Win32/Tagak [Threat Name] go to Threat
Win32/Tagak.P [Threat Variant Name]
|Detection created||Feb 05, 2015|
|Signature database version||11126|
Win32/Tagak.P is a trojan which tries to download other malware from the Internet.
The trojan does not create any copies of itself.
The following Registry entries are created:
The trojan creates and runs a new thread with its own program code within the following processes:
The trojan executes the following commands:
- CMD /C SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && DEL "%originalmalwarefilepath%"
Win32/Tagak.P is a trojan that steals sensitive information.
The trojan collects the following information:
- information about the operating system and system settings
- list of running processes
The trojan attempts to send gathered information to a remote machine.
The trojan tries to download and execute several files from the Internet.
The trojan contains a list of (3) URLs. The HTTP protocol is used in the communication.
The downloaded files contain encrypted executables.
The trojan terminates its execution if it detects that it's running in a specific virtual environment.