News
The spam messages contain a “.zip” file, which, if opened, contains a small application called UPATRE. That executable file downloads a “.enc” file, which it then decrypts.
As .enc files aren’t inherently malicious, none of the 50 security programs at VirusTotal, Google’s free detection service, are currently marking attachments carrying them as so.
When the JS file is executed, it will download the TorrentLocker executable, save it to the %Temp% folder, and execute it. Once executed, it will encrypt the computer's data and append the .
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback