Malware

Troj/Upatre-YS (file analysis)

Malware Removal

The Troj/Upatre-YS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Upatre-YS virus can do?

  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Troj/Upatre-YS?



File Info:

name: 72BC04C47F748C49C4EE.mlw
path: /opt/CAPEv2/storage/binaries/f883ec739d249b1d0fea6a14651f1fa8047527e442e98e8374c89191b60df5c5
crc32: 04864D1C
md5: 72bc04c47f748c49c4eef6b09c8c6dd4
sha1: 06e02e6dc1882e9bcfd959815ba7b227ac88c62a
sha256: f883ec739d249b1d0fea6a14651f1fa8047527e442e98e8374c89191b60df5c5
sha512: 1bce1e3cda083f263cc5469289d701bfce78e7e8173e79f48b29b153942badad006404fe8032540aeb74c7045510a00ef321b6df83c06555c4a5407a06920ebd
ssdeep: 192:KIf9S0y4SCH+B1dafScvQINEQ+2CwhA02+idXPCf8:KIk0y40JafSnpjwhAJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18C32CB7C9EE45572E3B7CAB585F655C7F975F0273D028C0E90CA03850823F62ADA1A1E
sha3_384: 42fccd69c3564b898777f92f3b962bbfd10ea1f804ddbcd57eb795d972467498504bf161c7fea35a7b81e8bf4a2c24a1
ep_bytes: 558d6c248881ecd408000053565733db
timestamp: 2014-01-27 12:19:18


Version Info:

0: [No Data]

Troj/Upatre-YS also known as:

BkavW32.AIDetectNet.01
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Ppatre.Gen.1
ClamAVWin.Malware.Upatre-6997681-0
FireEyeGeneric.mg.72bc04c47f748c49
CAT-QuickHealDownloader.Upatre.27298
McAfeeDownloader-FML!72BC04C47F74
Cylanceunsafe
ZillyaDownloader.Waski.Win32.27854
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 004941701 )
K7GWTrojan-Downloader ( 004941701 )
Cybereasonmalicious.47f748
CyrenW32/Upatre.JY.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/TrojanDownloader.Waski.B
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Ppatre.Gen.1
NANO-AntivirusTrojan.Win32.DownLoad3.gqchuv
AvastWin32:Upatre-V [Trj]
TencentTrojan-Downloader.Win32.Waski.16000151
SophosTroj/Upatre-YS
DrWebTrojan.DownLoad3.33424
VIPRETrojan.Ppatre.Gen.1
TrendMicroTROJ_UPATRE.SMZ2
McAfee-GW-EditionBehavesLike.Win32.Generic.lt
Trapminemalicious.high.ml.score
EmsisoftTrojan.Ppatre.Gen.1 (B)
IkarusTrojan-Downloader.Win32.Waski
GDataWin32.Trojan-Downloader.Upatre.BJ
JiangminTrojan.Generic.epmlr
AviraHEUR/AGEN.1207384
Antiy-AVLTrojan/Win32.Waski.a
XcitiumTrojWare.Win32.TrojanDownloader.Waski.BU@7nmtnf
ArcabitTrojan.Ppatre.Gen.1
ZoneAlarmTrojan-Downloader.Win32.Small.gen
MicrosoftTrojan:Win32/Zbot.VHO!MTB
GoogleDetected
AhnLab-V3Malware/Win32.Generic.R98727
VBA32BScope.Trojan.Downloader
ALYacTrojan.Ppatre.Gen.1
MAXmalware (ai score=80)
TrendMicro-HouseCallTROJ_UPATRE.SMZ2
RisingSpyware.Zbot!8.16B (TFE:1:mhy8irZdGSI)
YandexTrojan.GenAsa!FYPjqD2mojE
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Waski.B!tr
BitDefenderThetaGen:NN.ZexaF.36308.ayX@auk3Eipi
AVGWin32:Upatre-V [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Troj/Upatre-YS?

Troj/Upatre-YS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment