WINUP.EXE

File Behavior

WINUP.EXE has been seen to perform the following behavior:

• The Process is packed and/or encrypted using a software packing process
• The Process is polymorphic and can change its structure
• Writes to another Process's Virtual Memory (Process Hijacking)
• Executes a Process
• Uses DNS to retrieve the IP address for web sites
• Adds a Registry Key (DXCOM) to auto start Programs on system start up
• This process creates other processes on disk
• This Process Deletes Other Processes From Disk
• Changes the PC's date or time settings
• Creates a hidden window which can be used to run other programs without your knowledge
• Found on infected systems and resists interrogation by security products
• Adds products to the system registry
• Changes to the file command map within the registry
• Creates a TCP port which listens and is available for communication initiated by other computers
• Can make outbound communication to other computers, IM chat rooms and other services using IRC protocols
• Adds a Registry Key (RUN) to auto start Programs on system start up
• Can communicate with other computer systems using HTTP protocols
• Hooks the WININET.DLL function allowing it to read or copy Http and Https web page content and session information
• Injects code into other processes
• Performs DNS look ups to resolve URL IP addresses
• Violates Windows/Vista Physical Memory Protection allowing it to look inside the data areas of other programs
• Creates a new Background Service on the machine

WINUP.EXE has been the subject of the following behavior:

• Created as a process on disk
• Executed as a Process
• Has code inserted into its Virtual Memory space by other programs
• Deleted as a process from disk
• Copied to multiple locations on the system
• Added as a Registry auto start to load Program on Boot up
• Changes to the file command map within the registry
• Terminated as a Process
• Added as a Registry Key (DXCOM) to auto start Programs on system start up
• Registered as a Dynamic Link Library File