home

hfygyn.exe

Windows Live Gallery

The application hfygyn.exe has been detected as a potentially unwanted program by 30 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Hfygyn’. According to Microsoft Security Essentials, this Dorkbot IRC-based worm is designed to capture user names and passwords by intercepting on your network traffic, and can block websites that are related to security updates. It can also be used to launch denial of service (DoS) attacks.
Product:
Windows Live Gallery

Version:
7,8,2,1

MD5:
32136218c8d6e0c682df2b75e6819a56

SHA-1:
24d6be1bd016de4e849f450f7c49a8ab10fb785b

SHA-256:
7fee903aa6b5a644c04095b2c4c9009c6666b7ce970a3992f22dcabf92717471

Scanner detections:
30 / 68

Status:
Potentially unwanted

Analysis date:
5/6/2024 1:20:35 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.15008
-39

Agnitum Outpost
Trojan.Kryptik
7.1.1

AhnLab V3 Security
Trojan/Win32.Jorik
2016.01.12

Avira AntiVirus
TR/ATRAPS.Gen2
8.3.2.4

Arcabit
Trojan.Graftor.D3AA0
1.0.0.642

avast!
Win32:Atraps-LQ [Trj]
2014.9-170315

AVG
Luhe.Fiha.A
2018.0.2439

Baidu Antivirus
Adware.Win32.iBryte
4.0.3.17315

Bitdefender
Gen:Variant.Graftor.15008
1.0.20.370

Clam AntiVirus
Win.Trojan.Ruskill-247
0.98/21511

Comodo Security
TrojWare.Win32.Injector.UAC
23957

Dr.Web
BackDoor.IRC.NgrBot.13
9.0.1.074

Emsisoft Anti-Malware
Gen:Variant.Graftor.15008
8.17.03.15.11

ESET NOD32
Win32/Kryptik.TXN (variant)
11.12851

F-Secure
Gen:Variant.Graftor.15008
11.2017-15-03_4

G Data
Gen:Variant.Graftor.15008
17.3.25

IKARUS anti.virus
Worm.Win32.Dorkbot
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18393

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-1312

McAfee
GenericR-EAJ!32136218C8D6
5600.6095

Microsoft Security Essentials
Worm:Win32/Dorkbot.A
1.1.12400.0

MicroWorld eScan
Gen:Variant.Graftor.15008
18.0.0.222

NANO AntiVirus
Trojan.Win32.NgrBot.omllz
1.0.14.5380

Panda Antivirus
Generic Malware
17.03.15.11

Qihoo 360 Security
HEUR/Malware.QVM07.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.17313

Sophos
Mal/Generic-L
4.98

VIPRE Antivirus
Trojan.Win32.Generic
46432

ViRobot
Backdoor.Win32.A.Ruskill.405596.A[h]
2014.3.20.0

Zillya! Antivirus
Backdoor.Ruskill.Win32.581
2.0.0.2601

File size:
396.1 KB (405,596 bytes)

Product version:
7,8,2,1

Original file name:
Windows Live Gallery.jpg

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\hfygyn.exe

File PE Metadata
Compilation timestamp:
10/11/2011 4:41:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x2ED9

Entry point:
55, 8B, EC, 6A, FF, 68, 30, F0, 40, 00, 68, F8, 61, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 5C, C1, 41, 00, 33, D2, 8A, D4, 89, 15, D0, 9D, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, CC, 9D, 41, 00, C1, E1, 08, 03, CA, 89, 0D, C8, 9D, 41, 00, C1, E8, 10, A3, C4, 9D, 41, 00, 33, F6, 56, E8, 11, 01, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, E4, 2F, 00, 00, FF, 15, 58, C1, 41, 00, A3, 14, B7, 41, 00, E8...
 
[+]

Entropy:
6.9113

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
56 KB (57,344 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Hfygyn

Command:
C:\users\{user}\appdata\roaming\hfygyn.exe


Remove hfygyn.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.