Search
Keyword: irc generic
(Microsoft); Generic Malware.ag!ats (McAfee); Trojan.Usuge!gen3 (Symantec); Worm.Win32.VBNA.b, Trojan.Win32.Pincav.kqh (Kaspersky); Virtool.Win32.Vbinject.1 (v) (Sunbelt); Gen:Heur.VB.Krypt.12
Generic Dropper.bu (McAfee); Trojan.FakeAV (Symantec); Trojan-Spy.Win32.Zbot.iav (Kaspersky); Trojan.Win32.Generic!BT (Sunbelt)
TrojanSpy:Win32/Bancos.gen!A (Microsoft); Generic PWS.b (McAfee); Infostealer.Bancos (Symantec); Trojan-Dropper.Win32.Delf.iv (Kaspersky); Trojan horse PSW.Banker.10.Z (AVG)
This Trojan connects to the following possibly malicious URL: http://{BLOCKED}ningcenter.com/z/cfg.bin This report is generated via an automated analysis system. PWS:Win32/Zbot.gen!B (Microsoft); Generic
following possibly malicious URL: http://www.{BLOCKED}od.com/google.bin This report is generated via an automated analysis system. PWS:Win32/Zbot.GA (Microsoft); Generic PWS.cq (McAfee); Trojan.Zbot (Symantec
Generic Cross Site Scripting(XSS) Prevention
automated analysis system. Trojan:Win32/Comrerop!gmb (Microsoft); Generic Dropper.p (McAfee); Trojan.Win32.Autoit.dhb (Kaspersky); Trojan.Win32.Generic!BT (Sunbelt); Trojan horse Generic9_c.AQKT (AVG)
automated analysis system. Generic BackDoor.adv (McAfee); HEUR:Trojan.Win32.Generic (Kaspersky); Mal/Behav-105 (Sophos); Trojan.Win32.Generic!BT (Sunbelt); Trojan horse Pakes_c.BTQJ (AVG)
via an automated analysis system. Trojan:Win32/Malagent!gmb (Microsoft); Generic PWS.o (McAfee); Trojan-Ransom.Win32.Cryptodef.hp (Kaspersky); Mal/Generic-L (Sophos); Trojan.Win32.Generic!BT (Sunbelt);
2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) Generic Exploit.f (McAfee), Exploit.Java.CVE-2013-2465 (Ikarus) Connects to URLs/IPs, Downloads files
(IRC) servers: {BLOCKED}2.{BLOCKED}7.82.177 It joins any of the following IRC channel(s): #Ganja It executes the following commands from a remote malicious user: KillAv update clean visit speedtest
download.microsoft NOTES: It is capable of connecting to a certain IRC server using a certain port and joins a channel where it receives commands from a malicious user. It sends the following information to its C&C
\Command={random filename}.exe {garbage codes} Backdoor Routine This Worm executes the following commands from a remote malicious user: Connect to a website Connect to an IRC channel to receive commands Copy
HTML files Join an IRC channel Log in to FTP sites Modifies the following system files: ipconfig.exe verclsid.exe regedit.exe rundll32.exe cmd.exe regsvr32.exe Perfrom Slowloris, UDP, and SYN flooding
TrojanDownloader:Win32/VB.LN (Microsoft); Generic VB.i (McAfee); Backdoor.Trojan (Symantec); Backdoor.Win32.Agent.ausb (Kaspersky); Trojan.Win32.VBDldr.b (v) (Sunbelt); Trojan.Generic.5372466 (FSecure)
following: Download and save files in %User Temp% Execute downloaded files Backdoor.Trojan (Symantec); Backdoor:Win32/Simbot.gen (Microsoft); Backdoor.Win32.Agent.bwtk (Kaspersky); Generic BackDoor!dtr (Mcafee
Generic BackDoor.u (Mcafee); W32/Agent.OFVK!tr (Fortinet)
}m.com/up.php?{random characters} http://{BLOCKED}oharis.com/up.php?{random characters} This report is generated via an automated analysis system. TrojanDownloader:Win32/Dofoil.O (Microsoft); Generic BackDoor.wz
Trojan:Win32/Claretore.gen!A (Microsoft); Generic Malware.mu (McAfee); Trojan.Gen (Symantec); PAK:UPX (Kaspersky); VirTool.Win32.Obfuscator.hg!b (v) (Sunbelt)
name}\Local Settings\Temp on Windows 2000, XP, and Server 2003.) This report is generated via an automated analysis system. Trojan:Win32/Claretore.gen!A (Microsoft); Generic Malware.mu (McAfee);