SecurityHome.eu TrojanDownloader:Win32/Wosamereen.A

Home / malware PDF

TrojanDownloader:Win32/Wosamereen.A

First posted on 04 February 2015.
Source: Microsoft
Aliases :
There are no other names known for TrojanDownloader:Win32/Wosamereen.A.
Explanation :
Threat behavior

Installation

This threat installs itself to a random folder using a random file name. We have seen it use the file name mpsvc.exe.

A top level window with the title WMEncSaver could indicate an infection with this threat.

Payload

Downloads malware

This threat can download files, including other malware onto your PC.

We have seen it connect to the following domains, however these domains were not hosting malware at the time of analysis:

103.245.209.125

23116549.at.webry.info/201310/

blog.goo.ne.jp/bnmhjklu/e/

takayata.exblog.jp/20679521

Analysis by Zarestel Ferrer

Symptoms

The following can indicate that you have this threat on your PC:

You have this top level window:

WMEncSaver

Last update 04 February 2015

TOP

Malware :

Last 20

Family:

TrojanDownloader:Win32/Wosamereen.A