Home / malware Trojan:Win32/Mediyes.E
First posted on 31 May 2012.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Mediyes.E.
Explanation :
Trojan:Win32/Mediyes.E is a trojan that can send system information about your computer to a remote server for collection by an attacker. The trojan could download additional malicious files and execute them on your computer.
Installation
This trojan may be present as a randomly named file in the Windows system folder, such as "jpgm9nq6.dll", "jpgqldx7.dll" and so on.
Payload
Downloads other files
Trojan:Win32/Mediyes.E steals system information such as the following:
- The MAC address of the network adapter
- The hard disk drive serial number
- The Windows serial number
The trojan attempts to connect to a remote server to perform these actions:
Additional information
- Download a configuration file
- Send installation details and stolen system information
- Download additional malware
The trojan communicates with other components of Win32/Mediyes via a Named Device Object "\\.\Global\SysEvtC". It is also injected into the web browser process, for example "iexplore.exe", "firefox.exe" and "chrome.exe", so it will run as a hidden process.
Analysis by Alden Pornasdoro
Last update 31 May 2012