Search

to access a certain URL to download a possibly malicious file.

possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. The downloaded file is usually saved as follows:

malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. TrojanDownloader:Java/OpenConnection.PX (Microsoft),

file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Exploit:Java/CVE-2012-1723.A (Microsoft), Generic Exploit!qm3

which attempts to download and execute possibly malicious file from a certain website. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. The

a possibly malicious file from a certain url . As a result, malicious routines of downloaded file are also exhibited on the affected system. TrojanDownloader:Win32/Karagany.I (Microsoft);

user. NOTES: Other Details Based on analysis of the codes, it has the following capabilities: Execute remote shell commands Show a URL using the default browser of the affected system Force the user to

NOTES: This Trojan requires the following parameter supplied by a component to perform its intended routine: exteeec - contains the URL where it connects to xlkley - contains the decryption key for the

file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when

are inaccessible. NOTES: This Trojan connects to the URL http://fjinder.{BLOCKED}ed.net/?pubid=332 to possibly collect pay-per-click advertising payments. Trojan-Clicker.MSIL.Agent.yu(Kaspersky),

a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: val prime Exploit:Java/CVE-2012-0507 (Microsoft),

a certain URL. The URL where this malware downloads the said file depends on the parameter bagdfssdc1 passed on to it by its components. Exploit:Java/CVE-2012-1723.BXR (Microsoft),

have any propagation routine. Backdoor Routine This Coinminer does not have any backdoor routine. Other Details This Coinminer does the following: Connects to the following URL to mine cryptocurrency:

the affected system's memory: taskmgr Other Details This Ransomware does the following: Displays the following lockscreen window: The url button opens the following links: http://{BLOCKED}ik.com/40qm

}ion-entertainment.com/wp/wp-content/plugins/css-ready-selectors/network NOTES: After clicking on the link, a webpage is displayed that tricks users into giving their email addresses: Clicking on Next redirects users to the URL https://{BLOCKED

Upon execution, this Trojan downloads and executes a shellcode from the following URL and executes it: http://www.{BLOCKED}40.co.kr/conf/product_old.jpg However, as of this writing, the said sites are

}.ng/wp-admin/css/colors/light/Adobe/index.php It does the following: When users click the link on the PDF file, it accesses the said URL which is a phishing site, asking to fill out data to be stolen. Trojan.PDF.Phishing (Ikarus);

Upon execution, this Trojan downloads and executes a shellcode from the following URL and executes it: http://www.{BLOCKED}040.{BLOCKED}.kr/design/m/images/image/image.php However, as of this writing,

or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected

}tasunik.com/wordpress/personal/realestategj/oohay.php https://{BLOCKED}tasunik.com/wordpress/personal/realestategj/rehto.php It does the following: When users click the link on the PDF file, it accesses the said URL which is a phishing site, asking to