Malware

What is “ML/PE-A + Troj/Dyreza-FP”?

Malware Removal

The ML/PE-A + Troj/Dyreza-FP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + Troj/Dyreza-FP virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Portuguese (Brazilian)
  • The binary likely contains encrypted or compressed data.
  • Looks up the external IP address
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Mimics icon used for popular non-executable file format
  • Anomalous binary characteristics

Related domains:

icanhazip.com

How to determine ML/PE-A + Troj/Dyreza-FP?



File Info:

name: 73A8D4ED59FD4A3AC29B.mlw
path: /opt/CAPEv2/storage/binaries/3da53b794974f1b1cec8d0557fa677a6c9fc0b9085b5fe7f25f87ba85eeb6948
crc32: 78D2CEC2
md5: 73a8d4ed59fd4a3ac29bb7d591da6ee5
sha1: 59fbbcf0da6f2a88eb24359d6d506cb59421d52f
sha256: 3da53b794974f1b1cec8d0557fa677a6c9fc0b9085b5fe7f25f87ba85eeb6948
sha512: 3ca3aae770dd0c62eb449172b6fbbf31a6c9124fbeea2bd3069491eaf25ceec3901006cbb1ba71993743e216e521252ea6f691c82ffa01c008aac32512f1aadc
ssdeep: 1536:eInCFRyAt5kFkUQ2lst+uhyY/tsPbaPfqnqK:eInCqAj+Q2lCEsGB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A873F8D5F79480F2E0227934C4328ED3463B782E7EA0419B27987639FE76BC18A75356
sha3_384: 8d58970a3a6e40e9ea1b9463437a36bc6dead0d065ac6db1ddd473d5a14d84f47e4d38a3ac2abc1a37078aeb99ab6403
ep_bytes: e8cef2ffffe9b4f3ffffcccccccccccc
timestamp: 2014-04-21 11:39:13


Version Info:

FileDescription: DAVT Corp.
InternalName: DAVT Utility
FileVersion: 1.0.0.10
CompanyName: DAVT
LegalCopyright: Copyright 2014-2015 DAVT
OriginalFilename: davtil.exe
ProductName: DAVT Corp.
ProductVersion: 1.0.0.10
Translation: 0x0423 0x04b1

ML/PE-A + Troj/Dyreza-FP also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebTrojan.Upatre.3504
MicroWorld-eScanTrojan.Upatre.Gen.3
FireEyeGeneric.mg.73a8d4ed59fd4a3a
CAT-QuickHealTrojan.Kadena.B4
McAfeeUpatre-FACM!73A8D4ED59FD
CylanceUnsafe
VIPRETrojan-Downloader.Win32.Upatre.ic (v)
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 004c75411 )
BitDefenderTrojan.Upatre.Gen.3
K7GWTrojan ( 004c5f921 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZexaF.34294.em1@a47idRmG
CyrenW32/Upatre.AT.gen!Eldorado
SymantecDownloader.Upatre!gen5
ESET-NOD32a variant of Win32/Kryptik.DMJN
APEXMalicious
ClamAVWin.Downloader.Upatre-9909423-0
KasperskyHEUR:Trojan.Win32.Generic
SUPERAntiSpywareTrojan.Agent/Gen-Upatre
RisingDownloader.Upatre!1.A19D (CLASSIC)
Ad-AwareTrojan.Upatre.Gen.3
EmsisoftTrojan.Upatre.Gen.3 (B)
ComodoTrojWare.Win32.TrojanDownloader.Upatre.KMJ@5s5qya
BaiduWin32.Trojan.Kryptik.jn
ZillyaTrojan.Kryptik.Win32.3473211
TrendMicroTROJ_UPATRE.SM37
McAfee-GW-EditionBehavesLike.Win32.Trickbot.lm
SophosML/PE-A + Troj/Dyreza-FP
SentinelOneStatic AI – Malicious PE
JiangminTrojanDownloader.Upatre.npi
AviraTR/Kryptik.abboik
MAXmalware (ai score=82)
Antiy-AVLTrojan/Generic.ASMalwS.349E6B0
MicrosoftTrojanDownloader:Win32/Upatre
GDataTrojan.Upatre.Gen.3
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Upatre.R154505
Acronissuspicious
VBA32Trojan.Upatre
ALYacTrojan.Upatre.Gen.3
MalwarebytesTrojan.Upatre
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_UPATRE.SM37
TencentMalware.Win32.Gencirc.10cf796b
YandexTrojan.DL.Upatre!gq5N1cnMYpQ
IkarusPUA.Bundler
eGambitUnsafe.AI_Score_61%
FortinetW32/Waski.A!tr
AVGWin32:Malware-gen
Cybereasonmalicious.d59fd4
AvastWin32:Malware-gen

How to remove ML/PE-A + Troj/Dyreza-FP?

ML/PE-A + Troj/Dyreza-FP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment