Search
Keyword: URL
\SYSTEM\ControlSet001\ Services\BITS URL = "http://{BLOCKED}.129.230:801/12345.txt" Other Details This Trojan connects to the following possibly malicious URL: http://{BLOCKED}.129.230:801/12345.txt It
exploits the said vulnerabilities, it connects to the following URL to download malicious files detected by Trend Micro as TROJ_RANSOM.NTW and BKDR_ZACCESS.NTW: http://{Random}.{BLOCKED}ip.name/temp/newyear/
cssrs.exe and System.exe , the malware connects to the following URL using a random port. A remote malicious user will then be able to execute arbitrary commands in the affected system: {BLOCKED}ga.zapto.org
{BLOCKED}6.club96.info/wepay.html When visited, it displays the following message: It then redirects to the following URL: http://{BLOCKED}6.club96.info The said URL then redirects to the following website:
intended routine. NOTES: It adds the following user accounts to the Administrator group: piress This file accepts a URL as a parameter and downloads it to the mentioned file above and executes it.
the following non-malicious URL to get the IP: http://icanhazip.com Trojan:Win32/Danglo!gmb (Microsoft); Win32/TrojanDownloader.Hancitor.A (ESET-NOD32); RDN/Downloader.a!ti (McAfee); Trojan.Smoaler
ucp_profile.php It requires its main component to successfully perform its intended routine. NOTES: It connects to the following URL to download the contents of the file that will be used to compute for its crypt
all dropped files after execution. As of this writing, the URL http://{BLOCKED}.{BLOCKED}.131.49/upd2/install.exe is inaccessible. W97M/Generic(AVG); MW97:Downloader-AI [Trj](Avast); W97M.Downloader
"rundll32.exe "C:\Users\win7\SoundMax.dll", Launch" Other Details This backdoor connects to the following possibly malicious URL: http://{BLOCKED}.{BLOCKED}.204.227:443/{n} NOTES: The {n} in the URL refers to the
file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: figs hobs Trojan.Maljava (Symantec);
8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\URL SystemMgr = "Del" Other Details This Trojan deletes itself after execution. This report is generated via an automated analysis system.
URL where this malware downloads the said file depends on the parameter passed on to it by its components. BehavesLike.Flash.Exploit.cb (McAfee); Troj/SWFExp-CD (Sophos); SWF/Exploit.ExKit.L (Nod32)
exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its
visiting malicious sites. Dropping Routine This Trojan drops the following files: %User Temp%\GID.dat ← required for the downloaded file to work, contains the url to connect (Note: %User Temp% is the user's
pipe to send and receive commands. It connects to the following DNS Server and URL to send and receive information: post.{data}.{random number}.ns1.torayservice.com post.{data}.{random number
or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected
Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}.{BLOCKED}.89.4/good/good.exe It takes advantage of the
Server and URL to send and receive information: {random numbers}.ns7.{BLOCKED}ervice.com/updates.rss {random numbers}.ns8.{BLOCKED}ervice.com/pixel.gif {random numbers}.ns9.{BLOCKED}ervice.com/dot.gif It
following URL to verify the key: https://jokebeatzz.l{BLOCKED}ty.de/kws.txt As of this writing, the current key is "cracked:cracked" Trojan.Win32.Diztakun.bckd (Kaspersky); Ransom.HiddenTear (Symantec);