Trojan

About “Trojan:Win32/Shipup.F” infection

Malware Removal

The Trojan:Win32/Shipup.F is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Shipup.F virus can do?

  • Uses Windows utilities for basic functionality
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Shipup.F?



File Info:

name: 6BA315275561D99B1EB8.mlw
path: /opt/CAPEv2/storage/binaries/a3d488b01d0fb4cf211b8a47e7e0203dbc9c5b8d11221d2d4fefac3c53e6b049
crc32: C29FE9DC
md5: 6ba315275561d99b1eb8fc614ff0b2b3
sha1: 75367d8b506031df5923c2d8d7f1b9f643a123cd
sha256: a3d488b01d0fb4cf211b8a47e7e0203dbc9c5b8d11221d2d4fefac3c53e6b049
sha512: 850c074dd8346aa53e6f9339dca57b67ce1082acbcd4786b5a1e06c28f5c226768196e9670bd46dfe29a6531d135bf22bb7f23c97f362965584d8f16fc1a6e18
ssdeep: 192:XdF29zV+kRkhkgb0IUTfwrwJgAUJD2aZ1ZUWO8ppWR:K9khf0IUUiPU922ZUWO8ppWR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14C124B85BBE4380AF8B2473104F65713152EFC6CDE29D74C95A0B52B3C36BA05A26B62
sha3_384: 0e8f3a27056e5bdccf7d2000594511c9198919c77512107076fa343fb2634fabecfec54d8026f21c73756a1b3e5ef513
ep_bytes: 60be007040008dbe00a0ffff5783cdff
timestamp: 2007-06-12 13:03:38


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Internet Explorer
FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: iexplore
LegalCopyright: (C) Microsoft Corporation. All rights reserved.
OriginalFilename: IEXPLORE.EXE
ProductName: Microsoft(R) Windows(R) Operating System
ProductVersion: 6.00.2900.2180
Translation: 0x0000 0x04b0

Trojan:Win32/Shipup.F also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.ShipUp.a!c
MicroWorld-eScanTrojan.Generic.102377
FireEyeGeneric.mg.6ba315275561d99b
SkyhighBehavesLike.Win32.Generic.zm
McAfeeGeneric.aaf
Cylanceunsafe
VIPRETrojan.Generic.102377
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005376ae1 )
AlibabaTrojanDownloader:Win32/Shipup.862da75c
K7GWTrojan ( 005376ae1 )
Cybereasonmalicious.75561d
VirITTrojan.Win32.DownLoader.CTYA
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32Win32/ShipUp.NAT
APEXMalicious
TrendMicro-HouseCallTROJ_SHIPUP.GWT
KasperskyTrojan-Downloader.Win32.Small.hhe
BitDefenderTrojan.Generic.102377
NANO-AntivirusTrojan.Win32.Small.eopotc
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.11a38404
EmsisoftTrojan.Generic.102377 (B)
GoogleDetected
F-SecureTrojan.TR/ShipUp.F.2
DrWebTrojan.DownLoader.48620
ZillyaDownloader.Small.Win32.53984
TrendMicroTROJ_SHIPUP.GWT
SophosMal/Behav-160
IkarusTrojan.Win32.Swisyn
JiangminTrojanDownloader.Small.bdri
VaristW32/Trojan.UOAR-0860
AviraTR/ShipUp.F.2
Antiy-AVLTrojan[APT]/Win32.Apt30
KingsoftWin32.Troj.Undef.a
MicrosoftTrojan:Win32/Shipup.F
XcitiumMalware@#jaho26hwxy0w
ArcabitTrojan.Generic.D18FE9
ViRobotTrojan.Win32.ShipUp.9728
ZoneAlarmTrojan-Downloader.Win32.Small.hhe
GDataWin32.Trojan.Agent.FJJ5IJ
CynetMalicious (score: 99)
AhnLab-V3Downloader/Win32.Small.R15021
BitDefenderThetaAI:Packer.DF68B8A31D
ALYacTrojan.Generic.102377
MAXmalware (ai score=100)
VBA32BScope.TrojanDownloader.Small
MalwarebytesMalware.AI.3666877376
PandaGeneric Malware
RisingTrojan.ShipUp!8.C45 (TFE:5:XuogPYwIC7)
YandexTrojan.GenAsa!+WPcLNdwymk
FortinetW32/Generic.AP.171F696!tr
AVGWin32:Trojan-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)
alibabacloudTrojan[downloader]:Win/ShipUp.NAT

How to remove Trojan:Win32/Shipup.F?

Trojan:Win32/Shipup.F removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment