Search
Keyword: URL
posting messages in the aforementioned sites. The messages posted may contain a URL that leads to its copy. Worm Spreads via Facebook Private Messages, Instant Messengers Downloaded from the Internet,
=Recycled.scr shell\Auto\command=Recycled.scr Other Details This worm deletes the initially executed copy of itself NOTES: It injects itself into the created process svchost.exe. It connects to the following URL
It connects to a URL to download its configuration file. It hooks certain APIs to perform its information stealing routine. This Trojan may be dropped by other malware. It may be unknowingly
an encrypted file. It connects to a certain URL to get a list of active peers. This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when
{random numbers} Information Theft This backdoor gathers the following data: User name Computer name OS type and version Processor information Drive information NOTES: In the URL it connects to, {uri} may
\tus5A0A.txt . It also connects to the URL {BLOCKED.{BLOCKED}.100/0502uk12/{computername}/0/{OS Version}-{Service Pack}/0/ to send information. The following information are posted: Computer name Operating
downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}3.{BLOCKED}1.28.235/kwefewef/fgdsee/dxzq.jpg It saves the files it downloads using the
applications. It is an installer package for New Player application. This adware connects to the following URL to get the data it will display on its installer: http://{BLOCKED}.mxp{version}.com/{random value} It
specify the algorithm to use scrypt scrypt(1024, 1, 1) (default) sha256d SHA-256d -o, --url=URL URL of mining server (default: http://127.0.0.1:9332/) -O, --userpass=U:P username:password pair for mining
usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where
\Explorer\ Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012} @ = "" HKEY_CURRENT_USER\Software\AppDataLow\ BHOinit url = "http://{BLOCKED}pickupforu.com/dgabbana/ " HKEY_CURRENT_USER\Software
pool cryptonight/2 cryptonight/half cryptonight/xtlv9 cryptonight/wow -wownero pool cryptonight/r -o, --url=URL = URL of mining server -O, --userpass=U:P = username:password pair for mining server -u,
the following: Connects to the following URL to download a file: http://{BLOCKED}o.{BLOCKED}ntabros.com/78234.bin Shows the following: executes the following commands to download and execute a file:
content details backup paths password usernames Other Details This Trojan Spy does the following: It connect to the following url to receives instructions with an encoded public network range to scan:
kdb wdb nv2 flkb sko xbrl sxc p12 tax It does the following: It connects to the following URL to report the affected system's information: http://{BLOCKED}plin.net/wordpress/wp-includes/oops.php?id
the file from the following URL and renames the file when stored in the affected system: https://{BLOCKED}e.ibb.co/kO6xZ6/insane_uriel_by_urielstock_3.jpg Other Details This Ransomware connects to the
which connects to the URL https://{BLOCKED}r.ru/ Trojan.Win32.Hesv.cmfp (KASPERSKY), Ransom.MyLittleRansom (NORTON), Mal/Cryptear-A (SOPHOS_LITE) Dropped by other malware, Downloaded from the Internet
from the following URL and renames the file when stored in the affected system: http://{BLOCKED}.{BLOCKED}.191.97/soft/get.php?name=8aa7dee7 It saves the files it downloads using the following names:
}.{BLOCKED}.53.15/bermuda/triangle.php It saves the files it downloads using the following names: %User Temp%\shereder.exe - may also contain an error code if the URL is inaccessible (Note: %User Temp%