Home / malware Trojan:Win32/Meroweq.A
First posted on 26 May 2012.
Source: MicrosoftAliases :
Trojan:Win32/Meroweq.A is also known as W32/XtremeRat.C (Norman), BKDR_BREUT.A (Trend Micro).
Explanation :
Trojan:Win32/Meroweq.A is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.
Installation
Trojan:Win32/Meroweq.A creates the following files on an affected computer:
Payload
- %Temp%\_%mpsxnpcnns.bin
- %Temp%\google cache.exe - detected as Trojan:Win32/Meroweq.A
- %Temp%\macaddresschanger.exe
- %Temp%\svhost.exe - detected as Trojan:Win32/Meroweq.A
- <startup folder>\(empty).lnk
Contacts remote host
Trojan:Win32/Meroweq.A may contact a remote host at 216.6.0.28 using port 80. Commonly, malware may contact a remote host for the following purposes:
Additional information
- To report a new infection to its author
- To receive configuration or other data
- To download and execute arbitrary files (including updates or additional malware)
- To receive instruction from a remote attacker
- To upload data taken from the affected computer
In the wild, Trojan:Win32/Meroweq.A has been included in packages made available on peer-to-peer sharing sites or download sites. The packages may have the following names:
- MACAddressChanger
- Malformed Screensaver
Analysis by Ding Plazo
Last update 26 May 2012
