Win32/Upatre (alias Waski)

#26801 by sysopfb
Fri Sep 25, 2015 4:30 pm

Here's the version the AV companies have dubbed ipatre....

Few upatre samples in attach, payload is Dyre. This one just spins up svchost and overwrites the oep with a push ret or a jmp to the injected code section.

Attachments

upatre.zip

pw:infected
(63.32 KiB) Downloaded 50 times

Username

sysopfb

Posts

Joined

Thu Oct 23, 2014 1:22 am

Contact

Re: Malware collection

#30951 by ikolor
Fri Oct 27, 2017 1:19 pm

thanks
https://www.virustotal.com/#/file/a97f2 ... /detection

Attachments

doc-2.rar

(486.56 KiB) Downloaded 35 times

Username

ikolor

Posts

342

Joined

Thu Jun 05, 2014 2:20 pm

Location

Poland

Re: Malware collection

#30960 by sysopfb
Wed Nov 01, 2017 1:24 am

ikolor wrote:thanks
https://www.virustotal.com/#/file/a97f2 ... /detection

That's an encoded Upatre payload from a campaign in 2015

Username

sysopfb

Posts

Joined

Thu Oct 23, 2014 1:22 am

Contact

Page 3 of 3
23 posts

Return to “Malware”

Display:

Sort by:

Jump to:

Re: Win32/Upatre (alias Waski)

Attachments

Re: Malware collection

Attachments

Re: Malware collection