Home / malware W97M.Downloader.F
First posted on 27 February 2016.
Source: SymantecAliases :
There are no other names known for W97M.Downloader.F.
Explanation :
W97M.Downloader.F is a malicious macro that may arrive as a Word document attachment in spam emails.
When the Word document is opened, the macro attempts to download and execute a potentially malicious file from the following remote locations:
ekateh.ru/media/images/76tg654viun76bautoshara.com.ua/system/logs/76tg654viun76bwww.westport.in/vqmod/xml/76tg654viun76b
The Trojan saves the downloaded file to the following location and then executes it:
%Temp%\palec32.exe
Note: At the time of analysis the downloaded file was Trojan.Cridex.Last update 27 February 2016
