Trojan

TrojanDownloader:Win32/Upatre.BN (file analysis)

Malware Removal

The TrojanDownloader:Win32/Upatre.BN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Upatre.BN virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Rhaeto (Romance)
  • The binary likely contains encrypted or compressed data.
  • Looks up the external IP address
  • Mimics icon used for popular non-executable file format
  • Creates a slightly modified copy of itself
  • Anomalous binary characteristics

Related domains:

checkip.dyndns.org

How to determine TrojanDownloader:Win32/Upatre.BN?



File Info:

crc32: 7E464690
md5: 0716b2fa2249f8f2fc77aacd47bc34e3
name: 0716B2FA2249F8F2FC77AACD47BC34E3.mlw
sha1: 561a5fd9a9179e7c0a186ffe803adaf4be1c245e
sha256: 4f0b44a73eb0bb9467e71f64b4cd7f9d2676455ad96d89a7d604fb09565a39dd
sha512: 15e268c33effb74f92e1f71eca85bbe9ba1140b0255708fd158b510309d9c78085ca949f14f76d6a88a0caa25b4041ae44897ce6245320f79009dd8106d26559
ssdeep: 384:zgOlNwTGCy6sxTi/agtD4eI7zN3rbdDB3XlfYtCL7Xno3TARst:sO8aq7EJN3/d9lx7Xno8Rst
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: 
InternalName: 
FileVersion: 1.1.2.17
CompanyName: WOATEK
LegalTrademarks: 
ProductName: WOATEK
ProductVersion: 2.17
FileDescription: WOATEK
OriginalFilename: 
Translation: 0x0417 0x04e4

TrojanDownloader:Win32/Upatre.BN also known as:

BkavW32.AIDetectVM.malware2
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader15.55787
MicroWorld-eScanTrojan.Upatre.Gen.3
FireEyeGeneric.mg.0716b2fa2249f8f2
CAT-QuickHealTrojan.Kadena.B4
ALYacTrojan.Upatre.Gen.3
CylanceUnsafe
VIPRETrojan-Downloader.Win32.Upatre.tfl (v)
SangforMalware
K7AntiVirusTrojan-Downloader ( 0055c6c71 )
BitDefenderTrojan.Upatre.Gen.3
K7GWTrojan-Downloader ( 0055c6c71 )
Cybereasonmalicious.a2249f
BitDefenderThetaGen:NN.ZexaF.34804.cm1@aKWypZiG
CyrenW32/S-52cceba6!Eldorado
SymantecDownloader.Upatre!gen5
TrendMicro-HouseCallTROJ_UPATRE.SMJV5
AvastWin32:Malware-gen
ClamAVWin.Downloader.Upatre-5744092-0
KasperskyHEUR:Trojan.Win32.Generic
AlibabaTrojanDownloader:Win32/Kryptik.bb92f03d
NANO-AntivirusTrojan.Win32.Upatre.duklmx
AegisLabTrojan.Win32.Upatre.mAdp
RisingTrojan.Waski!1.A489 (CLASSIC)
Ad-AwareTrojan.Upatre.Gen.3
SophosML/PE-A + Mal/Upatre-V
ComodoTrojWare.Win32.TrojanDownloader.Upatre.EMD@5syzmz
F-SecureTrojan.TR/Crypt.XPACK.Gen
BaiduWin32.Trojan.Kryptik.ky
ZillyaDownloader.Upatre.Win32.48987
TrendMicroTROJ_UPATRE.SMJV5
McAfee-GW-EditionUpatre-FACH!0716B2FA2249
EmsisoftTrojan.Upatre.Gen.3 (B)
IkarusTrojan-Downloader.Win32.Waski
JiangminTrojanDownloader.Upatre.rrn
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=87)
Antiy-AVLTrojan[Downloader]/Win32.Upatre.ebic
MicrosoftTrojanDownloader:Win32/Upatre.BN
ArcabitTrojan.Upatre.Gen.3
SUPERAntiSpywareTrojan.Agent/Gen-Upatre
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataWin32.Trojan.Kryptik.CE
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Upatre.R159820
Acronissuspicious
McAfeeUpatre-FACH!0716B2FA2249
VBA32BScope.Trojan.Downloader
MalwarebytesMalware.AI.389665748
PandaTrj/Genetic.gen
APEXMalicious
ESET-NOD32a variant of Win32/Kryptik.DREE
TencentMalware.Win32.Gencirc.10b0c44f
YandexTrojan.GenAsa!PlaSW1z5p4E
SentinelOneStatic AI – Malicious PE – Downloader
MaxSecureTrojan.Upatre.Gen
FortinetW32/Kryptik.DQAA!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Win32/Trojan.9c7

How to remove TrojanDownloader:Win32/Upatre.BN?

TrojanDownloader:Win32/Upatre.BN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment