEu RPC.