Trojan

Trojan-Downloader.Win32.Upatre.cmsb removal

Malware Removal

The Trojan-Downloader.Win32.Upatre.cmsb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Downloader.Win32.Upatre.cmsb virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Norwegian (Bokmal)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Trojan-Downloader.Win32.Upatre.cmsb?



File Info:

name: FA2AD316B64B21360366.mlw
path: /opt/CAPEv2/storage/binaries/737c89a480a90b149095950db6959dcfb19a0d92e9b17bf5d0bf6597f3b4ebee
crc32: 99A44F2F
md5: fa2ad316b64b213603668d92440f781f
sha1: 3d54c8c835aae17e5b973457864e13e5938a1405
sha256: 737c89a480a90b149095950db6959dcfb19a0d92e9b17bf5d0bf6597f3b4ebee
sha512: dcbbdf388aff881d61aa33a21d9b92801b8ae58ff4e95eae99f4c719ecef98634e6817222121f1811115c74fe50a4aac36793404319d1aa3b01165eb4419e46c
ssdeep: 1536:5OYV9aUjJucIQgu1vPIWE+b2SoJX1LNdAWNjtDTGUnqrsc:8URE+VoJX1LNdVVtOU6sc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T187737D2277D485B2F633417408B9C691266BBC137BA1414F3E8EB71D1EB23928DB671B
sha3_384: 6359d4a939d03d207f169530043b25c60c1d03a9c882f12afdd7ab91ef9ac297e673137ddb8689374c64a65776b26755
ep_bytes: e8f4150000e978feffff8bff558bec8b
timestamp: 2013-12-22 20:43:25


Version Info:

0: [No Data]

Trojan-Downloader.Win32.Upatre.cmsb also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Upatre.Gen.3
CAT-QuickHealTrojan.Necurs.MUE.A4
McAfeeUpatre-FACQ!FA2AD316B64B
CylanceUnsafe
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 004c75411 )
K7AntiVirusTrojan ( 004c75411 )
BaiduWin32.Trojan.Kryptik.jr
CyrenW32/Upatre.BE.gen!Eldorado
SymantecDownloader.Upatre!gen5
ESET-NOD32a variant of Win32/Kryptik.DOJF
APEXMalicious
ClamAVWin.Malware.Upatre-9888346-0
KasperskyTrojan-Downloader.Win32.Upatre.cmsb
BitDefenderTrojan.Upatre.Gen.3
NANO-AntivirusTrojan.Win32.Upatre.dtlusl
AvastWin32:LoadMoney-AFR [PUP]
TencentTrojan.Win32.BitCoinMiner.la
Ad-AwareTrojan.Upatre.Gen.3
SophosML/PE-A + Troj/Upatre-OS
ComodoTrojWare.Win32.TrojanDownloader.Upatre.DOM@5st38w
DrWebTrojan.DownLoader41.11645
VIPRETrojan-Downloader.Win32.Upatre.tfl (v)
TrendMicroTROJ_HPUPATRE.SML1
McAfee-GW-EditionUpatre-FACQ!FA2AD316B64B
FireEyeGeneric.mg.fa2ad316b64b2136
EmsisoftTrojan.Upatre.Gen.3 (B)
IkarusTrojan.Cryptic
GDataWin32.Trojan.PSE.MJICGV
JiangminTrojan/Generic.bgsjz
AviraTR/Dldr.Upatre.MU
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASMalwS.3460DB1
ArcabitTrojan.Upatre.Gen.3
MicrosoftTrojanDownloader:Win32/Upatre
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Upatre.R155998
Acronissuspicious
VBA32TrojanDownloader.Upatre
ALYacTrojan.Upatre.Gen.3
MalwarebytesTrojan.Upatre
TrendMicro-HouseCallTROJ_HPUPATRE.SML1
RisingMalware.FakePDF/ICON!1.A24C (CLASSIC)
YandexTrojan.DL.Upatre!TE9FiBnRAw4
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.DQAA!tr
BitDefenderThetaGen:NN.ZexaF.34294.eqY@aOmbk!mO
AVGWin32:LoadMoney-AFR [PUP]
Cybereasonmalicious.6b64b2
PandaTrj/Genetic.gen
MaxSecureTrojan.Upatre.Gen

How to remove Trojan-Downloader.Win32.Upatre.cmsb?

Trojan-Downloader.Win32.Upatre.cmsb removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment