Trojan.Tapaoux.B

By JubileeX in Trojans

Trojan.Tapaoux.B is a Trojan that opens a back door on the targeted PC. Once run, Trojan.Tapaoux.B may create the malevolent files. Trojan.Tapaoux.B may delete the 'sysconfig.ini' file if it is added to the particular locations (%System%\ and %AppData%\Microsoft\Protect). Trojan.Tapaoux.B may create the registry entries so that it can load automatically whenever the computer user is starts Windows. Trojan.Tapaoux.B adds itself into the processes such as 'wscntfy.exe', 'wuauclt.exe', 'ctfmon.exe', 'svchost.exe' and 'dwm.exe'. Trojan.Tapaoux.B then opens a back door on the compromised PC, creates a log file, and connects to one of the particular web addresses. Trojan.Tapaoux.B may fulfill the harmful actions such as run file operations (run, search, delete, copy, move, upload), grab system information and encrypt for storage (computer name, adapter information, OS), access, create, and stop any running process, make modifications to the Windows Registry, gain network connection state, decrypt data stored in .bin file, load infected DLLs and call export function called 'RunThisCode', and further configure or update the malware infection. Trojan.Tapaoux.B may erase itself.

Table of Contents

File System Details

Trojan.Tapaoux.B may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%System%\d[RANDOM CHARACTERS].dll
Name: %System%\d[RANDOM CHARACTERS].dll Type: Dynamic link library
2.	[TEMPLATES]\RcDll.dll
Name: [TEMPLATES]\RcDll.dll Type: Dynamic link library
3.	[TEMPLATES]\[RANDOM CHARACTERS].exe
Name: [TEMPLATES]\[RANDOM CHARACTERS].exe Type: Executable File
4.	%AppData%\Microsoft\Protect\SystemKey\d[RANDOM CHARACTERS].dll
Name: %AppData%\Microsoft\Protect\SystemKey\d[RANDOM CHARACTERS].dll Type: Dynamic link library
5.	%System%\ffffz[MM][DD][hh][mm][ss][0-3 LETTERS OR DIGITS].tmp
Name: %System%\ffffz[MM][DD][hh][mm][ss][0-3 LETTERS OR DIGITS].tmp Type: Temporary File
6.	%System%\b[RANDOM CHARACTERS].bin
Name: %System%\b[RANDOM CHARACTERS].bin Type: Binary File
7.	[TEMPLATES]\data
Name: [TEMPLATES]\data
8.	%AppData%\Microsoft\Protect\SystemKey\b[RANDOM CHARACTERS].bin
Name: %AppData%\Microsoft\Protect\SystemKey\b[RANDOM CHARACTERS].bin Type: Binary File

Registry Details

Trojan.Tapaoux.B may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\"Startup" = "%UserProfile%\Application Data\Microsoft\Windows\Explorer"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[RANDOM CHARACTERS].exe" = "%SYSTEM%\[RANDOM CHARACTERS].exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[RANDOM CHARACTERS].exe" = "%AppData%\Microsoft\Protect\[RANDOM CHARACTERS].exe"

URLs

Trojan.Tapaoux.B may call the following URLs:

Adobe-updates.com

News-updates.org

Online.usean.biz

Sqlengine.net

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Trojan.Tapaoux.B

File System Details

Registry Details

URLs

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen