Collection of Upatre Samples ( alpha version)

Config File for 55ee74c06ab869c13381b258e7bd3c8c

md5
55ee74c06ab869c13381b258e7bd3c8c
source
n/a
link
n/a
malware_name
Horizyn.exe
temp_file
HoriLogFC.txt
scandate
0000-00-00 00:00:00
parsed
2015-07-06 21:41:17
decrypt_keys
3a149de2
check_keys
6a311b38
c2_server
188.120.194.101
baseport
9587
useragent
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
payload_format
reg
old
0
clientip
icanhazip.com
nr_targets
16
nr_delivery_sites
15
nr_delivery_sites_online
8
nr_payloads
1
ksa
rol
pdir
11
delivered payloads:
1
69ef0446335a39703a5d067d3a2d4ddc
downloaded
2015-07-01 11:04:37
scanned (on VT)
2015-07-01 09:04:46
positives
37 / 56
detected as
MicroWorld-eScan
Gen:Variant.Dyzap.16
CAT-QuickHeal
Backdoor.NetWiredRC.B4
ALYac
Gen:Variant.Dyzap.16
Malwarebytes
Spyware.Dyre
VIPRE
BehavesLike.Win32.Malware.bsf (vs)
K7GW
Trojan ( 004c523f1 )
K7AntiVirus
Trojan ( 004c523f1 )
NANO-Antivirus
Trojan.Win32.Yarwi.dsqlzx
F-Prot
W32/Dropper.gen8!Maximus
ESET-NOD32
Win32/TrojanDropper.Sikutan.C
TrendMicro-HouseCall
TROJ_UPATRE.SM24
Avast
Win64:Malware-gen
GData
Gen:Variant.Dyzap.16
Kaspersky
Trojan-Banker.Win32.Dyre.ms
BitDefender
Gen:Variant.Dyzap.16
ByteHero
Virus.Win32.Part.c
Ad-Aware
Gen:Variant.Dyzap.16
Emsisoft
Gen:Variant.Dyzap.16 (B)
Comodo
TrojWare.Win32.PWS.Dyzap.MY
F-Secure
Gen:Variant.Dyzap.16
DrWeb
DLOADER.Trojan
Zillya
Trojan.Dyre.Win32.150
TrendMicro
TROJ_UPATRE.SM24
McAfee-GW-Edition
BehavesLike.Win32.CryptDoma.jc
Sophos
Troj/Agent-ANOU
Cyren
W64/Trojan.EOPK-2648
Jiangmin
Trojan/Banker.Dyre.bq
Avira
W32/Etap
Antiy-AVL
Trojan/Win32.SGeneric
Arcabit
Trojan.Dyzap.16
AhnLab-V3
Trojan/Win32.Battdil
Microsoft
TrojanDownloader:Win32/Upatre.BL
AVware
BehavesLike.Win32.Malware.bsf (vs)
VBA32
suspected of Trojan.Downloader.gen.h
Ikarus
Trojan.Win32.Crypt
AVG
Generic_r.FEN
Panda
Trj/Genetic.gen
not detected by:
Bkav, nProtect, SUPERAntiSpyware, TheHacker, Alibaba, Symantec, ClamAV, Agnitum, ViRobot, Tencent, Kingsoft, AegisLab, TotalDefense, McAfee, Baidu-International, Zoner, Rising, Fortinet, Qihoo-360
delivery sites:
1
https://194.106.166.22/arh11.zip
69ef0446335a39703a5d067d3a2d4ddc
2
https://96.46.99.215/arh11.zip
69ef0446335a39703a5d067d3a2d4ddc
3
https://95.143.130.63/arh11.zip
4
https://178.222.250.35/arh11.zip
69ef0446335a39703a5d067d3a2d4ddc
5
https://94.154.107.172/arh11.zip
69ef0446335a39703a5d067d3a2d4ddc
6
https://104.36.232.219/arh11.zip
7
https://79.101.42.247/arh11.zip
8
https://188.255.249.28/arh11.zip
9
https://188.255.147.104/arh11.zip
10
https://188.255.168.97/arh11.zip
11
https://64.203.121.6/arh11.zip
69ef0446335a39703a5d067d3a2d4ddc
12
https://188.255.236.184/arh11.zip
69ef0446335a39703a5d067d3a2d4ddc
13
https://75.98.158.55/arh11.zip
14
https://75.98.149.138/arh11.zip
69ef0446335a39703a5d067d3a2d4ddc
15
https://104.174.123.66/arh11.zip
69ef0446335a39703a5d067d3a2d4ddc