Home / malware Trojan.Tapaoux.C
First posted on 12 August 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Tapaoux.C.
Explanation :
When the Trojan is executed, it creates the following file: %UserProfile%\Application Data\Microsoft\mspaint2.lnk
This file contains a script that creates the following JavaScript file: %Temp%\u.js
The JavaScript file connects to one of the following remote locations: [http://]www.openofficev.info/decod/unzi[REMOVED][http://]office-revision.com/office2014/zip4/unzi[REMOVED][http://]office-revision.com/office2014/zip3/unzi[REMOVED][http://]www.openofficev.info/decod9/unzi[REMOVED]
The Trojan may then download and execute additional scripts
The Trojan may also open an image stored in the following locations: %UserProfile%\Application Data\letter_rcs.jpg[PATH TO TROJAN]\letter_rcs.jpg
This image includes a message written in Korean.Last update 12 August 2015
