Trojan

Trojan.Upatre.EI (B) removal tips

Malware Removal

The Trojan.Upatre.EI (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Upatre.EI (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Mimics icon used for popular non-executable file format

How to determine Trojan.Upatre.EI (B)?



File Info:

name: 8132C0FE3773F24ABFEB.mlw
path: /opt/CAPEv2/storage/binaries/5bd86dae8d4497cc8be3c378211beec9c1d32209d93a07aba426c451968dd91d
crc32: 840E5CD1
md5: 8132c0fe3773f24abfeb6a569b0b6553
sha1: 0c913470d619429d8d996391e383ba7e43c7ba81
sha256: 5bd86dae8d4497cc8be3c378211beec9c1d32209d93a07aba426c451968dd91d
sha512: 2b1de63c4cedd645d3000b9e11a49ea2f6d3dae046621d43074c309c8048ea157375021524e8e9742e105613b55f4d7f9697932362694410d0be8b0411845414
ssdeep: 1536:lDc2kE8H1Akjoc/4+hZuGj0Sgl0D8HxO6CGHSesfAW:l4bjoc9Fj0TBxOSHSh
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T188837EE3B8D589ADF4A7C170AEB58E2A52AF7CAF0834057FA2C415512D79053D833AC7
sha3_384: 038551ce29916dbb90bc7f7edc94f819d0fd8c8c9bc44b842173d89b76060a6de9a358fe493b9d100ea8def3b9224025
ep_bytes: 558bec6aff68a8584000687c21400064
timestamp: 2015-07-06 07:14:10


Version Info:

BuildVersion: 1, 7, 11, 21
Translation: 0x0409 0x04b0

Trojan.Upatre.EI (B) also known as:

Elasticmalicious (high confidence)
DrWebTrojan.DownLoader14.35782
MicroWorld-eScanTrojan.Upatre.EI
FireEyeGeneric.mg.8132c0fe3773f24a
CAT-QuickHealTrojanDownloader.Upatre.RF4
ALYacTrojan.Upatre.EI
MalwarebytesMalware.AI.581296063
ZillyaDownloader.UpatreGen.Win32.86
K7AntiVirusTrojan-Downloader ( 0056a5ff1 )
K7GWTrojan-Downloader ( 0056a5ff1 )
Cybereasonmalicious.e3773f
BitDefenderThetaGen:NN.ZexaF.34062.fqX@aWWVJupc
CyrenW32/Upatre.BK.gen!Eldorado
SymantecDownloader.Upatre!g14
ESET-NOD32Win32/TrojanDownloader.Waski.N
TrendMicro-HouseCallTROJ_UPATRE.SM37
CynetMalicious (score: 100)
KasperskyTrojan-Downloader.Win32.Upatre.crer
BitDefenderTrojan.Upatre.EI
NANO-AntivirusTrojan.Win32.RiskGen.dtotol
SUPERAntiSpywareTrojan.Agent/Gen-Upatre
AvastWin32:Malware-gen
RisingMalware.FakePDF/ICON!1.A24A (CLASSIC)
Ad-AwareTrojan.Upatre.EI
EmsisoftTrojan.Upatre.EI (B)
ComodoTrojWare.Win32.TrojanDownloader.Upatre.DLF@5t0aja
VIPRETrojan-Downloader.Win32.Waski.mf (v)
TrendMicroTROJ_UPATRE.SM37
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.mt
SophosML/PE-A + Troj/Wonton-SR
IkarusTrojan.Win32.Crypt
JiangminTrojanDownloader.Upatre.rwl
AviraTR/Ddlr.Upatre.MJ
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASBOL.255D
MicrosoftTrojanDownloader:Win32/Upatre
ViRobotTrojan.Win32.Upatre.86016
GDataTrojan.Upatre.EI
AhnLab-V3Trojan/Win32.Fakeico.R156608
Acronissuspicious
McAfeeUpatre-FACR!8132C0FE3773
VBA32TrojanDownloader.Upatre
APEXMalicious
TencentMalware.Win32.Gencirc.10b40027
YandexTrojan.GenAsa!fWexzhEnpiM
SentinelOneStatic AI – Suspicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Waski.B!tr
WebrootTrojan.Dropper.Gen
AVGWin32:Malware-gen
PandaTrj/Downloader.IZF
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Trojan.Upatre.EI (B)?

Trojan.Upatre.EI (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment