Collection of Upatre Samples ( alpha version)

Config File for 14f4b7ee965e256030f017a1002265c4

md5
14f4b7ee965e256030f017a1002265c4
source
n/a
link
n/a
malware_name
realxlag.exe
temp_file
RealInstallTemp.log
scandate
0000-00-00 00:00:00
parsed
2015-07-06 21:21:54
decrypt_keys
3a149de2
check_keys
6a311b38
c2_server
188.120.194.101
baseport
9587
useragent
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
payload_format
reg
old
0
clientip
icanhazip.com
nr_targets
16
nr_delivery_sites
15
nr_delivery_sites_online
8
nr_payloads
1
ksa
rol
pdir
12
delivered payloads:
1
2925baf42d6527e09b4e9df902c6dd3a
downloaded
2015-07-06 21:21:54
scanned (on VT)
2015-06-19 20:37:48
positives
37 / 57
detected as
MicroWorld-eScan
Gen:Variant.Dyzap.16
CAT-QuickHeal
Backdoor.NetWiredRC.B4
Malwarebytes
Spyware.Dyre
BitDefender
Gen:Variant.Dyzap.16
K7GW
Trojan ( 004c523f1 )
K7AntiVirus
Trojan ( 004c523f1 )
F-Prot
W32/Dropper.gen8!Maximus
Symantec
WS.Reputation.1
ESET-NOD32
Win32/TrojanDropper.Sikutan.C
Avast
Win64:Malware-gen
Kaspersky
Trojan-Banker.Win32.Dyre.ms
NANO-Antivirus
Trojan.Win32.Yarwi.dsqlzx
ByteHero
Virus.Win32.Part.c
Ad-Aware
Gen:Variant.Dyzap.16
Sophos
Troj/Agent-ANOU
Comodo
TrojWare.Win32.PWS.Dyzap.MY
F-Secure
Gen:Variant.Dyzap.16
VIPRE
BehavesLike.Win32.Malware.bsf (vs)
McAfee-GW-Edition
BehavesLike.Win32.CryptDoma.jc
Emsisoft
Gen:Variant.Dyzap.16 (B)
Cyren
W64/Trojan.EOPK-2648
Jiangmin
Trojan/Banker.Dyre.bq
Avira
W32/Etap
Fortinet
W32/Agent.ANOU!tr
Antiy-AVL
Trojan/Win32.SGeneric
AhnLab-V3
Trojan/Win32.Battdil
Microsoft
TrojanDownloader:Win32/Upatre.BL
McAfee
Artemis!7153412981C3
AVware
BehavesLike.Win32.Malware.bsf (vs)
VBA32
suspected of Trojan.Downloader.gen.h
Panda
Trj/Genetic.gen
Tencent
Trojan.Win32.Qudamah.Gen.7
Ikarus
Trojan.Win32.Crypt
GData
Gen:Variant.Dyzap.16
AVG
Generic_r.FEN
Baidu-International
Trojan.Win32.Banker.ms
Qihoo-360
Win32/Trojan.c2d
not detected by:
Bkav, nProtect, CMC, ALYac, Zillya, TheHacker, Agnitum, TrendMicro-HouseCall, ClamAV, Alibaba, ViRobot, AegisLab, Rising, DrWeb, TrendMicro, Kingsoft, Arcabit, SUPERAntiSpyware, TotalDefense, Zoner
delivery sites:
1
https://194.106.166.22/arh12.zip
2925baf42d6527e09b4e9df902c6dd3a
2
https://96.46.99.215/arh12.zip
2925baf42d6527e09b4e9df902c6dd3a
3
https://95.143.130.63/arh12.zip
4
https://178.222.250.35/arh12.zip
2925baf42d6527e09b4e9df902c6dd3a
5
https://94.154.107.172/arh12.zip
2925baf42d6527e09b4e9df902c6dd3a
6
https://104.36.232.219/arh12.zip
7
https://79.101.42.247/arh12.zip
8
https://188.255.249.28/arh12.zip
9
https://188.255.147.104/arh12.zip
10
https://188.255.168.97/arh12.zip
11
https://64.203.121.6/arh12.zip
2925baf42d6527e09b4e9df902c6dd3a
12
https://188.255.236.184/arh12.zip
2925baf42d6527e09b4e9df902c6dd3a
13
https://75.98.158.55/arh12.zip
14
https://75.98.149.138/arh12.zip
2925baf42d6527e09b4e9df902c6dd3a
15
https://104.174.123.66/arh12.zip
2925baf42d6527e09b4e9df902c6dd3a