Trojan

Trojan.UpatreRI.S26141426 (file analysis)

Malware Removal

The Trojan.UpatreRI.S26141426 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.UpatreRI.S26141426 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Divehi
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Network activity contains more than one unique useragent.
  • CAPE detected the OnlyLogger malware family
  • Attempts to modify proxy settings
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan.UpatreRI.S26141426?


File Info:

name: 08CE366E35E4E0441950.mlw
path: /opt/CAPEv2/storage/binaries/348ab54ce50b8b060f3b9034df308e74101d903fead0c7d7e958cefe4e08272d
crc32: 7315A528
md5: 08ce366e35e4e04419508d685d3d0d68
sha1: bb395acd5e86de8f87291efe4a3b0f3fb15cc452
sha256: 348ab54ce50b8b060f3b9034df308e74101d903fead0c7d7e958cefe4e08272d
sha512: fd559bb42b8624a44235a460a057ea9b7b801edc406afc29fec7002078669bd179d58efc40cf7369290e13c5fb9eae8d4acf9b78a9eb9dd0c6ebcd940d6588ba
ssdeep: 6144:QUQ6zuEfwIHvgnic6txfY8U0hmZK5k/jB1yKlxHONqhnpcJD/5:QUFwIaicM3JmZK5k/jB6N04
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10074AF10BBA0D035F9F712F8467A936CA93E3AB1572491CB53D416EE96396E0EC32317
sha3_384: 74ef3626fa23999532b2dfbde1a7278943ce149a2cc0020134a578c5d74314bb8e5769c0e9b16c436ecabfe25a870f12
ep_bytes: 8bff558bece8e6b30000e8110000005d
timestamp: 2021-01-12 11:30:22

Version Info:

0: [No Data]

Trojan.UpatreRI.S26141426 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Stealer.i!c
tehtrisGeneric.Malware
DrWebTrojan.DownLoader44.29348
MicroWorld-eScanGen:Heur.Mint.Zard.52
FireEyeGeneric.mg.08ce366e35e4e044
CAT-QuickHealTrojan.UpatreRI.S26141426
McAfeePacked-GEE!08CE366E35E4
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058cbb11 )
AlibabaTrojanSpy:Win32/Azorult.63ffa70c
K7GWTrojan ( 0058cbb11 )
Cybereasonmalicious.d5e86d
VirITTrojan.Win32.Genus.LBD
CyrenW32/Kryptik.GAL.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/TrojanDownloader.Agent.ELB
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Generic-9917434-0
KasperskyHEUR:Trojan-Spy.Win32.Stealer.pef
BitDefenderGen:Heur.Mint.Zard.52
AvastWin32:AceCrypter-D [Cryp]
TencentTrojan.Win32.Stealer.16000278
Ad-AwareGen:Heur.Mint.Zard.52
EmsisoftTrojan.Crypt (A)
ComodoMalware@#31p1jol7r4377
ZillyaTrojan.Kryptik.Win32.3672389
TrendMicroTrojan.Win32.AZORULT.WLHA
McAfee-GW-EditionBehavesLike.Win32.Emotet.fc
SophosMal/Generic-S + Troj/Krypt-FV
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.Kryptik.RW
JiangminTrojan.Generic.hevbk
AviraTR/YAV.Minerva.rawty
KingsoftWin32.Troj.Undef.(kcloud)
ZoneAlarmHEUR:Trojan-Spy.Win32.Stealer.pef
MicrosoftTrojan:Win32/Azorult.RM!MTB
CynetMalicious (score: 100)
AhnLab-V3Ransomware/Win.Stop.R463103
Acronissuspicious
VBA32TrojanPSW.Stealer
ALYacGen:Heur.Mint.Zard.52
MAXmalware (ai score=84)
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallTrojan.Win32.AZORULT.WLHA
RisingMalware.Obscure!1.A3BB (KTSE)
YandexTrojan.Kryptik!huw7Ia42QU0
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HNXS!tr
AVGWin32:AceCrypter-D [Cryp]
PandaTrj/WLT.G
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.UpatreRI.S26141426?

Trojan.UpatreRI.S26141426 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment