Search
Keyword: URL
for the following string on the filename and if it matches it will not perform its intended operation: "C" However, a download URL is not specified. TrojanDownloader:O97M/MalSpam!MTB
Description Name: LizaMoon - Compromised site with malicious URL . This is Trend Micro detection for packets passing through HTTP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusu...
Trojan does the following: Terminates itself if the following file exist: Targetinfo.txt Deletes the downloaded payload after finishing its execution Connects to the following URL to send the dropped file
content, it may download a file and save it in %Windows% . It then executes the said file. However, as of this writing the said URL contains no data. This Trojan arrives on a system as a file dropped by
following URL to download its configuration file: http://file.{BLOCKED}egirl.com/20120120.jpg It saves the downloaded file as %User Temp%\fuc{number}.tmp . The said configuration file contains the following
to specific URLs to receive additional URL where it will connect to download additional files. The reply from the servers are RC4 encrypted messages. As of this writing, the malware connects to
DisplayName = "@ieframe.dll,-12512" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = "http://search.{BLOCKED}e.com/results.aspx?q={searchTerms
Details This Trojan does the following: Poses as a Facebook application that finds stalkers. It sends private messages to the affected user's contacts containing a shortened URL where a copy of itself can
following URLs: https://pastebin.com/raw/{BLOCKED}1u (contains string to be appended in pastebin url in created cronjobs) https://pastebin.com/raw/{BLOCKED}6H (checks for update) https://pastebin.com/raw/
malicious file: https://u.l{BLOCKED}d.se/b{BLOCKED}O_rmcDDMAe.jpg URL - The jpg in this url has binary codes that is detected as TROJ_BOILOD.SM It saves the files it downloads using the following names:
running in the system) It drops the following files: %System Root%\Aisinosystem.inf It downloads a slightly modified version of itself based on the URL returned by http://{BLOCKED}.{BLOCKED
the system's central processing unit (CPU) resources to mine for cryptocurrency. It connects to the following URL to execute the miner: hxxps://{BLOCKED}ve.com/lib/coinhive.min.js NOTES: Checks either
\mpc.dat If the said file is not present, it uses the default proxy settings. It accesses the following URL to read its configuration: http://{BLOCKED}shi.jp/item/images/index.php Its configuration contains
"46FtfupUcayUCqG7Xs7YHREgp4GW3CGvLN4aHiggaYd75WvHM74Tpg1FVEM8fFHFYDSabM3rPpNApEBY4Q4wcEMd3BM4Ava.ten_y" Password: "CN2" URLs:{BLOCKED}m+tcp://{BLOCKED}.{BLOCKED}mr.ru:56415 Connects to the following URL as part of its coin mining routine: {BLOCKED}m+tcp://{BLOCKED}.{BLOCKED}mr.ru:56415 It accepts the
visiting malicious sites. Installation This Trojan drops the following files: %Public%\debug.ps1 → connects to a URL and deleted afterwards %Public%\config → contains current TCP/IP network configuration and
}.41.179/game.php NOTES: This Trojan Spy does the following: It connects to the following URL to resolve its configuration: http://{BLOCKED}.{BLOCKED}.41.179/game.php It connects the following URL to download normal
This spam run uses what looks like legitimate email notifications from Bank of America , Capital One , or LinkedIn . The email content aims to lure users into clicking a malicious link. Once the URL
is blocked, the URL is also blocked, and the malware is detected and removed.
Valsabbina site. Unfortunately, by then, the phishers’ have already acquired the data they need. The URL is now blocked by the Trend Micro Smart Protection Network.
connected to a remote URL to download other malicious files. How does this threat make money for its perpetrators? The other malicious files that TROJ_DLOADER.CUT may include FAKEAV variants that will