Trojan

What is “TrojanDownloader.Upatre.AA4”?

Malware Removal

The TrojanDownloader.Upatre.AA4 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader.Upatre.AA4 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine TrojanDownloader.Upatre.AA4?



File Info:

name: 762073469FB519646A20.mlw
path: /opt/CAPEv2/storage/binaries/0bb81ec8e4b17feaa6666d3221f8399e40849525858fd651796fe9e9ce36b373
crc32: 145BCEB0
md5: 762073469fb519646a20a896bf795d74
sha1: 375f0fd25f0bb3e2c3f85f82a730d41372cc7e33
sha256: 0bb81ec8e4b17feaa6666d3221f8399e40849525858fd651796fe9e9ce36b373
sha512: e7fc9a20db2012667c9688bcf8b8e347fa3f1368801d035949458eb59dcaa899eae402b8d9bacd7e9178db797ab704695f8952daa1ea15738246e36f02cb3250
ssdeep: 192:jTU9g9cVUz0wgJMGNT5NzNkFsZP1oynw0UWdto9KZjzqI/V2+m6DeVoCWzz:cVk0wrG7NRkSl16t8to9KJzqIE+mdIz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T182A2B39A56D1793CE1260E7A15F2D7864634BC212F4A82CF7E4CF508B87F6C3A8B0756
sha3_384: 02a5d508772e9e5aa3202973f438cbe2c5ce1b5625ffcf83c4c370fc514ecd4e7a0db3fa2c9608843a5569e63ca10063
ep_bytes: 53b8ffff0010e8a2f9ffff5bc3ccff25
timestamp: 1995-08-29 04:02:04


Version Info:

FileDescription: JuJu
FileVersion: 2.1.2.11
LegalCopyright: Copyright 2009-2013 all authors
OriginalFilename: JuJu.exe
ProductName: JuJu
ProductVersion: 2.1.2.11
CompanyName: JuJu corporation
Translation: 0x0411 0x04b2

TrojanDownloader.Upatre.AA4 also known as:

BkavW32.FamVT.GeND.Trojan
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Agent.BFBM
FireEyeGeneric.mg.762073469fb51964
CAT-QuickHealTrojanDownloader.Upatre.AA4
McAfeeDownloader-FSH
MalwarebytesTrojan.Upatre
VIPRETrojan.Win32.Upatre.buu (v)
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 0055e3da1 )
BitDefenderTrojan.Agent.BFBM
K7GWTrojan-Downloader ( 0055e3da1 )
Cybereasonmalicious.69fb51
BitDefenderThetaAI:Packer.16E5CF4E1F
VirITTrojan.Win32.Generic.AW
CyrenW32/Trojan.RFPS-5185
SymantecBackdoor.Trojan
ESET-NOD32Win32/TrojanDownloader.Waski.A
BaiduWin32.Trojan-Downloader.Waski.a
TrendMicro-HouseCallTROJ_UPATRE.SM37
ClamAVWin.Downloader.Upatre-5744092-0
KasperskyTrojan-Downloader.Win32.Upatre.edv
NANO-AntivirusTrojan.Win32.Cryptodef.demivm
RisingDownloader.Waski!8.184 (RDMK:cmRtazobvvZ8JB3Oon5C32H/D1Hw)
Ad-AwareTrojan.Agent.BFBM
SophosML/PE-A + Troj/Upatre-EU
ComodoTrojWare.Win32.TrojanDownloader.Waski.DA@5iyglc
DrWebTrojan.DownLoader11.30467
ZillyaTrojan.Cryptodef.Win32.186
TrendMicroTROJ_UPATRE.SM37
McAfee-GW-EditionDownloader-FSH!762073469FB5
SentinelOneStatic AI – Suspicious PE
EmsisoftTrojan.Agent.BFBM (B)
APEXMalicious
GDataTrojan.Agent.BFBM
JiangminTrojan/Cryptodef.ax
eGambitUnsafe.AI_Score_87%
AviraHEUR/AGEN.1120686
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.BC9D18
MicrosoftTrojanDownloader:Win32/Upatre
CynetMalicious (score: 100)
AhnLab-V3Spyware/Win32.Zbot.C535016
Acronissuspicious
VBA32Hoax.Cryptodef
ALYacTrojan.Agent.BFBM
TencentTrojan-Downloader.Win32.Waski.16000151
IkarusTrojan.Win32.Bublik
FortinetW32/Waski.A!tr.dldr
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove TrojanDownloader.Upatre.AA4?

TrojanDownloader.Upatre.AA4 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment