Win32/Agent.UPF [Threat Name] go to Threat

Win32/Agent.UPF [Threat Variant Name]

Category trojan
Size 61440 B
Detection created Mar 22, 2013
Detection database version 8152
Aliases Trojan.Win32.ShipUp.qcu (Kaspersky)
  VirTool:Win32/Injector.EE (Microsoft)
Short description

Win32/Agent.UPF is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses.

Installation

The trojan does not create any copies of itself.


The trojan hooks the following Windows APIs:

  • getaddrinfo (ws2_32.dll)
  • gethostbyname (ws2_32.dll)
Other information

Win32/Agent.UPF is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses.


The trojan blocks access to any domains that contain any of the following strings in their name:

  • a3.userdail.ru
  • b2.userdail.ru
  • c6.userdail.ru
  • e.mail.ru
  • google.com
  • google.com.ua
  • google.ru
  • help.mail.ru
  • m.odnoklassniki.ru
  • m.vk.com
  • mail.ru
  • my.mail.ru
  • vk.com
  • www.e.mail.ru
  • www.google.com
  • www.google.com.ua
  • www.google.ru
  • www.odnoklassniki.ru
  • www.yandex.ru

The user may be redirected to one of the following Internet web sites:

  • 91.208.16.246

Please enable Javascript to ensure correct displaying of this content and refresh this page.