Malware

About “Troj/Upatre-YW” infection

Malware Removal

The Troj/Upatre-YW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Upatre-YW virus can do?

  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Attempts to modify proxy settings

How to determine Troj/Upatre-YW?



File Info:

name: AFCED3E11392CCD28ABF.mlw
path: /opt/CAPEv2/storage/binaries/ed04aef6bdbd900711637232fd9abee27cd40fdb292e838fd71c3b587fbb13d9
crc32: 7701DB28
md5: afced3e11392ccd28abfcd88dbef8af4
sha1: 5668af8eee1e989f5bdf22c1cc79bb09dffce700
sha256: ed04aef6bdbd900711637232fd9abee27cd40fdb292e838fd71c3b587fbb13d9
sha512: 5e4194edbd40b3ef7d78e9eb444ccc8cd4cef3aae4db1c6bdc782c7cfc1e15fe4fd0a4832c60571d2ecc5e2d71f1e2cd70cfc3b55b612b7e4a4601fdd906be6b
ssdeep: 192:3SXtoITW7I3FIZDDIIKIIORdmECi1PF+KDDsAQdm+eZv2PlSTbhI0:uoITKJ7mUt2/0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1007208743BE56A72F37BCFB586F551C5A974B0227D06D80D40AA43880823FA6DDB1A1E
sha3_384: cb7d8a994feb6cd9bb7dc522359267567adc1b57b7f85214ed6860ac2c33fb3398b39e81d0f98715b5e6a5e374c6ed34
ep_bytes: 558becb83c200000e863030000535657
timestamp: 2013-09-06 09:44:54


Version Info:

0: [No Data]

Troj/Upatre-YW also known as:

BkavW32.AIDetectNet.01
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Ppatre.Gen.1
FireEyeGeneric.mg.afced3e11392ccd2
McAfeeDownloader-FBWV!AFCED3E11392
Cylanceunsafe
ZillyaDownloader.Small.Win32.149892
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan-Downloader ( 0050fef41 )
K7AntiVirusTrojan-Downloader ( 0050fef41 )
BitDefenderThetaGen:NN.ZexaE.36308.bmY@ayjVPSi
VirITTrojan.Win32.Upatre.AJ
CyrenW32/Upatre.LX.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/TrojanDownloader.Small.PRL
APEXMalicious
ClamAVWin.Downloader.Upatre-9952018-0
KasperskyHEUR:Trojan-Downloader.Win32.Upatre.gen
BitDefenderTrojan.Ppatre.Gen.1
NANO-AntivirusTrojan.Win32.DownLoad3.dofdyx
AvastWin32:Downloader-WID [Trj]
TencentTrojan-DL.Win32.Small.yw
EmsisoftTrojan.Ppatre.Gen.1 (B)
DrWebTrojan.DownLoad3.28161
VIPRETrojan.Ppatre.Gen.1
TrendMicroTROJ_UPATRE.SMAS
McAfee-GW-EditionBehavesLike.Win32.Downloader.lz
Trapminemalicious.high.ml.score
SophosTroj/Upatre-YW
IkarusTrojan-Downloader.Win32.Upatre
GDataWin32.Trojan-Downloader.Upatre.BJ
JiangminTrojanDownloader.Generic.akuo
GoogleDetected
AviraTR/Dropper.Gen
Antiy-AVLTrojan[Downloader]/Win32.Waski.a
XcitiumTrojWare.Win32.TrojanDownloader.Upatre.ACC@56yhj8
ArcabitTrojan.Ppatre.Gen.1
ZoneAlarmTrojan-Downloader.Win32.Small.gen
MicrosoftTrojan:Win32/Upatre.MH!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zbot.R83549
VBA32BScope.Trojan.Downloader
ALYacTrojan.Ppatre.Gen.1
MAXmalware (ai score=88)
MalwarebytesTrojan.Upatre.Generic
TrendMicro-HouseCallTROJ_UPATRE.SMAS
RisingDownloader.Agent!1.E264 (CLASSIC)
YandexTrojan.Agent!bKYKQvZLomQ
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Upatre.Gen
FortinetW32/Tiny.NIV!tr
AVGWin32:Downloader-WID [Trj]
Cybereasonmalicious.11392c
PandaTrj/Genetic.gen

How to remove Troj/Upatre-YW?

Troj/Upatre-YW removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment