Trojan

TrojanDownloader:Win32/Upatre!pz removal instruction

Malware Removal

The TrojanDownloader:Win32/Upatre!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Upatre!pz virus can do?

  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine TrojanDownloader:Win32/Upatre!pz?



File Info:

name: 9554260346B80A8D7E1C.mlw
path: /opt/CAPEv2/storage/binaries/38179771cdb985deedd72cca733d8d293a4f44d61dff2ae193d26c7b2540253f
crc32: B927DC25
md5: 9554260346b80a8d7e1ce2226c357814
sha1: 2c301cad5c9545d1260be9a02d25f65af2d5fd38
sha256: 38179771cdb985deedd72cca733d8d293a4f44d61dff2ae193d26c7b2540253f
sha512: 337d6f2cff22638bd1dd75d0748d2d41b76a76167bc16d1c7bcd948b2fa08e98706c588abda9c0bf6e48f3e2f93a9cbf4d74c3c00f9efe51cb30693d3a4c32c3
ssdeep: 192:0tVNXnwR2bNI65eg80GgYGWEFaBqMthZy/UKKfxNsMMAOma6:0BnwR2xbeZkYt5hI/8xNsua6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14752CD3C6ED61577E37BCAB6C9F641C6FE64B4233901981E90DB03850813F97AD92A1E
sha3_384: 1152947f1cad7b929360fc3b8b0b3acee107c3fc9fa71d0b8a5981f38b5c452a72c6b6498a96440601e9b6b94f46cee4
ep_bytes: 558bec81ec3c04000053565733f656ff
timestamp: 2013-08-29 14:03:58


Version Info:

0: [No Data]

TrojanDownloader:Win32/Upatre!pz also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
DrWebTrojan.DownLoad3.28161
MicroWorld-eScanTrojan.GenericKD.69760757
CAT-QuickHealTrojanDownlder.Upatre.MUE.A5
SkyhighBehavesLike.Win32.Generic.lz
McAfeeGenericRXCU-DG!9554260346B8
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.Generic.Win32.125166
SangforTrojan.Win32.Save.a
Cybereasonmalicious.d5c954
BitDefenderThetaGen:NN.ZexaF.36608.auY@amzDlEfi
VirITTrojan.Win32.Generic.BLHT
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDownloader.Waski.A
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Agent-1251908
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.GenericKD.69760757
NANO-AntivirusTrojan.Win32.DownLoad3.emvztu
AvastWin32:Downloader-WID [Trj]
TencentTrojan.Win32.Downloader.wb
EmsisoftTrojan.GenericKD.69760757 (B)
F-SecureTrojan.TR/Dropper.Gen
BaiduWin32.Trojan-Downloader.Waski.k
VIPRETrojan.GenericKD.69760757
TrendMicroTROJ_UPATRE.SMAS
Trapminesuspicious.low.ml.score
FireEyeGeneric.mg.9554260346b80a8d
SophosTroj/Upatre-YW
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.10H4FHC
JiangminTrojanDownloader.Generic.akum
VaristW32/Upatre.MR.gen!Eldorado
AviraTR/Dropper.Gen
MAXmalware (ai score=86)
Antiy-AVLTrojan/Win32.Waski.a
Kingsoftmalware.kb.a.999
XcitiumTrojWare.Win32.TrojanDownloader.Small.CDC@8mzsfr
ArcabitTrojan.Generic.D42876F5
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojanDownloader:Win32/Upatre!pz
GoogleDetected
AhnLab-V3Trojan/Win32.Dloader.R87521
Acronissuspicious
VBA32Trojan.Download
ALYacTrojan.GenericKD.69760757
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_UPATRE.SMAS
RisingDownloader.Agent!1.E264 (CLASSIC)
YandexTrojan.GenAsa!xjw/xZS1BKE
IkarusTrojan-Downloader.Win32.Upatre
MaxSecureTrojan.Upatre.Gen
FortinetW32/Dloader.ADC!tr
AVGWin32:Downloader-WID [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove TrojanDownloader:Win32/Upatre!pz?

TrojanDownloader:Win32/Upatre!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment