Type: Trojan

Beware of an email scam involving the Trojan This email scam consists of an email claiming to originate from DHL, the popular international courier service. This fraudulent email will try to convince the victim that there is a shipment on the way and that an attached file should be opened in order to track the package and obtain more information on the shipment. However, opening the attached file contained in this bogus email from DHL will cause the victim's computer to become infected with the Trojan. It is easy to become fooled by this email scam, because the criminals behind have managed to spoof an email address that looks quite authentic, appearing to originate from an official DHL server. It is because of this that ESG malware analysts strongly recommend never opening links or downloading attachments contained in unexpected emails, even if they appear to come from a legitimate source.


The fake email from DHL is a fairly passable imitation of legitimate emails from this courier company. It also contains links to the official, legitimate DHL website. The language within this email is also pretty typical of official emails from this company. This is why caution should be exercised when dealing with unexpected emails. Even then, it is highly unlikely that a legitimate email from DHL would prompt a user to open an attached file in order to receive more information on a particular shipment. These kinds of practices should trigger your alarms, since they are typical of how most phishing scams and email frauds operate on a computer.


The Trojan contained in this fake DHL email,, also detected as Win-Trojan/Obfuscated.Gen, is a fairly typical backdoor Trojan. is designed to take over your computer system, connect to a remote server and put your computer system in the hands of a criminal. Using the infection, a hacker can control your computer system remotely. This level of unauthorized control can be used to perform illegal acts involving the infected computer system. Some examples of activities associated with a infection include using the infected computer to send out spam email (including additional copies of the fake DHL email scam), using the infected machine to perform DDoS attacks on specific targets and to cover up other criminal activities such as child pornography rings or money laundering. Computer users should be certain that their anti-malware software is protecting their systems from the Trojan.


15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
AVG Generic27.BNIO
Fortinet W32/Injector.PRI
Ikarus Trojan-Ransom.Win32.Mbro
AhnLab-V3 Dropper/Win32.Injector
Antiy-AVL Trojan/Win32.Mbro.gen
Sophos W32/VB-FWA
DrWeb Trojan.Packed.22445
Kaspersky Trojan-Ransom.Win32.Mbro.dcw
ClamAV Trojan.Mbro-2
eSafe Win32.Injector.Pri
Avast Win32:Rootkit-gen [Rtk]
NOD32 Win32/MBRlock.D
McAfee W32/Worm-FCF!0E0F3848F352
CAT-QuickHeal TrojanRansom.MBro.dcw

Technical Information

File System Details creates the following file(s):
# File Name MD5 Detection Count
1 uwpwlmeitke.exe 87cc0a0b77a8d837a2a70c20f3bbcc7d 96
2 A0BAA5.exe 8b07fe8f533ab8e02daa3eaae6612e1c 45
3 qprumllxjfyokilbeu.exe c8471ea9a7c40e586ec0f21e40e21e9e 27
4 kagyn.exe d7a2a72bbae0760f4772bffc3ed116d4 13
5 z3CetQZO.exe 476fda6471c874c584725a4f8cab7555 13
6 ahwuo.exe a8b9ddd0d17f35fe5d4c35a89ded2798 6
7 zeruq.exe 81227ea07cd172180698580b41c4e109 6
8 oqaq.exe 12dfa07d9d0d5de46d4681cb0ccee952 5
9 mesoa.exe c631b06107131e1891cf64bcee0f8fc0 4
10 ikaf.exe 42fdfd374f3b6ac6c9621325c5d370bd 3
11 apikndss.exe 0e0f3848f352da113f65e3787df9fc3b 3
12 lozai.exe f4679f83603bc7ae08ab5517d7065ac6 3
13 iqzehy.exe 761eda071af0c7d9841ccc78050ceffb 2
14 ytze.exe 490763428fd9abf379638aae5bccfc41 2
15 eHRFhkpXr.exe 49509701af157a56409774224d99f790 2
16 366F95.exe 1bfef062e53f54d5beb4413ddcc683b0 2
17 msrerkua.scr 95b992ee6f22221c0d9fa482d050b916 2
18 svd.exe 6f022949743f2ea44116cebfdb9ff232 2
19 ekeww.exe 2a2580e77edf6d1a80e49934bb0e1914 1
20 pevoco.exe 8df0c89648bd8eb80c82c63bd9bffcb6 1
21 gyokq.exe 1ac6598d68f7f7c50f9589132c5bb9f0 1
22 svcnost.exe ba9066bb27344c4a74a67f51fc51e258 1
23 yrahiw.exe f47751d13cf32bd1f6d8e6834fdc0865 1
24 xauras.exe e6bda8657f7e1e16755c8037b8620ee2 1
25 UpgradeHelper.exe ad1a6b291341f57a121783a319a3404d 1
26 83ALuOH.exe 40f55b80aa1b8900197904e4494fec4e 1
27 skype.dat 06956b0f41300d476fb83fc63e64bc97 1
28 file.exe 1b116181b38b3b414da02f09ea142e9e 0
More files

Related Posts

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.