GrayPigeon (g)
(Backdoor.Win32.Hupigon.g)

by ?

Compressed with ASPack

Released in January 2005

more versions 


dropped files:
c:\Documents and Settings\LocalService\Favorites\Desktop.ini
size: 122 bytes 

added to registry:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\TypedURLs
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\TypedURLs
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_GRAYPIGEONSERVER
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_GRAYPIGEONSERVER\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_GRAYPIGEONSERVER\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GrayPigeonServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GrayPigeonServer\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GrayPigeonServer\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_GRAYPIGEONSERVER
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_GRAYPIGEONSERVER\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_GRAYPIGEONSERVER\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GrayPigeonServer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GrayPigeonServer\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GrayPigeonServer\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv\Enum


tested on Windows XP
April 13, 2005
MegaSecurity