Trojan

TrojanDownloader:Win32/Ufraie.A removal guide

Malware Removal

The TrojanDownloader:Win32/Ufraie.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Ufraie.A virus can do?

  • Executable code extraction
  • Starts servers listening on 0.0.0.0:10100
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial binary language: Russian
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Uses Windows utilities for basic functionality
  • Queries information on disks, possibly for anti-virtualization
  • Network activity contains more than one unique useragent.
  • Collects information about installed applications
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system

Related domains:

elodolddr.nexthop.ws

How to determine TrojanDownloader:Win32/Ufraie.A?



File Info:

crc32: 4C94A36F
md5: ddd0bdc1f2ae1253870b43c1962a8163
name: DDD0BDC1F2AE1253870B43C1962A8163.mlw
sha1: b4171c9c0e05739d0bff26a3e816abe72bc8082b
sha256: 5b6b02f7a597fd23c75aded695722a04a06cecfb89e5aeec54701b7c27c7bca6
sha512: 06acb8874b039bd9b8e58e8764a3c9e9fed5f05ebeac6117665f88f7ab7c56ffa7e0f56f25f1f47801186a9ea04cf77493c4b4f863ba56b66d324fd65244af66
ssdeep: 1536:H0iGPNkpLBOGp8mXhdT7et8TyzUpt23nouy8xFvJ3/FK1SIz:TG1kLxpvxdpTyznoutvG
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: SensApi.dll
FileVersion: 5.1.2600.5512 (xpsp.080413-2108)
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 5.1.2600.5512
FileDescription: SENS Connectivity API DLL
Translation: 0x0419 0x04b0

TrojanDownloader:Win32/Ufraie.A also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Generic.7354776
FireEyeTrojan.Generic.7354776
ALYacTrojan.Generic.7354776
MalwarebytesTrojan.FakeMS.ED
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Generic.4!c
K7AntiVirusTrojan-Downloader ( 004df1111 )
BitDefenderTrojan.Generic.7354776
K7GWTrojan-Downloader ( 004df1111 )
Cybereasonmalicious.1f2ae1
CyrenW32/A-0cff4a16!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Kryptik-GZY [Trj]
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Vilsel.bjqdhm
Ad-AwareTrojan.Generic.7354776
EmsisoftTrojan.Generic.7354776 (B)
ComodoTrojWare.Win32.Kryptik.ZJD@4mvh7s
F-SecureTrojan.TR/Crypt.ZPACK.Gen8
DrWebTrojan.Siggen3.53918
McAfee-GW-EditionBehavesLike.Win32.Generic.nc
SophosMal/Generic-R + Troj/Dwnldr-JRS
GDataTrojan.Generic.7354776
JiangminTrojan/Vilsel.zvg
AviraTR/Crypt.ZPACK.Gen8
Antiy-AVLTrojan/Win32.Vilsel
ArcabitTrojan.Generic.D703998
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojanDownloader:Win32/Ufraie.A
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Vilsel.R21068
McAfeeFakeAlert-FBJ!DDD0BDC1F2AE
MAXmalware (ai score=99)
VBA32Trojan.Downloader
CylanceUnsafe
PandaGeneric Malware
ESET-NOD32Win32/TrojanDownloader.Ufraie.B
RisingDownloader.Ufraie!8.CAA (CLOUD)
YandexTrojan.GenAsa!aqPy0w5DEwk
FortinetW32/Kryptik.ZJD!tr
BitDefenderThetaGen:NN.ZexaF.34804.gmKfa0mX@7di
AVGWin32:Kryptik-GZY [Trj]
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.214

How to remove TrojanDownloader:Win32/Ufraie.A?

TrojanDownloader:Win32/Ufraie.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment