Collection of Upatre Samples ( alpha version)

Config File for 765548804940bc4cdab32ae12c7f5847

md5
765548804940bc4cdab32ae12c7f5847
source
malwr
link
https://malwr.com/analysis/MGM3MTNlM2E5OWU2NDE5Njg2OTQzN2UwZWJiYWU2MDc/
malware_name
serupdate.exe
temp_file
ser73.txt
scandate
2015-03-05 16:56:39
parsed
2015-06-25 23:45:43
decrypt_keys
6285239b
check_keys
19efb80b
c2_server
190.111.9.129
baseport
9587
useragent
Mazilla/5.0
payload_format
reg
old
0
clientip
checkip.dyndns.org
nr_targets
3
nr_delivery_sites
2
nr_delivery_sites_online
1
nr_payloads
1
ksa
inc
pdir
0503us11
delivered payloads:
1
223a7a7071efa7b501ab97e92594ac46
downloaded
2015-06-25 23:45:43
scanned (on VT)
2015-07-04 08:34:45
positives
40 / 56
detected as
MicroWorld-eScan
Gen:Trojan.Heur.FuW@Ijj5sggi
McAfee
RDN/Generic Dropper!xd
Malwarebytes
Spyware.Dyre
Zillya
Trojan.Staser.Win32.4386
K7GW
Trojan ( 004b00db1 )
K7AntiVirus
Trojan ( 004b00db1 )
Agnitum
Trojan.Staser!
F-Prot
W32/Heuristic-KPP!Eldorado
Symantec
WS.Reputation.1
ByteHero
Virus.Win32.Part.a
TrendMicro-HouseCall
TROJ_BATTDIL.CPA
Avast
Win64:GenMalicious-CM [Trj]
Kaspersky
Trojan.Win32.Staser.bitw
BitDefender
Gen:Trojan.Heur.FuW@Ijj5sggi
NANO-Antivirus
Trojan.Win32.Staser.dsyusi
Ad-Aware
Gen:Trojan.Heur.FuW@Ijj5sggi
Sophos
Troj/Agent-AMHM
Comodo
TrojWare.Win32.PWS.Dyzap.MY
F-Secure
Gen:Trojan.Heur.FuW@Ijj5sggi
DrWeb
Trojan.Dyre.43
VIPRE
Trojan.Win32.Generic!BT
TrendMicro
TROJ_BATTDIL.CPA
McAfee-GW-Edition
RDN/Generic Dropper!xd
Emsisoft
Gen:Trojan.Heur.FuW@Ijj5sggi (B)
Cyren
W32/Heuristic-KPP!Eldorado
Jiangmin
Trojan/Staser.bea
Avira
TR/Staser.kadd
Fortinet
W32/Agent.AMHM!tr
Arcabit
Trojan.Heur.EA1B0B
AhnLab-V3
Trojan/Win32.Dyzap
Microsoft
TrojanDropper:Win32/Evotob.B
AVware
Trojan.Win32.Generic!BT
VBA32
Trojan.Staser
Panda
Trj/Genetic.gen
ESET-NOD32
Win32/TrojanDropper.Agent.QZH
Ikarus
Trojan.Win32.Crypt
GData
Gen:Trojan.Heur.FuW@Ijj5sggi
AVG
SHeur4.CHEM.dropper
Baidu-International
Trojan.Win32.Staser.bitw
Qihoo-360
HEUR/QVM20.1.Malware.Gen
not detected by:
Bkav, nProtect, CAT-QuickHeal, AegisLab, TheHacker, Alibaba, ClamAV, ViRobot, Rising, Antiy-AVL, Kingsoft, SUPERAntiSpyware, TotalDefense, ALYac, Zoner, Tencent
delivery sites:
1
https://plan-it-web.co.uk/RSS/css/jusa.pdf
2
https://rsc-salon.de/files/jusa.pdf
223a7a7071efa7b501ab97e92594ac46