Search
Keyword: URL
following: It gets the IP of the affected system It connects to a constructed URL with a structure: http://www.{BLOCKED}tagmanager.com/pdf.php? {query parameter containing the ID,IP address of the affected
console: stored login URL of websites date when login entry is stored It's main routine may be dependent on the output of the following malware: HackTool.MSIL.PasswordDump.YABHF It accepts the following
}9uehi.flgalgtop.online https://{BLOCKED}1jw62.jgakgalga.online It does the following: It lures the user to open following possibly malicious URL in a browser: https://{BLOCKED
}6432u.jgakgalga.online https://{BLOCKED}821y.flgalgtop.online It does the following: It lures the user to open following possibly malicious URL in a browser: https://{BLOCKED
malicious sites. Other Details This Trojan does the following: It connects to the following URL to load a malicious template file: http://{BLOCKED}l.pro/23ce-5 which redirects to: http://{BLOCKED}.{BLOCKED}.
following: It connects to the following URL through HTTP POST to download a file from the {File URL}: http://{BLOCKED}ns.net:13/is-sending {File URL} It saves the downloaded file as: {Directory}\{Filename from
following component file(s): %User Temp%\drvpci.exe – terminates taskmgr and regedit %User Temp%\windefrag.exe – drops ransom note and displays ransom window %User Temp%\winpnp.exe – connects to URL to report
link redirects the recipient to the URL {BLOCKED}e.ce.ms/index.php . The other sample contains a short news item about Steve Jobs' death, together with a link that directs to a malicious website. Both
2003.) NOTES: This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. However, it
\ Internet Explorer\Main TabProcGrowth = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\URL SystemMgr = "Del" This report is generated via an automated analysis system. PWS:Win32/Magania.gen
The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: exec xkey LooksLike.Java.CVE-2013-0431.a (Sunbelt)
name}\Local Settings\Temp on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL
a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: val prime Java/Jogek.bhw.4 (Antivir), Java/Exploit.Agent.NTF
The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: exec xkey Exploit:Java/CVE-2012-1723(Microsoft), Exploit.Java.CVE-2012(Ikarus)
Settings\Temp on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware
It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: SVMCwS3
message from premium phone numbers Grabs target premium phone number and message text from the URL http://{BLOCKED}0ldierz.com/command.php?action=recv Sends SMS to target premium phone number
Start Vulnerability that allow attackers to run commands via a Java Archive (.JAR) file on the user's system without the need for a user name and password Connects to the URL http://www.{BLOCKED
file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Exploit:Java/Blacole.GD (Microsoft), JV/Exploit-Blacole.q !!
possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. The downloaded file is usually saved as follows: