Home / malwarePDF  


First posted on 09 November 2017.
Source: Microsoft

Aliases :

There are no other names known for PWS:Win32/Emotet.E.

Explanation :


This threat is installed by Trojan:Win32/Emotet.C.

It creates the following file on your PC:

  • %APPDATA% \mailpv.exe (detected as HackTool:Win32/Mailpassview)

HackTool:Win32/Mailpassview is deleted once your email account information has been stolen.


Steals your email account user names and passwords

This malware installs HackTool:Win32/Mailpassview onto your PC. This hacktool is run in a hidden window and collects your email credentials before being deleted by the malware.

The malware then connects to one the following remote servers to send the stolen information:
  • bardubar.com///smtp.php
  • bigbrotherswhitecarsite.eu///smtp.php
  • likesomthingstrongandculture.eu///smtp.php

The stolen email credentials are then used for sending spam emails that spread malware in the Win32/Emotet family.

Analysis by HeungSoo (David) Kang

Last update 09 November 2017