Home / malware

PDF

TrojanDownloader:Win32/Upatre.BD

First posted on 08 May 2015.
Source: Microsoft

Aliases :

There are no other names known for TrojanDownloader:Win32/Upatre.BD.

Explanation :

Threat behavior

Installation
This threat can create a copy of itself in %TEMP% using a random file name, for example %TEMP%\tcp_setup.exe.

Payload


Downloads malware or unwanted software

This threat can connect to the following URLs to download other malware:

• 217.12. .234/satk011.png
• 46.151. .90/satk011.png
• 80.87. .102/satk011.png
• 91.240. .38/satk011.png
• 91.240. .54/satk011.png
• 91.240. .64/satk011.png
• 91.240. .66/satk011.png
• 91.240..45/satk011.png

We have seen it download threats from the following malware families:

• Win32/Dyzap
• Win32/Evotob

Analysis by Patrick Estavillo

Symptoms

The following can indicate that you have this threat on your PC:

• You see a file similar to:
  
  • %TEMP%\tcp_setup.exe

Last update 08 May 2015

 

TOP