Search
Keyword: URL
to the following URL: {BLOCKED}ine.no-ip.biz:81 However, as of this writing, the said URL is inaccessible. Worm:Win32/Ainslot.A (Microsoft) Propagates via removable drives Drops files, Steals
executes the following file: %User Temp%\{5letters}{2digits}.exe It connects to the following URL to report infection of the affected system: http://{BLOCKED}.{BLOCKED}.3.66:{random port}/3003uk12/{Host Name
It decompresses the binary code from %User Temp%\tempCFA8.txt and drops and executes the following file: %User Temp%\{random}.exe - Detected as TSPY_DYRE.SNC It connects to the following URL to report
overwrites with the encrypted binary from URL (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server
strings it will monitor usually related to banking URL to send stolen information It gathers the following data: Data on Cookies (URLs) Email-related information such as account names, email addresses,
to the following URL to check the IP of the infected system: http://ipinfo.io/ip Ransom:Win32/Tescrypt.A (Microsoft); W32/Filecoder.EM!tr (Fortinet); Win32/Filecoder.EM (ESET-NOD32);
connects to the following URL to report infection of the affected system: http://{BLOCKED}.{BLOCKED}.228.4:{random port}/0512uk21/{computer name of affected system}/0/{OS version}-{service pack}/0/ http://
This Trojan executes the following commands from a remote malicious user: Download and execute files Perform Slowloris flooding Execute shell commands Open a URL Uninstall Update copy of itself It
Windows Vista and 7.) Download Routine This adware downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}nnermyall.ru/* - downloads ext_setup.exe
following URL to receive configuration setting for the installed browser extension: http://{BLOCKED}m.net/crx/i.php The sites accessed by this Trojan may vary depending on the received data from the
opening the given URL in TOR browser: W32/Injector.KZWV!tr(Fortinet), Win32/Filecoder.DA trojan(Eset) Downloaded from the Internet, Dropped by other malware Drops files, Modifies files, Encrypts files
downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Other Details This Trojan connects to the
{BLOCKED}gedbase.info/gate.php NOTES: This Trojan connects to the URL above to download the key used in encrypting the files. It encrypts the following files and appends ".encrypted" to them: wb2 psd p7c p7b
following URL(s) to check for an Internet connection: http://google.com/webhp NOTES: It terminates the following security-related services: AvSynMgr McShield navapsvc It connects to the following URL to
shell NOTES: It connects to the following URL to acquire its C&C setting: http://{BLOCKED}.{BLOCKED}xusercontent.com/s/0lkgew1wqqw6h13/20140512.txt However, as of this writing, the server does not contain
{BLOCKED}onguru.com/gate.php NOTES: This Trojan connects to the URL to download a ransom note template. It encrypts the following files and appends .encrypted : 3ds 3fr 3pr 7z ab4 ac2 accdb accde accdr accdt
{BLOCKED}onguru.com/gate.php NOTES: This Trojan connects to the URL to download a ransom note template. It encrypts the following files and appends "encrypted" to these files: 3ds 3fr 3pr 7z ab4 ac2 accdb
{BLOCKED}dgewiki.info/gate.php NOTES: This Trojan connects to the URL above to download the key used in encrypting the files. It encrypts the following files and appends ".encrypted" to them: wb2 psd p7c p7b
http://mail.yahoo.com It does the following: It connects to a specific URL which will display the following: It creates the following service. Service Name: WindowsClientServerRunTimeSubsystem Service Path: %System%
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It downloads a file from a certain URL then renames