SecurityHome.eu Trojan.Tapaoux.C

Home / malware PDF

Trojan.Tapaoux.C

First posted on 12 August 2015.
Source: Symantec
Aliases :
There are no other names known for Trojan.Tapaoux.C.
Explanation :
When the Trojan is executed, it creates the following file: %UserProfile%\Application Data\Microsoft\mspaint2.lnk
This file contains a script that creates the following JavaScript file: %Temp%\u.js
The JavaScript file connects to one of the following remote locations: [http://]www.openofficev.info/decod/unzi[REMOVED][http://]office-revision.com/office2014/zip4/unzi[REMOVED][http://]office-revision.com/office2014/zip3/unzi[REMOVED][http://]www.openofficev.info/decod9/unzi[REMOVED]
The Trojan may then download and execute additional scripts

The Trojan may also open an image stored in the following locations: %UserProfile%\Application Data\letter_rcs.jpg[PATH TO TROJAN]\letter_rcs.jpg
This image includes a message written in Korean.
Last update 12 August 2015

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Trojan.Tapaoux.C