Trojan

Trojan-Downloader.Win32.Upatre.jlzz removal tips

Malware Removal

The Trojan-Downloader.Win32.Upatre.jlzz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Downloader.Win32.Upatre.jlzz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with ASPack
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Trojan-Downloader.Win32.Upatre.jlzz?



File Info:

name: E13BD300890F84FB2CD1.mlw
path: /opt/CAPEv2/storage/binaries/628b52328efc829bae322d79204270e026a4003d9d73b0c601dc3abda216ae16
crc32: 938B9572
md5: e13bd300890f84fb2cd159518075978a
sha1: 65b2b027f333dc85c67d0f8fc01ad990f95b4d11
sha256: 628b52328efc829bae322d79204270e026a4003d9d73b0c601dc3abda216ae16
sha512: 9117499c3767d9f8f3d4ad930a697963a1e2873d7caf3b9650289daa4f002fba49e8490e53b3a900e2c23ddfd8718e8e991538ae2ace436c2bebc3d2671b53c2
ssdeep: 98304:wGexrMOaehGhNrOEREIPI/SVPZ3u5u7UAZvkCZe:w1YehErOEREIQKVPZ3uU7UAZMV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12C1633A93B5C418FC73716304656B253EA71FE1CB2314C3BB98D760C7B375AB9205689
sha3_384: edaf9fd28bd05ea39133926f97218d06d4ca1b7dca0a3a3c353e83969e57de015b5df9780170fa4bc63e0fd56cb4916e
ep_bytes: 60e803000000e9eb045d4555c3e80100
timestamp: 2023-04-27 20:34:38


Version Info:

FileVersion: 1.0.0.0
FileDescription:  
ProductName:  
ProductVersion: 1.0.0.0
CompanyName:  
LegalCopyright:   版权所有
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Trojan-Downloader.Win32.Upatre.jlzz also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.GenericKD.66800050
FireEyeGeneric.mg.e13bd300890f84fb
McAfeeArtemis!E13BD300890F
MalwarebytesPUP.Optional.ChinAd
SangforSuspicious.Win32.Save.ins
K7AntiVirusAdware ( 005848221 )
AlibabaTrojanDownloader:Win32/Upatre.7591f9b9
K7GWAdware ( 005848221 )
CrowdStrikewin/malicious_confidence_90% (D)
CyrenW32/ABRisk.JJIB-8302
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEXMalicious
ClamAVWin.Dropper.Tiggre-9845940-0
KasperskyTrojan-Downloader.Win32.Upatre.jlzz
BitDefenderTrojan.GenericKD.66800050
AvastWin32:DropperX-gen [Drp]
TencentMalware.Win32.Gencirc.119c6af2
SophosMal/Generic-S (PUA)
F-SecureHeuristic.HEUR/AGEN.1331983
VIPRETrojan.GenericKD.66800050
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
EmsisoftTrojan.GenericKD.66800050 (B)
GDataTrojan.GenericKD.66800050
JiangminTrojanDownloader.Upatre.aokg
GoogleDetected
AviraHEUR/AGEN.1331983
Antiy-AVLTrojan[Packed]/Win32.FlyStudio
ArcabitTrojan.Generic.D3FB49B2
ZoneAlarmTrojan-Downloader.Win32.Upatre.jlzz
MicrosoftTrojan:Win32/Woreflint.A!cl
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Generic.R576432
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.36196.9B1ba4ZkRxlb
ALYacTrojan.GenericKD.66800050
MAXmalware (ai score=85)
VBA32BScope.Trojan.Tiggre
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002H0CE423
RisingDownloader.Upatre!8.B5 (CLOUD)
SentinelOneStatic AI – Suspicious PE
MaxSecureDropper.Dinwod.frindll
FortinetRiskware/Application
AVGWin32:DropperX-gen [Drp]
Cybereasonmalicious.7f333d
DeepInstinctMALICIOUS

How to remove Trojan-Downloader.Win32.Upatre.jlzz?

Trojan-Downloader.Win32.Upatre.jlzz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment