SecurityHome.eu TrojanDownloader:O97M/Daoyap.A

Home / malware PDF

TrojanDownloader:O97M/Daoyap.A

First posted on 13 October 2015.
Source: Microsoft
Aliases :
There are no other names known for TrojanDownloader:O97M/Daoyap.A.
Explanation :
Threat behavior

Installation

This threat contains malicious macros that can be embedded in Microsoft Office files. When you open a malicious file, Microsoft Word should show you a security notification to ask whether you want to enable macros. If you enable macros, the threat will run.

We have seen this threat spread as a malicious Excel or Word file that is attached to spam emails as an .xls or .doc file. Example spam emails:

The attached file has a random name, for example:

Invoice_[0-9]+.doc

Payments_Deposit.xls

Sample Spec Order.xls

[YYYYMMDD][0-9]+.doc

Payload

Downloads other malware

The macro tries to download other malware including PWS:Win32/Dyzap and saves it in %TEMP% folder.

We have seen it download malware from the following servers:

hxxp://dmedei.3x.ro/.exe

hxxp://leezlazarow.com/.exe

Analysis by Donna Sibangan

Symptoms

The following can indicate that you have this threat on your PC:

You have received an email that looks like this:

Last update 13 October 2015

TOP

Malware :

Last 20

Family:

TrojanDownloader:O97M/Daoyap.A