Trojan

How to remove “Trojan-Downloader.Win32.Upatre.izhi”?

Malware Removal

The Trojan-Downloader.Win32.Upatre.izhi is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan-Downloader.Win32.Upatre.izhi virus can do?

  • Executable code extraction
  • Possible date expiration check, exits too soon after checking local time
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Attempts to connect to a dead IP:Port (18 unique times)
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Starts servers listening on 127.0.0.1:0
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Looks up the external IP address
  • Uses Windows utilities for basic functionality
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Checks for the presence of known windows from debuggers and forensic tools
  • Network activity contains more than one unique useragent.
  • Detects VMware through the presence of a registry key
  • Attempts to modify proxy settings
  • Attempts to disable Windows Defender
  • Attempts to create or modify system certificates

Related domains:

watira.xyz
ipinfo.io
fgdfhgs.fun
ferniewebcam.com
i.spesgrt.com
videocontent.xyz
cdn.discordapp.com
drkapoorclinic.com
a.goatagame.com
24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com
fsstoragecloudservice.com
apps.identrust.com
ocsp.digicert.com
crl3.digicert.com
live.goatgame.live
crl.identrust.com
lenak513.tumblr.com
iplis.ru
ocsp.comodoca.com
ocsp.usertrust.com
g.symcd.com
ocsp.sectigo.com
sr.symcd.com
prophefliloc.tumblr.com
sf.symcd.com
proxycheck.io
iplogger.org
api.ip.sb
freegeoip.app
youtube4kdowloader.club

How to determine Trojan-Downloader.Win32.Upatre.izhi?


File Info:

crc32: 20A42814
md5: a447d89f3c72c8f5c81e9cac1b3eeb53
name: A447D89F3C72C8F5C81E9CAC1B3EEB53.mlw
sha1: e5693ec6ef7d5b5d872130d33c05a10160a127c9
sha256: 7ca942cc19eb3d9f6bd2e5947eb77af104948ccea1f4b96c87270e91065650c7
sha512: dc4ee7dcec578bc38caccdcebdbf4ee13c4dd2b10fb2538f164e92f2216c359184022b30a8aaa5c6f1a6b2dd360ae7f75d0005be26efdadb0e9f04a890741d4b
ssdeep: 49152:xcBwDyczsDMz45DqbDqUeZvBaFsVyHPb1TYZbA+/3PBEMEwJ84vLRaBtIl9mTpH6:xr1zsDHiwJaEwBTYZbRBQCvLUBsKp6p
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright (c) 1999-2018 Igor Pavlov
InternalName: 7zS.sfx
FileVersion: 19.00
CompanyName: Igor Pavlov
ProductName: 7-Zip
ProductVersion: 19.00
FileDescription: 7z Setup SFX
OriginalFilename: 7zS.sfx.exe
Translation: 0x0409 0x04b0

Trojan-Downloader.Win32.Upatre.izhi also known as:

K7AntiVirusTrojan-Downloader ( 0057feab1 )
LionicTrojan.Win32.Mokes.m!c
Elasticmalicious (high confidence)
ClamAVWin.Packed.Barys-9859531-0
CAT-QuickHealTrojan.Agent
ALYacDropped:Trojan.GenericKD.37363457
CylanceUnsafe
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanDownloader:Win32/Upatre.f0a99333
K7GWTrojan-Downloader ( 0057feab1 )
Cybereasonmalicious.f3c72c
BitDefenderThetaGen:NN.ZexaF.34058.hq0@aK!1NRaG
CyrenW32/Zusy.HA.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
AvastWin32:MalwareX-gen [Trj]
CynetMalicious (score: 100)
KasperskyTrojan-Downloader.Win32.Upatre.izhi
BitDefenderDropped:Trojan.GenericKD.37363457
NANO-AntivirusTrojan.Win32.Dwn.ixvygg
MicroWorld-eScanDropped:Trojan.GenericKD.37363457
TencentWin32.Trojan.Agent.Lknf
Ad-AwareDropped:Trojan.GenericKD.37363457
SophosMal/Generic-S
DrWebTrojan.DownLoader40.49527
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionRDN/Generic.com
FireEyeDropped:Trojan.GenericKD.37363457
EmsisoftDropped:Trojan.GenericKD.37363457 (B)
JiangminTrojan.Sdum.td
WebrootW32.Trojan.Gen
AviraTR/Dldr.Agent.ujtem
eGambitUnsafe.AI_Score_98%
Antiy-AVLTrojan/Generic.ASMalwS.3444066
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:MSIL/Mokes.B!MTB
GDataDropped:Trojan.GenericKD.37363457
McAfeeArtemis!A447D89F3C72
MAXmalware (ai score=86)
VBA32Trojan.Wacatac
MalwarebytesMalware.AI.3432400300
IkarusTrojan-Downloader.Win32.Agent
FortinetPossibleThreat.MU
AVGWin32:MalwareX-gen [Trj]
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Generic.HyoDGN8A

How to remove Trojan-Downloader.Win32.Upatre.izhi?

Trojan-Downloader.Win32.Upatre.izhi removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment