Search
Keyword: URL
Trojan does not have any backdoor routine. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: https://{BLOCKED
{BLOCKED}b.org/gate.php It deletes itself after execution. NOTES: This Trojan connects to the URL http://api.ipify.org , which is possibly non-malicious. Trojan:Win32/Chanitor (Microsoft);
XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming on Windows Vista and 7.) NOTES: It connects to the following URL to log infection to malware server: http://{BLOCKED}venturoso.com.br/log.php
Information Theft This backdoor gathers the following information on the affected computer: Computer Name OS Version RAM NOTES: This backdoor pings the following URL to get its IP address where it connects to
\AppData\Local\Temp\notepad.exe and C:\Users\{username}\AppData\Local\Temp\newnotepad.exe 002 - exit 003 - download from URL received and save to C:\Users\{username}\AppData\Local\Temp\notepad.exe 004 - save
minutes) Download and execute arbitrary file Update and uninstall itself Visit URL It connects to the following websites to send and receive information: http://{BLOCKED}.{BLOCKED}.145.174:6667/{generated
url {BLOCKED}.{BLOCKED}.19.190 ): Ransomware Routine This Ransomware encrypts files with the following extensions: .bak .sql .backup .7z .rar .zip .tiff .jpeg .jpg .accdb .sqlite .dbf .1cd .mdb .cd .cdr
visiting malicious sites. Installation This Trojan drops the following files: %Windows%\System\msinfo.exe -> Detected as Trojan.Win32.SHELMA.AMC %Windows%\System\upslist.txt -> Contains list of URL to
downloaded manually by accessing the malicious URL above. It does not exploit any vulnerability. JS.Downloader (Symantec) Downloaded from the Internet, Dropped by other malware Connects to URLs/IPs, Downloads
name} on Windows Vista and 7.) Other Details This Ransomware does the following: This Ransomware connects to the following malicious URL to create and send encryption keys: http://{BLOCKED
contains the following URL which was not used by its functions: http://thanhlong.{BLOCKED}e.com.vn/mediacenter/hk2.php?info= http://thanhlong.jujube.com.vn/mediacenter/hk2.php?info= --> Ransomware Routine
monero cryptocurrency (XMR) and it requires credentials for the mining server. It accepts the following parameters: -a, --algo=ALGO → cryptonight (default) or cryptonight-lite -o, --url=URL → URL of mining
when visiting malicious sites. Other Details This Coinminer does the following: It accepts the following parameters: -a, --algo=ALGO → cryptonight (default) or cryptonight-lite -o, --url=URL → URL of
information gathered to a specific URL It locks the screen and displays the following image: Ransomware Routine This Ransomware leaves text files that serve as ransom notes containing the following text:
said registry entry is {User Preference} .) Information Theft This spyware gathers the following data: Chrome-stored username Chrome-stored password Chrome-stored origin url Other Details This spyware
folder to view files using Windows Explorer Backdoor Routine This worm executes the following commands from a remote malicious user: Download and execute file Propagate via USB drives Visit a URL It
Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system:
" in its filename. A ransom message is contained in the file LUTFEN_OKUYUN.inf . It may connect to the following URL to download the key used in encrypting the files: https://{BLOCKED
}5.cc/helper/helper.php It does the following: It connects to the following URL to download a file: http://helper.{BLOCKED}dn.net/2345helper/HelperMain4.5.0.1589.dat a variant of Win32/2345.H potentially unwanted
does not have rootkit capabilities. Information Theft This Trojan does not have any information-stealing capability. Other Details This Trojan does the following: It connects to the following URL to