Home / malware Trojan:Win32/Gophe.A
First posted on 13 March 2015.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Gophe.A.
Explanation :
Threat behavior
Installation
This threat can be installed on your PC when you visit a malicious or compromised website. It can also be installed by other malware, including threats in the Win32/Upatre and Win32/Dyzap families.
It creates a BAT file with a random name in %TEMP%, for example, %TEMP%\8972718.bat.
The malware creates a batch file to delete its copy from once it has uploaded stolen information from your PC.
Payload
Steals your sensitive information
This threat can collect the following information from your Outlook email account:
- Details of your sent and received emails, such as:
- Attachment name
- Subject
- Content
- Email addresses
- User Signature file
- Outlook version
- Windows version
- Outlook Bitness version
The stolen information is then uploaded to a malicious hacker. We have seen this threat contact the following server:
- 176.
.0.58
Analysis by Patrick Estavillo
Symptoms
Alerts from your security software might be the only symptom.
Last update 13 March 2015
