Categories: Trojan

About “Trojan.Meredrop.A7” infection

The Trojan.Meredrop.A7 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Meredrop.A7 virus can do?

Performs HTTP requests potentially not found in PCAP.
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid
CAPE detected the embedded pe malware family
Attempts to modify proxy settings
Touches a file containing cookies, possibly for information gathering
Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan.Meredrop.A7?


File Info:
name: 758F55EF4883A66BBDCD.mlwpath: /opt/CAPEv2/storage/binaries/2173450992a5e7140e0aecd4570bc63e0591d9cbe55441be26c31d34a627a109crc32: 464162FBmd5: 758f55ef4883a66bbdcd345f4bfa1b18sha1: a6507b9385cbcd4ca9c5344af586153e3d5e7919sha256: 2173450992a5e7140e0aecd4570bc63e0591d9cbe55441be26c31d34a627a109sha512: a1faa1a7e9f89d7cb1b570deecbdbba9943c6d376fcbb32bb9e45c7863ebc417d8c1acc6b7c3e5b13d4cddde99ac8ec2d22bf31a72b736b2ecef14bdb40351cfssdeep: 24576:FriUuutDhucUgW60deRJVGDjiVDCluTsFFNRpT9hZggNcWaVB7z9OIu4d1KCHSbO:FrvDUuZFDCQT2DpN/hOnruyJHSq3type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T14BB59F01F541C0B6D69E013105BB2779EEB89B520B35CAC3A7A4DDBDDE333D1993622Asha3_384: 28aa354e344dc8379e5252b6835228293799a9200d7bfcbfb7bd272c63961ba62c3c7dde2028952f4848753adb61f172ep_bytes: 558bec6aff68887d61006880d8460064timestamp: 2010-07-07 04:46:51
Version Info:
FileVersion: 1.0.0.0FileDescription: 易语言程序ProductName: DNF辅助工具ProductVersion: 1.0.0.0CompanyName: xtLegalCopyright: 禁止模仿Comments: 本程序使用易语言编写(http://www.eyuyan.com)Translation: 0x0804 0x04b0

Trojan.Meredrop.A7 also known as:

Bkav	W32.AIDetectMalware
AVG	Win32:TrojanX-gen [Trj]
tehtris	Generic.Malware
DrWeb	Trojan.PWS.Wsgame.28041
MicroWorld-eScan	Gen:Heur.PWSIME.3
FireEye	Generic.mg.758f55ef4883a66b
CAT-QuickHeal	Trojan.Meredrop.A7
Skyhigh	BehavesLike.Win32.Generic.vm
McAfee	GenericRXAB-NT!758F55EF4883
Malwarebytes	Generic.Malware.AI.DDS
Zillya	Dropper.Agent.Win32.49461
Sangfor	Suspicious.Win32.Save.ins
K7AntiVirus	Password-Stealer ( 000174511 )
Alibaba	RiskWare:Win32/IMEStartup.4385dbdc
K7GW	Password-Stealer ( 000174511 )
CrowdStrike	win/malicious_confidence_70% (W)
BitDefenderTheta	Gen:NN.ZexaF.36802.ps0@a487tUhb
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/PSW.QQTen.NAN
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Dropper.Detected-10008752-0
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Heur.PWSIME.3
Avast	Win32:TrojanX-gen [Trj]
Emsisoft	Gen:Heur.PWSIME.3 (B)
F-Secure	Trojan:W32/DelfInject.R
Baidu	Win32.Trojan.FakeIME.d
VIPRE	Gen:Heur.PWSIME.3
TrendMicro	TROJ_GEN.R002C0PB824
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
Jiangmin	TrojanDropper.Agent.ampo
Webroot	W32.Heuristic.Gen
Google	Detected
Antiy-AVL	Trojan[GameThief]/Win32.OnLineGames
Kingsoft	Win32.Troj.Undef.a
Microsoft	Trojan:Win32/Wacatac.B!ml
Xcitium	Worm.Win32.Dropper.RA@1qraug
Arcabit	Trojan.PWSIME.3
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Win32.Trojan.PSE.1CKVCT4
Varist	W32/OnlineGames.HH.gen!Eldorado
TACHYON	Trojan-Dropper/W32.Agent.2347008.G
VBA32	TScope.Malware-Cryptor.SB
Cylance	unsafe
Panda	Generic Malware
TrendMicro-HouseCall	TROJ_GEN.R002C0PB824
Rising	Stealer.QQPass!1.648F (CLASSIC)
Ikarus	Trojan.Win32.Agent
MaxSecure	Dropper.Dinwod.frindll
Fortinet	W32/CoinMiner.PHP!tr
DeepInstinct	MALICIOUS
alibabacloud	RiskWare:Win/QQTen.NAN