Home / malware TrojanDownloader:Win32/Yemrok.A
First posted on 10 December 2013.
Source: MicrosoftAliases :
There are no other names known for TrojanDownloader:Win32/Yemrok.A.
Explanation :
Threat behavior TrojanDownloader:Win32/Yemrok.A is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer.
Installation
When it runs, TrojanDownloader:Win32/Yemrok.A copies itself to\eeiaea.exe. Note: refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
Payload
Contacts remote hosts
TrojanDownloader:Win32/Yemrok.A may contact the following remote hosts:
- 0.0.0.0 using port 6677
- 199.36.76.95 using port 2305
Commonly, malware may contact a remote host for the following purposes:This malware description was produced and published using our automated analysis system's examination of file SHA1 3824358df69d8faefff066cdc4fe8f6bc920daee.Symptoms
- To confirm Internet connectivity
- To report a new infection to its author
- To receive configuration or other data
- To download and execute arbitrary files (including updates or additional malware)
- To receive instruction from a remote attacker
- To upload data taken from the affected computer
System changes
The following could indicate that you have this threat on your PC:
- The presence of the following files:
\eeiaea.exe Last update 10 December 2013
