Collection of Upatre Samples ( alpha version)

Config File for 92310d4a11712d3eec85f706e5ae2771

md5
92310d4a11712d3eec85f706e5ae2771
source
virusshare
link
download.4n6?sample=110ebc00916e341ea07afc795475c3cbc6aaa18e76b4b13fab9d345eefc0cb1e
malware_name
informix.exe
temp_file
mix_81C.tmp
scandate
0000-00-00 00:00:00
parsed
2015-06-29 01:36:01
decrypt_keys
13d526c1
check_keys
5d67642b
c2_server
202.153.35.133
baseport
9587
useragent
Mazilla/4.0
payload_format
reg
old
0
clientip
nr_targets
2
nr_delivery_sites
2
nr_delivery_sites_online
1
nr_payloads
1
ksa
inc
pdir
2101us12
delivered payloads:
1
ca8eb497b132df8e6dc66d9871b4b338
downloaded
2015-06-29 01:36:01
scanned (on VT)
2015-06-28 23:36:07
positives
31 / 56
detected as
MicroWorld-eScan
Gen:Trojan.Heur.AuW@IHr7naji
CAT-QuickHeal
Backdoor.NetWiredRC.B4
Malwarebytes
Spyware.Dyre
NANO-Antivirus
Trojan.Win32.Staser.dnmvon
F-Prot
W32/Heuristic-KPP!Eldorado
Symantec
Downloader.Upatre!gm
ESET-NOD32
Win32/TrojanDropper.Agent.QXK
TrendMicro-HouseCall
TSPY_DYRE.SMNC
Avast
Win32:Agent-AVHI [Trj]
GData
Gen:Trojan.Heur.AuW@IHr7naji
Kaspersky
Trojan.Win32.Staser.awwh
BitDefender
Gen:Trojan.Heur.AuW@IHr7naji
Ad-Aware
Gen:Trojan.Heur.AuW@IHr7naji
Sophos
Mal/Upatre-N
Comodo
TrojWare.Win32.PWS.Dyzap.MY
F-Secure
Gen:Trojan.Heur.AuW@IHr7naji
DrWeb
Trojan.Dyre.43
VIPRE
Trojan.Win32.Encpk.agsb (v)
TrendMicro
TSPY_DYRE.SMNC
McAfee-GW-Edition
BehavesLike.Win32.Dropper.gc
Emsisoft
Gen:Trojan.Heur.AuW@IHr7naji (B)
Cyren
W32/Heuristic-KPP!Eldorado
Jiangmin
Trojan/Staser.bgv
Avira
TR/Crypt.EPACK.31037
Arcabit
Trojan.Heur.E242A5
AhnLab-V3
Trojan/Win32.Dyzap
Microsoft
TrojanDropper:Win32/Evotob.B
AVware
Trojan.Win32.Encpk.agsb (v)
VBA32
Heur.Trojan.Hlux
Ikarus
Trojan.Win32.Crypt
AVG
Crypt3.BUEI.dropper
not detected by:
Bkav, nProtect, McAfee, Zillya, SUPERAntiSpyware, K7AntiVirus, Alibaba, K7GW, TheHacker, ClamAV, Agnitum, AegisLab, ByteHero, Tencent, Antiy-AVL, Kingsoft, ViRobot, TotalDefense, ALYac, Baidu-International, Zoner, Rising, Fortinet, Panda, Qihoo-360
delivery sites:
1
https://mauriliomusic.com/mandoc/seo12.pdf
2
https://genuinecontact.net/documents/seo12.pdf
ca8eb497b132df8e6dc66d9871b4b338