Search
Keyword: URL
hosted on a website and run when a user accesses the said website. Download Routine This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file
hosted on a website and run when a user accesses the said website. Download Routine This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file
hosted on a website and run when a user accesses the said website. Download Routine This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file
long url parameter in the Redirect method. RSA Security RSA Authentication Agent for Web 5.2,RSA Security RSA Authentication Agent for Web 5.3 Trend Micro Deep Security shields networks through Deep
following: It connects to the following URL to download its component which it will load in its memory and perform its malicious routine: {BLOCKED}.{BLOCKED}.150.23:80 However, as of this writing, the said
following processes: mshta https://{BLOCKED}.mp/wuioqhwkuqghsmgjhsgaa Other Details This Trojan does the following: It connects to the following URL to execute remote code: https://{BLOCKED
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Other Details This Trojan does the following: Connects to the following URL to retrieve the
following: It connects to the following URL to load a malicious template file: http://{BLOCKED}.{BLOCKED}.{BLOCKED}.18/_errorpages/obizx.doc However, as of this writing, the said sites are inaccessible.
possibly malicious URL when opened in a web browser: https://{BLOCKED}g.com/th/id/OIP.jQmZhreeKN9dMEBKw2-tcQAAAA?w=140&h=150&c=7&r=0&o=5&dpr=2&pid=1.0 HTML:Phishing-CTH [Phish] (AVAST) Downloaded from the
\ Internet Explorer\SearchScopes\{402128F8-5DD7-4039-B4BE-80E4366186AF} DisplayName = "????" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes\{402128F8-5DD7-4039-B4BE-80E4366186AF} URL =
usernames obtained from the following URL: http://{BLOCKED}e.puzopuzo.biz/cmd.php When this URL is accessed by the backdoor, its C&C server sends back a command, which contains another URL where a text file
from a remote malicious user: Sleep/Idle (2 minutes) Download and execute arbitrary file Update and uninstall itself Visit URL It connects to the following websites to send and receive information:
loaded. It adds an iframe with the following URL to vulnerable browsers when a vulnerable PDF plugin is detected: http://{BLOCKED}.{BLOCKED
rundll32 {DLL copy},Startup It accesses the following URL to download an updated copy of itself or another malware: {date-time}.{BLOCKED}zy.net/get2.php The downloaded file is saved as %Windows%\{random} .
applications to entice a user to click them. This file contains a URL where it connects to possibly download other files. It deletes itself after execution. Arrival Details This Trojan arrives on a system as a
\YMSGR_buzz content url = "http://{BLOCKED}al-news.com" HKEY_CURRENT_USER\Software\Yahoo\ pager\View\YMSGR_Launchcast content url = "http://{BLOCKED}al-news.com" It modifies the following registry entries:
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. This file contains a URL where it connects to possibly
\Microsoft\ Internet Explorer\Main Use Custom Search URL = "1" = (Note: The default value data of the said registry entry is .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Internet Explorer\Main Search Bar =
It opens the non-malicious URL http://www.irs.gov/pub/irs-pdf/f941.pdf to hide its malicious routines from the user. It registers the downloaded .DLL file as a Browser Helper Object (BHO) by
GET request on a specified URL Process Create processes Kill processes List processes Run files Reg Delete registry entries Read registry entries Modify registry entries System Enumerate drives and get