Home / malware JS.Nemucod
First posted on 02 December 2015.
Source: SymantecAliases :
There are no other names known for JS.Nemucod.
Explanation :
The Trojan may arrive in spam emails as an attachment. The file usually ends with the extension ".doc.js" or ".pdf.js".
When the Trojan is executed, it connects to a compromised WordPress site and downloads one of the following files: %Temp%\67057318.dll%Temp%\27172347.exe
The Trojan may then execute the file through WShell or Rundll32.exe.Last update 02 December 2015
