Win32/Miep [Threat Name] go to Threat
Win32/Miep.A [Threat Variant Name]
| Category | trojan |
| Size | 31232 B |
| Aliases | TrojanSpy:Win32/Lurk.E (Microsoft) |
| Trojan.Filurkes (Symantec) | |
| Win32:Lurk-D (Avast) |
Short description
Win32/Miep.A is a trojan which tries to download other malware from the Internet.
Installation
When executed, the trojan copies itself into the following location:
- %temp%\%variable%.tmp
A string with variable content is used instead of %variable% .
The following Registry entries are created:
- [HKEY_CURRENT_USER\Software\Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}\InProcServer32]
- "(Default)" = "%temp%\%variable%.tmp"
- "ThreadingModel" = "Both"
The trojan can create and run a new thread with its own program code within the following processes:
- iexplore.exe
- firefox.exe
The trojan quits immediately if it detects certain security applications running.
Information stealing
Win32/Miep.A is a trojan that steals sensitive information.
The trojan collects the following information:
- installed firewall application
- antivirus software detected on the affected machine
The trojan attempts to send gathered information to a remote machine.
Other information
The trojan contains a list of (3) URLs.
It tries to download a file from the addresses.
The file is executed as a thread in the folowing process:
- iexplore.exe
The HTTP protocol is used.