Trojan

Trojan:Win32/Merca.A malicious file

Malware Removal

The Trojan:Win32/Merca.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Merca.A virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Detects Bochs through the presence of a registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Attempted to write directly to a physical drive
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system

How to determine Trojan:Win32/Merca.A?



File Info:

name: 8D46EE2D141176E9543D.mlw
path: /opt/CAPEv2/storage/binaries/e7ef341ad0b17df0b35c191edaa77c0abf2da0d20238cf1e594aa9d0805d3f39
crc32: D3D0F3B5
md5: 8d46ee2d141176e9543dea9bf1c079c8
sha1: 810c8cc0a3eb6e52e42f97ad6dfe511694952989
sha256: e7ef341ad0b17df0b35c191edaa77c0abf2da0d20238cf1e594aa9d0805d3f39
sha512: 770294907911a611674c4b50a23616ddc093ac296581c7424064451b8a85ce207f9a3cdde886fb5eca694abeab4bc737c3f368d87abbc0be91d25e658f619ad6
ssdeep: 49152:CAOD/z+Sf25a2UhSAilFOOwpC6HglLOyThcc3eFiy0p8NJU8iTA7GTR8:C9FOwyLORc3eFM888ik7
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T151169F17B288567BD96F0B324837DD949A3DB7A02E1A9C0B57F01D0CCF39E432A26756
sha3_384: f09bcd9079e329242d5530a30816f3883780f1e38db7e6475680dee05721970be19f508281724c1a4a12831f230e3419
ep_bytes: 558bec83c4f0b808201201e80403d3ff
timestamp: 2016-06-07 12:01:47


Version Info:

FileVersion: 1.0.0.0
ProductVersion: 1.0.0.0
Translation: 0x0409 0x04e4

Trojan:Win32/Merca.A also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Agent.4!c
ElasticWindows.Trojan.Trickbot
MicroWorld-eScanTrojan.GenericKD.49196903
McAfeeGenericR-HYF!8D46EE2D1411
CylanceUnsafe
ZillyaTrojan.Agent.Win32.964641
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanSpy:Win32/Banker.39e9e996
K7GWTrojan ( 004bcce41 )
K7AntiVirusTrojan ( 004bcce41 )
VirITTrojan.Win32.Genus.KAL
ESET-NOD32a variant of Win32/Spy.Banker.ADCK
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Agent.nevyew
BitDefenderTrojan.GenericKD.49196903
NANO-AntivirusTrojan.Win32.CXAD8329.eeirip
AvastWin32:Malware-gen
RisingTrojan.Merca!8.D899 (TFE:5:9jK4ymMHN3J)
Ad-AwareTrojan.GenericKD.49196903
EmsisoftTrojan.GenericKD.49196903 (B)
ComodoPacked.Win32.MUPX.Gen@24tbus
VIPRETrojan.GenericKD.49196903
TrendMicroTROJ_ERCAD.A
McAfee-GW-EditionBehavesLike.Win32.Generic.rh
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.8d46ee2d141176e9
SophosMal/Generic-R + Troj/Agent-ATFW
IkarusTrojan-Banker.Win32.Banker
GDataTrojan.GenericKD.49196903
JiangminTrojan.Generic.acbvh
GoogleDetected
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.3303
KingsoftWin32.Troj.Agent.(kcloud)
ArcabitTrojan.Generic.D2EEAF67
ZoneAlarmTrojan.Win32.Agent.nevyew
MicrosoftTrojan:Win32/Merca.A
CynetMalicious (score: 100)
Acronissuspicious
ALYacTrojan.GenericKD.49196903
MAXmalware (ai score=99)
VBA32TScope.Trojan.Delf
MalwarebytesMalware.AI.3735310591
TrendMicro-HouseCallTROJ_ERCAD.A
TencentWin32.Trojan.Agent.Tsmw
YandexTrojan.GenAsa!xo0YwLP9Kwk
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Delf.OKU!tr
BitDefenderThetaGen:NN.ZelphiF.34698.@p0@ayxqZXhi
AVGWin32:Malware-gen
Cybereasonmalicious.d14117
PandaTrj/GdSda.A

How to remove Trojan:Win32/Merca.A?

Trojan:Win32/Merca.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment