Search
Keyword: URL
then executed to relate the aforementioned __consumer to the __EventFilter . This malicious script connects to the following URL to notify a remote user of an infection: http://{BLOCKED
usually C:\Windows\Temp or C:\WINNT\Temp.) NOTES: This backdoor reports system infection by sending IP address and infection time to the following URL via HTTP post: http://www.{BLOCKED
}\Local Settings\Temp on Windows 2000, XP, and Server 2003.) NOTES: This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on
}.{BLOCKED}.112.81/p.php?f=dd9d6&e=2 by passing an encrypted version of the URL as the parameter uid to JAVA_BLACOLE.ERZ. Exploit:JS/Blacole.GB (Microsoft) Downloaded from the Internet Downloads files
__FiltertoConsumerBinding class is then executed to relate the above-mentioned __EventConsumer to the __EventFilter . The malicious script connects to the following URL to notify a remote user of an infection, download other
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It downloads a file from a certain URL then renames it
writing, the said sites are inaccessible. NOTES: This backdoor sends the following information to the URL upon connection: Computer Name Current User Name OS Version Volume Information It saves the file it
of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter
" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\URL SystemMgr = "Del" Other Details This Trojan deletes itself after execution. This report is generated via an automated analysis system.
The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: val prime Other Details This Trojan executes the downloaded file using the
certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: fiesta Exploit:Java/CVE-2013-0422 (Microsoft),
Windows version NOTES: This backdoor uses the following URL as its proxy server to connect to its C&C to avoid detection: https://docs.google.com Dropped by other malware, Downloaded from the Internet
from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: val prime Other Details This Trojan requires its main
Routine This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: a
files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to
Details This Trojan requires its main component to successfully perform its intended routine. NOTES: This Trojan downloads the file from the URL specified in the parameter valprime . It executes the
following: Connects to the following URL to send encryption key: https://{BLOCKED}s-court.{BLOCKED}h.me/{KEY} However, as of this writing, the said sites are inaccessible. It deletes itself after execution.
dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored
following contents: Displays the following: Connects to the following URL to download a file: https://cdn.{BLOCKED}dapp.com/attachments/548593284985913388/548621341654515783/despacito.gif It requires the
following file name if it doesn't exist in the %Desktop%: C:/Users/Admoooon/Desktop/TORBrowser.exe It uses the following URL to download the TORBrowser: