Collection of Upatre Samples ( alpha version)

Config File for 4231d53d875e105792e12133c48a8be5

md5
4231d53d875e105792e12133c48a8be5
source
malwr
link
https://malwr.com/analysis/YTEwNDBhMzBhZmI3NDMwYjliY2IzZmFlMTgzZGQ0OWM/
malware_name
makedopar.exe
temp_file
3780061Log.txt
scandate
2015-06-14 05:46:02
parsed
2015-06-29 20:32:13
decrypt_keys
35274c7f
check_keys
2f779c3f
c2_server
93.185.4.90
baseport
13920
useragent
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
payload_format
reg
old
0
clientip
icanhazip.com
nr_targets
17
nr_delivery_sites
16
nr_delivery_sites_online
6
nr_payloads
1
ksa
dec
pdir
MIS12
delivered payloads:
1
f9ad0833b8e491c7c715b31fa7b4a84a
downloaded
2015-06-26 00:37:29
scanned (on VT)
2015-06-29 12:44:07
positives
28 / 56
detected as
MicroWorld-eScan
Gen:Trojan.Heur.GuW@Iv0l8Sli
Malwarebytes
Spyware.Dyre
F-Prot
W32/Dropper.gen8!Maximus
ESET-NOD32
Win32/Battdil.S
TrendMicro-HouseCall
TROJ_UPATRE.OYPA
Avast
Win64:Evo-gen [Susp]
GData
Gen:Trojan.Heur.GuW@Iv0l8Sli
Kaspersky
Trojan-Downloader.Win32.Upatre.aiaj
BitDefender
Gen:Trojan.Heur.GuW@Iv0l8Sli
NANO-Antivirus
Trojan.Win32.Dyre.dryjzi
ViRobot
Trojan.Win32.Upatre.541696[h]
Ad-Aware
Gen:Trojan.Heur.GuW@Iv0l8Sli
Emsisoft
Gen:Trojan.Heur.GuW@Iv0l8Sli (B)
Comodo
TrojWare.Win32.PWS.Dyzap.MY
F-Secure
Gen:Trojan.Heur.GuW@Iv0l8Sli
DrWeb
DLOADER.Trojan
VIPRE
BehavesLike.Win32.Malware.bsf (vs)
TrendMicro
TROJ_UPATRE.OYPA
Sophos
Troj/UACMe-A
Cyren
W64/Trojan.NRSO-8006
Jiangmin
TrojanDownloader.Upatre.afjh
Avira
W32/Etap
Antiy-AVL
Trojan[Downloader]/Win32.Upatre
Arcabit
Trojan.Heur.EEA0D1
Microsoft
TrojanDropper:Win32/Evotob.C
AVware
BehavesLike.Win32.Malware.bsf (vs)
AVG
Cryptic.EWT.dropper
Panda
Trj/Genetic.gen
not detected by:
Bkav, TotalDefense, nProtect, CAT-QuickHeal, ALYac, Zillya, SUPERAntiSpyware, TheHacker, Alibaba, K7GW, K7AntiVirus, Agnitum, Symantec, ClamAV, Tencent, McAfee-GW-Edition, Kingsoft, AegisLab, AhnLab-V3, ByteHero, McAfee, VBA32, Baidu-International, Zoner, Rising, Ikarus, Fortinet, Qihoo-360
delivery sites:
1
https://91.144.83.19/misi12.png
2
https://212.92.6.123/misi12.png
3
https://195.228.219.230/misi12.png
4
https://176.223.153.138/misi12.png
5
https://216.51.193.145/misi12.png
f9ad0833b8e491c7c715b31fa7b4a84a
6
https://87.255.64.223/misi12.png
7
https://93.119.102.70/misi12.png
8
https://73.22.119.204/misi12.png
9
https://96.46.103.232/misi12.png
f9ad0833b8e491c7c715b31fa7b4a84a
10
https://96.46.100.49/misi12.png
f9ad0833b8e491c7c715b31fa7b4a84a
11
https://96.46.99.183/misi12.png
f9ad0833b8e491c7c715b31fa7b4a84a
12
https://68.70.242.203/misi12.png
f9ad0833b8e491c7c715b31fa7b4a84a
13
https://66.215.30.118/misi12.png
f9ad0833b8e491c7c715b31fa7b4a84a
14
https://96.40.19.168/misi12.png
15
https://107.161.207.151/misi12.png
16
https://216.245.211.242/misi12.png