What are the free membership and six diamond tools? Be careful with the gray pigeon backdoor. win32.gpigeon. Gem spread through QQ

What are the free membership and six diamond tools? Be careful with the gray pigeon backdoor. win32.gpigeon. Gem spread through QQ

Original endurer
1st

A member of a QQ Group sent a message:

Free membership and six-digit drill .. Please download the tool to refresh it .. The following is the download Tool website hxxp: // * 59. * 32.128.135: 2*80/large

Suspicious: Use httpread to download the file and use fileinfo to extract the file information:

File Description: D:/test/Example
Attribute: ---
Digital Signature: No
PE file: Yes
Language: Chinese (China)
File version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description: Win32 cabinet self-Extractor
Copyright: (c) Microsoft Corporation. All rights reserved.
Product Version: 6.00.2900.2180
Product Name: Microsoft (r) Windows (r) Operating System
Company Name: Microsoft Corporation
Internal name: wextract
Source File Name: wextract. exe
Created at: 22:36:40
Modification time:
Size: 380416 bytes, 371.512 KB
MD5: 996f03225b64f61f69dffd298a9deddf
Sha1: 0807b3b71c2f9c8e989c0617edd4342fdd77a6ab
CRC32: 48cb6b2b

Decompress the package to obtain a file:

File Description: D:/test/3.exe
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 18:58:18
Modification time: 18:58:18
Size: 795648 bytes, 777.0 KB
MD5: 4fc06c2df76fee9af7dc7a3fa7b6ce42
Sha1: 1f44458e406e07c0a6aeaedcbd37cbfa809ee415
CRC32: 05906505

Upload online scan:

File _ e5_88_b7_e4_bc_9a_e5_91_98_e5_92 received at 2009.05.17 16:55:06 (CET)

Anti-Virus engine	Version	Last update	Scan results
A-squared	4.0.0.101	2009.05.17	Trojan-Downloader.Win32.Delf.aup! Ik
AhnLab-V3	5.0.0.2	2009.05.16	-
AntiVir	7.9.0.168	2009.05.17	-
Antiy-AVL	2.0.3.1	2009.05.15	-
Authentium	5.1.2.4	2009.05.16	W32/hupigon. A. Gen! Eldorado
Avast	4.8.1335.0	2009.05.16	Win32: hupigon-mbH
AVG	8.5.0.336	2009.05.16	Win32/pemask
BitDefender	7.2	2009.05.17	Trojan. dropper. Rya
Cat-quickheal	10.00	2009.05.15	Trojan. Agent. ATV
ClamAV	0.94.1	2009.05.16	Trojan Graybird-16
Comodo	1157	2009.05.08	-
Drweb	5.0.0.12182	2009.05.17	Backdoor. pigeon.7889
Esafe	7.0.20.	2009.05.17	-
ETrust-vet	31.6.20.8	2009.05.16	-
F-Prot	4.4.4.56	2009.05.16	W32/hupigon. A. Gen! Eldorado
F-Secure	8.0.14470.0	2009.05.16	Backdoor. win32.hupigon. ADMA
Fortinet	3.117.0.0	2009.05.17	W32/pemask.! Tr
Gdata	19	2009.05.17	Trojan. dropper. Rya
Ikarus	T3.1.1.49.0	2009.05.17	Trojan-Downloader.Win32.Delf.aup
K7antivirus	7.10.737	2009.05.16	-
Kaspersky	7.0.0.125	2009.05.17	Backdoor. win32.hupigon. ADMA
McAfee	5618	2009.05.17	-
McAfee + Artemis	5618	2009.05.17	BackDoor-shortname
McAfee-GW-Edition	6.7.6	2009.05.17	Trojan. Backdoor. hupigon. gen
Microsoft	1.4602	2009.05.17	BACKDOOR: Win32/hupigon. Gen! B
NOD32	4080	2009.05.15	A variant of Win32/hupigon
Norman	6.01.05	2009.05.16	-
Nprotect	2009.1.8.0	2009.05.17	-
Panda	10.0.0.14	2009.05.17	BCK/hupigon. gen
Pctools	4.4.2.0	2009.05.17	Backdoor. hupigon. GTB
Prevx	3.0	2009.05.17	Medium risk malware
Rising	21.29.62.00	2009.05.17	Backdoor. win32.gpigeon. Gem
Sophos	4.41.0	2009.05.17	Mal/dspy-B
Sunbelt	3.2.1858.2	2009.05.16	-
Symantec	1.4.4.12	2009.05.17	-
Thehacker	6.3.4.1.326	2009.05.17	-
TrendMicro	8.950.0.1092	2009.05.15	Mal_Pai-8
Vba32	3.12.10.5	2009.05.17	Oscope. Backdoor. hupigon. axbr
ViRobot	2009.5.15.1737	2009.05.15	-
Virusbuster	4.6.5.0	2009.05.16	-