Trojan.Upatre.VKD
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 540 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 41,571 |
| First Seen: | November 2, 2021 |
| Last Seen: | March 31, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Upatre.VKD |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
3b143965e3e4a6c8684bdc597a92bbea
SHA1:
2804b565b7dc72ae5ff92ce6bc7b47b3eee18485
SHA256:
888DF097488303E3BB74E8F88622966BB82D9DF28A9BBE3DF462BDFF929B7F4B
File Size:
36.65 KB, 36652 bytes
|
|
MD5:
e626ccbe5db5327b8bfd7b4da973b67d
SHA1:
055cff549997ac52dd8bd527665021ce10944e1d
SHA256:
B63437D21BE5DB5EF83DC5A8C32B4CE47F7B3F2C5A7F00849412720033AE61A6
File Size:
47.13 KB, 47132 bytes
|
|
MD5:
0e0d816962c382d8348bd81fa7039619
SHA1:
2b4b6f5ef653ac1b69b3969469d0f8b2b24eba35
SHA256:
22D2834E066C25C058E4B69B23D3E10DBC298610E08FF770713EE892995B6DDD
File Size:
37.17 KB, 37172 bytes
|
|
MD5:
ce333abd840d58c032382703f0fdab5b
SHA1:
3cbc9aafecdea9f62a9ef8161aaf8c53f0cb7606
SHA256:
181D77544E2E3ADCE004475B31A80DDD3C4F2C6A114FFE6208222DC2C144CD1C
File Size:
36.39 KB, 36392 bytes
|
|
MD5:
7b2fe495ea65c12ebbf48649e13b0a17
SHA1:
8c3a90cde3ccd621de02030312dcff55e9463246
SHA256:
1A7D9F44586613DA2DE6AF9AA2DADC62D634D39083D2454710F298F4C5E41B61
File Size:
37.97 KB, 37972 bytes
|
Show More
|
MD5:
74c52e4f705480fc69e6b9eb3c87ebc5
SHA1:
60009efb2e97f1e781032e28ff82a0106bea15a2
SHA256:
501DC4DA91856A40FDBB83189B5E1408B6439D1EBC67444184F013B9CD3078C6
File Size:
36.85 KB, 36852 bytes
|
|
MD5:
b186eb06ef2f97351e230e9dfc15c8bc
SHA1:
55fb71e1a6a0ccab9de292bee98b030d2abf5315
SHA256:
28C5D45A501088C7FBE889F0CACD4FDD9A0E26091D5F9A040347E7453657F4A1
File Size:
36.37 KB, 36372 bytes
|
|
MD5:
cce74f04e21f9463046fd816a5fad1e9
SHA1:
a828785f162f788cfc7d870e610aa9749766504e
SHA256:
B583F90531CDF6F09A356EC6D05016478F80F284FB70898A2DD067994E1DE83F
File Size:
40.89 KB, 40892 bytes
|
|
MD5:
64d735d22a16c7b9b01c1e786739982b
SHA1:
80b595544778867c9670df1cfbe35985ede73ef5
SHA256:
8AB84FEF52A2A2162A0EF1565639A7D4581323AFF9A51D5B1798DE75EE4BD246
File Size:
51.53 KB, 51532 bytes
|
|
MD5:
04d67bc5626c70a53ba8c492ed52608b
SHA1:
4eb6840f0c5eb1e9b9da24a8f138b154a6f67abe
SHA256:
99A85E6D87E193AC6119388715538572655892FC5AE82D10C0DF2BE6E56AF0CA
File Size:
49.45 KB, 49452 bytes
|
|
MD5:
ad31bb360b00bbfa560ca72c5d502add
SHA1:
c32e2c4540a4819b99f78dc17f41177a38f2ba05
SHA256:
41031A76511B02AC5488EDF98F2B0EC1D804AE431AB2BDEF19F995819C917318
File Size:
55.89 KB, 55892 bytes
|
|
MD5:
bc0fc257d700d804071ab0ed6b8d917f
SHA1:
9ce6472b78b183ca6c96f86fc03a14dd08bd9e58
SHA256:
646D2272B03E5F4800402268CB392F81B01763D4B5CD7C492B56D0ABDD08B3A8
File Size:
38.23 KB, 38232 bytes
|
|
MD5:
051d7ff12cca69a355f2829b1940b65d
SHA1:
f0700c937e64da5d098b7086d1229611bb8c80b6
SHA256:
9C27BFCEB838ECFAD849E96967849C8E446063177491A510B7D1255A5124853A
File Size:
36.97 KB, 36972 bytes
|
|
MD5:
f981845fd343fefa1601b4e1ac21f5ff
SHA1:
aee5031afe1546a015880870d2f30db23d18b3b0
SHA256:
891E87C4A2AE0A2D27CA9393A3D3A6F70682E5C8150991697F2460DF75F96823
File Size:
39.57 KB, 39572 bytes
|
|
MD5:
7afb472a1c7ae7fced516ae9f5bb0903
SHA1:
d18b449cac9a854f59c95083a8a5056890797fbb
SHA256:
2D62F275DEB5C9E28AD6CF478C9489432F207E365A0813CF6D212D5CA26840B5
File Size:
38.57 KB, 38572 bytes
|
|
MD5:
45125581e78e515a6faf45b9b8236cde
SHA1:
bedb9382ef17ab13116bed7eca59abd47a84ff43
SHA256:
CE8A6834132938D1DA1861390FFE56AB17AB256E00D48045BAFE3A7E046D17C5
File Size:
42.41 KB, 42412 bytes
|
|
MD5:
b1c79531ac787d710c5e9ad132e4904c
SHA1:
6948970bd1cd56fcc13dc2139fc784f30fadb89a
SHA256:
FCA053F6A9892B83479BC3294E789B9AAE2817B6D47F48AB8C437E788B8099D0
File Size:
36.97 KB, 36972 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments | www.tinytask.net |
| File Description | www.tinytask.net |
| File Version | 1, 77, 0, 0 |
| Legal Copyright | Copyright (c) 2019. All Rights Reserved. |
| Original Filename | TinyTask.exe |
| Product Name | TinyTask |
| Product Version | 1, 77, 0, 0 |
File Traits
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 40 |
|---|---|
| Potentially Malicious Blocks: | 30 |
| Whitelisted Blocks: | 10 |
| Unknown Blocks: | 0 |
Visual Map
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
0
0
x
x
x
x
x
x
x
x
x
x
0
x
1
x
0
0
0
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Spy.KeyLogger.U
- Upatre.VKD
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Keyboard Access |
|
