Win32/Tagak [Threat Name] go to Threat

Win32/Tagak.P [Threat Variant Name]

Category trojan
Detection created Feb 05, 2015
Signature database version 11126
Aliases Trojan.Win32.Yakes.iyhv (Kaspersky)
Short description

Win32/Tagak.P is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.


The following Registry entries are created:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­EventSubsystem]

The trojan creates and runs a new thread with its own program code within the following processes:

  • explorer.exe

The trojan executes the following commands:

  • CMD /C SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && DEL "%originalmalwarefilepath%"
Information stealing

Win32/Tagak.P is a trojan that steals sensitive information.


The trojan collects the following information:

  • information about the operating system and system settings
  • list of running processes

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan tries to download and execute several files from the Internet.


The trojan contains a list of (3) URLs. The HTTP protocol is used in the communication.


The downloaded files contain encrypted executables.


The trojan terminates its execution if it detects that it's running in a specific virtual environment.

Please enable Javascript to ensure correct displaying of this content and refresh this page.