Upatre – Trojan Downloader

You can get the sample from theZoo SHA-256: 1b893ca3b782679b1e5d1afecb75be7bcc145b5da21a30f6c18dbddc9c6de4e7 We can use behavior analysis from hybrid-analysis. Seems like there is no known protection mechanism. In the strings, there is nothing important other than this base64 encoded string:  …and imports is not eloquent but there is our friend GetProcAddress:  Let’s open in IDA: sub_403760 is used to get necessary Win API functions:  […]