Search
Keyword: ms
the following commands from a remote malicious user: 0x20 - Downloads data from the server, creates mailslot 0x300 - Injects code into the respective process 0x380 - Sets MS Exchange Registry 0x400 -
Account information from: RuneScape BitCoin MineCraft Steam JDownloader Internet Download Manager It attempts to steal stored email credentials from the following: MS Outlook MS Outlook 2013 MS Outlook
following: MS Outlook MS Outlook Express Gmail Google Talk GMail Notifier Yahoo! Mail IncrediMail Mozilla Thunderbird FoxMail Windows Live Mail MSN Messenger Pidgin Messenger Paltalk Messenger Miranda
logs Computer Screenshot Account information from: jDownloader Minecraft Steam Bitcoin It attempts to steal stored email credentials from the following: MS Outlook MS Outlook Express Mozilla Thunderbird
Download Manager jDownloader It attempts to steal stored email credentials from the following: Thunderbird Eudora Internet Account Manager MS Outlook Outlook Express MS Outlook 2002/2003/2007/2010 Google
CVE-2010-2562 Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote
\CurrentControlSet\ Services\MediaCenter DisplayName = "MS Media Control Center" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\MediaCenter\Parameters ServiceDll = "%System%\W{random}.dll" It registers as a
\CurrentControlSet\ Services\MediaCenter DisplayName = "MS Media Control Center" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\MediaCenter\Parameters ServiceDll = "%System%\Prcmxnq.src" It registers as a
NOTES: It uses MS Word application icon to trick users that it is a .DOC file. Upon execution, it also drops and opens a decoy document %User Temp%\temp.doc to trick users into thinking that it is a normal
MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability and IDF Compatibility MS14-002 CVE-2013-5065 1005801 Microsoft Windows Kernel Elevation Of Privilege
information from: Bitcoin Minecraft Steam RuneScape It attempts to steal stored email credentials from the following: MS Outlook MS Outlook Express Gmail Google Talk Google Picasa GMail Notifier Google Desktop
credential from the following: Eudora Gmail Google Desktop Group Mail Free Hotmail/MSN IncrediMail MS Outlook MS Outlook 2002/2003/2007/2010 Netscape Mail Outlook 2013 Outlook 2016 Outlook Express Thunderbird
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\ MS SETUP (ACME) Dropping Routine This spyware drops the following files: %Common Startup%\system32.exe (Note: %Common Startup% is the system's shared Startup folder, which is
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\ MS SETUP (ACME) Dropping Routine This spyware drops the following files: %Common Startup%\lsass.exe (Note: %Common Startup% is the system's shared Startup folder, which is
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\ MS SETUP (ACME) Dropping Routine This spyware drops the following files: %Common Startup%\system32.exe (Note: %Common Startup% is the system's shared Startup folder, which is
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\ MS SETUP (ACME) Dropping Routine This spyware drops the following files: %Common Startup%\system32.exe (Note: %Common Startup% is the system's shared Startup folder, which is
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\ MS SETUP (ACME) Dropping Routine This spyware drops the following files: %Common Startup%\lsass.exe (Note: %Common Startup% is the system's shared Startup folder, which is
= "%System%\system32.exe" Other System Modifications This Trojan adds the following registry keys: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\ MS SETUP (ACME) Dropping Routine This Trojan drops the
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\ MS SETUP (ACME) Dropping Routine This spyware drops the following files: %Common Startup%\system32.exe (Note: %Common Startup% is the system's shared Startup folder, which is
2008, and Windows Server 2012.) Information Theft This spyware attempts to steal stored email credentials from the following: Yahoo Hotmail Pidgin Eudora Outlook Express Incredimail MS Outlook