TROJ_MEPAOW.IC
Windows 2000, Windows XP, Windows Server 2003
Threat Type: Trojan
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
708,767 bytes
EXE
No
10 Oct 2011
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Trojan drops the following files:
- %Program Files%\Common Files\ActiveSync\silhum.dll
- %System%\MSWINSCK.ocx
- %System%\soundnate.wav
- %System%\zlib.dll
(Note: %Program Files% is the default Program Files folder, usually C:\Program Files.. %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)
It drops the following copies of itself into the affected system:
- %Program Files%\Common Files\ActiveSync\.exe
(Note: %Program Files% is the default Program Files folder, usually C:\Program Files.)
It creates the following folders:
- %Program Files%\Common Files\ActiveSync
(Note: %Program Files% is the default Program Files folder, usually C:\Program Files.)
Other Details
This Trojan connects to the following possibly malicious URL:
- http://blog.{BLOCKED}r.com
- http://{BLOCKED}s.naver.net