Malware

About “Troj/Upatre-YS” infection

Malware Removal

The Troj/Upatre-YS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Upatre-YS virus can do?

  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Troj/Upatre-YS?



File Info:

name: A938481A4483019A70DC.mlw
path: /opt/CAPEv2/storage/binaries/29bab22a2b1071d93a817aa9edccf0803156d267fbf6ae219704c385dabbe649
crc32: 98AF0EEA
md5: a938481a4483019a70dc1f1c60357d40
sha1: 266898b5b5da6c7b39d6f86d32f20f21086c9e01
sha256: 29bab22a2b1071d93a817aa9edccf0803156d267fbf6ae219704c385dabbe649
sha512: 1d24fa56c06544fee1c805e0cb71117f8d801e1d8a5927e89a060f4d16c9babda336840c3e78379905f2a1a3b44f29489b34ef21dbfed772200ac9e26adb6477
ssdeep: 192:KIf9S0y4SCH+B1dafScvQINEQ+2CwhA02+idp:KIk0y40JafSnpjwhAD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14A22DC7C9AE45572E377DAB585F655C7F975F0273D028C0E90CA03860823F62EDA1A1E
sha3_384: c21d93e74c73bb4afac9f3b570a22e292a13694ce0a581818550620f2126b12759d5c659fda7f307e7c0ba3058ae8d18
ep_bytes: 558d6c248881ecd408000053565733db
timestamp: 2014-01-27 12:19:18


Version Info:

0: [No Data]

Troj/Upatre-YS also known as:

BkavW32.AIDetectNet.01
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Ppatre.Gen.1
ClamAVWin.Malware.Upatre-6997681-0
FireEyeGeneric.mg.a938481a4483019a
CAT-QuickHealDownloader.Upatre.27298
McAfeeDownloader-FML!A938481A4483
MalwarebytesTrojan.Downloader
VIPRETrojan.Ppatre.Gen.1
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 004941701 )
K7GWTrojan-Downloader ( 004941701 )
Cybereasonmalicious.a44830
CyrenW32/Upatre.JY.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/TrojanDownloader.Waski.B
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan-Downloader.Win32.Upatre.gen
BitDefenderTrojan.Ppatre.Gen.1
NANO-AntivirusTrojan.Win32.DownLoad3.gqchuv
AvastWin32:Upatre-V [Trj]
TencentTrojan-Downloader.Win32.Waski.16000151
EmsisoftTrojan.Ppatre.Gen.1 (B)
DrWebTrojan.DownLoad3.33424
ZillyaDownloader.Waski.Win32.27854
TrendMicroTROJ_UPATRE.SMZ2
McAfee-GW-EditionBehavesLike.Win32.Generic.lt
Trapminemalicious.high.ml.score
SophosTroj/Upatre-YS
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan-Downloader.Upatre.BJ
JiangminTrojan.Generic.epmlr
AviraHEUR/AGEN.1207384
MAXmalware (ai score=83)
Antiy-AVLTrojan/Win32.Waski.a
XcitiumTrojWare.Win32.TrojanDownloader.Waski.BU@7nmtnf
ArcabitTrojan.Ppatre.Gen.1
ZoneAlarmHEUR:Trojan-Downloader.Win32.Upatre.gen
MicrosoftTrojan:Win32/Zbot.VHO!MTB
GoogleDetected
AhnLab-V3Malware/Win32.Generic.R98727
BitDefenderThetaGen:NN.ZexaF.36308.ayX@auk3Eipi
ALYacTrojan.Ppatre.Gen.1
VBA32BScope.Trojan.Downloader
Cylanceunsafe
TrendMicro-HouseCallTROJ_UPATRE.SMZ2
RisingSpyware.Zbot!8.16B (TFE:1:mhy8irZdGSI)
YandexTrojan.GenAsa!FYPjqD2mojE
IkarusTrojan-Downloader.Win32.Waski
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Waski.B!tr
AVGWin32:Upatre-V [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Troj/Upatre-YS?

Troj/Upatre-YS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment