Trojan

Trojan.Upatre.OL malicious file

Malware Removal

The Trojan.Upatre.OL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Upatre.OL virus can do?

  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Attempts to modify proxy settings
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan.Upatre.OL?



File Info:

name: 802E844D46200EEDA353.mlw
path: /opt/CAPEv2/storage/binaries/8ffdc3c92b5e074e757727d85d0c56c26b0e3e91e76ac4952b9ca41dadd371db
crc32: E479B7CF
md5: 802e844d46200eeda3533f1952d332ea
sha1: 0c7290d419d0bf22a54a0282205ee274cea13e39
sha256: 8ffdc3c92b5e074e757727d85d0c56c26b0e3e91e76ac4952b9ca41dadd371db
sha512: a4e0338a13e0a73f164047b6929a739d2eefe9a3f72a866496efa89e409809fc79978f223fcd7a151303892fc85b3b6fe0273480d1fa71dc90e6ebcddc53086b
ssdeep: 192:kUOiZkkbQioQMhBL5quU7aobUOiZkkbQioQMhX4q5HXzpi5cgdA4O:nZkIN4XLM7aomZkIN4B4q5DQJSl
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T194B385D5AA846E63C276323071B1733E6AB1713C739A89BDF4FAC246DC036A5C8D1309
sha3_384: b434fcdaf2f617efcfdd2e15a8b86c66b9f834c8878a2d3c784e574c5b24789728f21b96360de39c57bb1b01e1ed03b5
ep_bytes: 558bec81ec3c08000053565733f656ff
timestamp: 2013-10-03 07:10:58


Version Info:

0: [No Data]

Trojan.Upatre.OL also known as:

BkavW32.AIDetectMalware
CynetMalicious (score: 100)
FireEyeGeneric.mg.802e844d46200eed
SkyhighBehavesLike.Win32.Generic.cz
ALYacGen:Variant.Doina.7224
MalwarebytesTrojan.Upatre.OL
VIPREGen:Variant.Doina.7224
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004bcce41 )
K7GWTrojan ( 004bcce41 )
CrowdStrikewin/malicious_confidence_100% (D)
ArcabitTrojan.Doina.D1C38
BaiduWin32.Trojan-Downloader.Waski.k
SymantecDownloader.Upatre!gm
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/TrojanDownloader.Waski.A
APEXMalicious
ClamAVWin.Downloader.Upatre-10027278-0
KasperskyHEUR:Trojan.Win32.Bublik.pef
BitDefenderGen:Variant.Doina.7224
MicroWorld-eScanGen:Variant.Doina.7224
AvastWin32:Downloader-WID [Trj]
TencentTrojan-DL.Win32.Waski.hy
EmsisoftGen:Variant.Doina.7224 (B)
F-SecureTrojan.TR/Downloader.Gen
DrWebTrojan.DownLoad3.28161
ZillyaDownloader.Waski.Win32.90762
TrendMicroTROJ_UPATRE.SM37
Trapminemalicious.moderate.ml.score
SophosML/PE-A
IkarusTrojan.Crypt
JiangminTrojan.Generic.aacmz
WebrootW32.Trojan.Gen
GoogleDetected
AviraTR/Downloader.Gen
Antiy-AVLTrojan[Downloader]/Win32.Small
Kingsoftmalware.kb.a.1000
MicrosoftTrojanDownloader:Win32/Upatre!pz
ZoneAlarmHEUR:Trojan.Win32.Bublik.pef
GDataGen:Variant.Doina.7224
VaristW32/Agent.INN.gen!Eldorado
AhnLab-V3Trojan/Win.Upatre.R638846
Acronissuspicious
McAfeeDownloader-FBVZ!802E844D4620
MAXmalware (ai score=81)
VBA32BScope.Trojan.Downloader
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_UPATRE.SM37
RisingDownloader.Agent!1.C06E (CLASSIC)
YandexTrojan.GenAsa!xjw/xZS1BKE
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Upatre.Gen
FortinetW32/Dloader.ADC!tr
BitDefenderThetaGen:NN.ZexaF.36802.gmX@aeEdVCei
AVGWin32:Downloader-WID [Trj]
DeepInstinctMALICIOUS

How to remove Trojan.Upatre.OL?

Trojan.Upatre.OL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment