Trojan

About “Trojan:Win32/Upatre.MA!MTB” infection

Malware Removal

The Trojan:Win32/Upatre.MA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan:Win32/Upatre.MA!MTB virus can do?

  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Created a process from a suspicious location

How to determine Trojan:Win32/Upatre.MA!MTB?


File Info:

name: 37CEEB4171D4007B421C.mlw
path: /opt/CAPEv2/storage/binaries/e5f325ab222a46b1d293e8e8c649ee7425f33b563264d76b2d657e3bf4b11f62
crc32: FD9D82BA
md5: 37ceeb4171d4007b421cad823f08469e
sha1: fdb1dd0d9bd96fa124f2a90252acb9130c9c7dd9
sha256: e5f325ab222a46b1d293e8e8c649ee7425f33b563264d76b2d657e3bf4b11f62
sha512: 5980f7cb40dfa104296e78ce8f0a74d494c25e9da34ce79c162b82f9d731a6a7946727918f8bdd020cf04599109f3d94f0d513618ce7719de9a9ee5544d6a5be
ssdeep: 48:ZXUXiz8HKR20fOO6Vrond2vyFSu8x9qjO8AaO/B2nApmwGLjUxTYbCepb6s2oruk:ZX+Q3j6cInZqWDwnumwC4sbCYqk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17481D976BF8A40B7C2B6167746B3594AA6B1BB103F02C25E01098B0558676CD5F7C7C5
sha3_384: fa34311c2203ec5484620b699994ea23ec3afc7d01d03d714ccc258871057b8dbe81e46a153e35e01af898c64f473718
ep_bytes: 8bec81c410ffffffe8000000005b6681
timestamp: 2014-07-07 08:12:37

Version Info:

0: [No Data]

Trojan:Win32/Upatre.MA!MTB also known as:

BkavW32.AIDetect.malware1
MicroWorld-eScanGen:Heur.Mint.Gubbins.19
FireEyeGeneric.mg.37ceeb4171d4007b
ALYacGen:Heur.Mint.Gubbins.19
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 0049d22b1 )
K7GWTrojan-Downloader ( 0049d22b1 )
Cybereasonmalicious.171d40
CyrenW32/Trojan.EIBJ-5084
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDownloader.Waski.F
APEXMalicious
ClamAVWin.Downloader.Upatre-9953299-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.Mint.Gubbins.19
NANO-AntivirusTrojan.Win32.DownLoad3.dceouh
SUPERAntiSpywareTrojan.Agent/Gen-Upatre
AvastWin32:TrojanX-gen [Trj]
TencentTrojan-Downloader.Win32.Waski.wbq
Ad-AwareGen:Heur.Mint.Gubbins.19
EmsisoftGen:Heur.Mint.Gubbins.19 (B)
DrWebTrojan.DownLoad3.33795
TrendMicroTROJ_UPATRE.SM37
McAfee-GW-EditionBehavesLike.Win32.Upatre.zt
Trapminemalicious.high.ml.score
SophosML/PE-A + Mal/Upatre-AS
SentinelOneStatic AI – Malicious PE
GDataGen:Heur.Mint.Gubbins.19
JiangminTrojanDownloader.Generic.bcqm
AviraTR/Downloader.Gen
MAXmalware (ai score=81)
MicrosoftTrojan:Win32/Upatre.MA!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.R120254
Acronissuspicious
McAfeeGenericATG-FABE!37CEEB4171D4
VBA32TrojanSpy.Zbot
MalwarebytesMalware.AI.3105117214
TrendMicro-HouseCallTROJ_UPATRE.SM37
RisingTrojan.Generic@AI.98 (RDMK:FCjAOaJWmLMQK1kq4XFP4w)
IkarusTrojan-Downloader.Win32.Waski
MaxSecureTrojan.Upatre.Gen
FortinetW32/Waski.C!tr
BitDefenderThetaGen:NN.ZexaF.34742.aiX@a0Rnurd
AVGWin32:TrojanX-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan:Win32/Upatre.MA!MTB?

Trojan:Win32/Upatre.MA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment