Home / malware TrojanDownloader:O97M/Daoyap.A
First posted on 13 October 2015.
Source: MicrosoftAliases :
There are no other names known for TrojanDownloader:O97M/Daoyap.A.
Explanation :
Threat behavior
Installation
This threat contains malicious macros that can be embedded in Microsoft Office files. When you open a malicious file, Microsoft Word should show you a security notification to ask whether you want to enable macros. If you enable macros, the threat will run.
We have seen this threat spread as a malicious Excel or Word file that is attached to spam emails as an .xls or .doc file. Example spam emails:
The attached file has a random name, for example:
- Invoice_[0-9]+.doc
- Payments_Deposit.xls
- Sample Spec Order.xls
- [YYYYMMDD][0-9]+.doc
Payload
Downloads other malware
The macro tries to download other malware including PWS:Win32/Dyzap and saves it in %TEMP% folder.
We have seen it download malware from the following servers:
- hxxp://dmedei.3x.ro/
.exe - hxxp://leezlazarow.com/
.exe
Analysis by Donna Sibangan
Symptoms
The following can indicate that you have this threat on your PC:
- You have received an email that looks like this:
Last update 13 October 2015
