Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Threats Trojan-Dropper Win32

Trojan-Dropper.Win32.Dapato.rnvp

Update Date
11/17/2023

Class: Trojan-Dropper

Trojan-Dropper programs are designed to secretly install malicious programs built into their code to victim computers. This type of malicious program usually save a range of files to the victim’s drive (usually to the Windows directory, the Windows system directory, temporary directory etc.), and launches them without any notification (or with fake notification of an archive error, an outdated operating system version, etc.). Such programs are used by hackers to: secretly install Trojan programs and/or viruses protect known malicious programs from being detected by antivirus solutions; not all antivirus programs are capable of scanning all the components inside this type of Trojans.

Read more

Platform: Win32

Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.

Family: Trojan-Dropper.Win32.Dapato

No family description

Examples

F237AC23F46538F5BCAD03A94300D973
08C8A0D3661D1A906CFAAE0BD71A01FF
6C6308E7EF157C5FC0A0097BC67F1317
6127EBB2287C8A59971107A837EC0E3A
62CB195A61239E93572EDDCC7B695AB4

Tactics and Techniques: Mitre*

TA0002
Execution

An adversary may rely upon a user opening a malicious file in order to gain execution. Users may be subjected to social engineering to get them to open a file that will lead to code execution. This user action will typically be observed as follow-on behavior from Spearphishing Attachment. Adversaries may use several types of files that require a user to execute them, including .doc, .pdf, .xls, .rtf, .scr, .exe, .lnk, .pif, and .cpl.


T1204.002
Malicious File

An adversary may rely upon a user opening a malicious file in order to gain execution. Users may be subjected to social engineering to get them to open a file that will lead to code execution. This user action will typically be observed as follow-on behavior from Spearphishing Attachment. Adversaries may use several types of files that require a user to execute them, including .doc, .pdf, .xls, .rtf, .scr, .exe, .lnk, .pif, and .cpl.


* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
08 August 2025
Securelist
Scammers mass-mailing the Efimer Trojan to steal crypto
06 August 2025
Securelist
Driver of destruction: How a legitimate driver is being used to take down AV processes
30 July 2025
Securelist
Cobalt Strike Beacon delivered via GitHub and social media
25 July 2025
Securelist
ToolShell: a story of five vulnerabilities in Microsoft SharePoint
21 July 2025
Securelist
The SOC files: Rumble in the jungle or APT41’s new target in Africa
17 July 2025
Securelist
GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Threat
Confirm changes?
Your message has been sent successfully.