Trojan

TrojanDownloader:Win32/Upatre.AL information

Malware Removal

The TrojanDownloader:Win32/Upatre.AL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Upatre.AL virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Norwegian (Bokmal)
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Attempts to modify proxy settings

How to determine TrojanDownloader:Win32/Upatre.AL?



File Info:

name: 0982841C09DEDA2F3830.mlw
path: /opt/CAPEv2/storage/binaries/102cddbe4cb8a8b163c9fc386d10e10853f7c457d472959472c6af2de6a0c7e9
crc32: BDFB904C
md5: 0982841c09deda2f3830d39d33dedd56
sha1: 79e356333669d2bd4816de8fe380cf7ba79d7205
sha256: 102cddbe4cb8a8b163c9fc386d10e10853f7c457d472959472c6af2de6a0c7e9
sha512: 921123c30b09f51baa49309c6c4435a3c7b878c8ee95977a1966ef31390371aa3271e73257b1b5242a61f788c2eebd63ea3581103ffadda21542f3d51272354a
ssdeep: 384:cOgYCEKnsh6Tk2ltxUpxifDpkFJ75Jdok5o2b88vn7f/oe9:qF0kfVcokNb88vnD/o
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E9A24E097497EB8DE56322B0C836DA014E25729ABA2956CF1C9236067DD33B3913FD1D
sha3_384: 06bcf5b04dc5dc49a5445f81d0fdaca182d907a0c97e5ebe87da6154faa9cdd3f4f85350253ff9a66969f441322895bb
ep_bytes: b8eeff00008d0db033400051e8a5f8ff
timestamp: 2008-06-28 20:44:53


Version Info:

CompanyName: Lavatoch
FileDescription: Lavatoch Inc.
FileVersion: Version 1.0.0.4
InternalName: Lavatoch
LegalCopyright: Copyright by Lavatoch Inc.
OriginalFilename: Lavatoch
Translation: 0x0414 0x04b0

TrojanDownloader:Win32/Upatre.AL also known as:

LionicTrojan.Win32.Generic.lZ5Q
Elasticmalicious (high confidence)
DrWebTrojan.Upatre.100
MicroWorld-eScanTrojan.GenericKD.1950285
FireEyeGeneric.mg.0982841c09deda2f
CAT-QuickHealTrojanDwnldr.Upatre.AA3
McAfeeUpatre-FAAD
CylanceUnsafe
SangforTrojan.Win32.Staser.apol
K7AntiVirusTrojan ( 0001140e1 )
AlibabaTrojanDownloader:Win32/Staser.ea47c465
K7GWTrojan-Downloader ( 0048f6391 )
Cybereasonmalicious.c09ded
BitDefenderThetaGen:NN.ZexaF.34606.bm0@aeIbHIiG
VirITTrojan.Win32.Generic.DZD
CyrenW32/Downloader.DTGT-0935
SymantecDownloader.Upatre!gen5
ESET-NOD32Win32/TrojanDownloader.Waski.A
TrendMicro-HouseCallTROJ_UPATRE.YYQL
Paloaltogeneric.ml
KasperskyTrojan.Win32.Staser.apol
BitDefenderTrojan.GenericKD.1950285
NANO-AntivirusTrojan.Win32.Upatre.efhacp
SUPERAntiSpywareTrojan.Agent/Gen-Upatre
AvastWin32:Downloader-WIH [Trj]
TencentMalware.Win32.Gencirc.114bf634
Ad-AwareTrojan.GenericKD.1950285
EmsisoftTrojan.GenericKD.1950285 (B)
ComodoTrojWare.Win32.TrojanDownloader.Waski.EB@5j320p
BaiduWin32.Trojan-Downloader.Waski.a
ZillyaDownloader.Waski.Win32.2456
TrendMicroTROJ_UPATRE.YYQL
McAfee-GW-EditionBehavesLike.Win32.Trickbot.mm
SophosMal/Generic-R + Troj/Upatre-GR
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.Agent.3WZGYJ
JiangminTrojan/Staser.aoh
WebrootTrojan.Dropper.Gen
AviraTR/Kryptik.coty
MAXmalware (ai score=100)
KingsoftWin32.Troj.Staser.ap.(kcloud)
MicrosoftTrojanDownloader:Win32/Upatre.AL
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Kryptik.R122906
VBA32Trojan.Staser
ALYacTrojan.GenericKD.1950285
MalwarebytesTrojan.Upatre
APEXMalicious
RisingTrojan.DL.Win32.Upatre.arv (CLASSIC)
YandexTrojan.Staser!aWeigLpRpto
IkarusTrojan-Downloader.Waski
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Waski.A!tr
AVGWin32:Downloader-WIH [Trj]
PandaTrj/WLT.B
CrowdStrikewin/malicious_confidence_60% (W)

How to remove TrojanDownloader:Win32/Upatre.AL?

TrojanDownloader:Win32/Upatre.AL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment