Search

The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: exec xkey LooksLike.Java.CVE-2013-0431.a (Sunbelt)

Settings\Temp on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware

The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: exec xkey Exploit:Java/CVE-2012-1723(Microsoft), Exploit.Java.CVE-2012(Ikarus)

possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. The downloaded file is usually saved as follows:

user. NOTES: Other Details Based on analysis of the codes, it has the following capabilities: Execute remote shell commands Show a URL using the default browser of the affected system Force the user to

Start Vulnerability that allow attackers to run commands via a Java Archive (.JAR) file on the user's system without the need for a user name and password Connects to the URL http://www.{BLOCKED

file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when

are inaccessible. NOTES: This Trojan connects to the URL http://fjinder.{BLOCKED}ed.net/?pubid=332 to possibly collect pay-per-click advertising payments. Trojan-Clicker.MSIL.Agent.yu(Kaspersky),

a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: val prime Exploit:Java/CVE-2012-0507 (Microsoft),

have any propagation routine. Backdoor Routine This Coinminer does not have any backdoor routine. Other Details This Coinminer does the following: Connects to the following URL to mine cryptocurrency:

}ion-entertainment.com/wp/wp-content/plugins/css-ready-selectors/network NOTES: After clicking on the link, a webpage is displayed that tricks users into giving their email addresses: Clicking on Next redirects users to the URL https://{BLOCKED

}.ng/wp-admin/css/colors/light/Adobe/index.php It does the following: When users click the link on the PDF file, it accesses the said URL which is a phishing site, asking to fill out data to be stolen. Trojan.PDF.Phishing (Ikarus);

Upon execution, this Trojan downloads and executes a shellcode from the following URL and executes it: http://www.{BLOCKED}040.{BLOCKED}.kr/design/m/images/image/image.php However, as of this writing,

Upon execution, this Trojan downloads and executes a shellcode from the following URL and executes it: http://www.{BLOCKED}40.co.kr/conf/product_old.jpg However, as of this writing, the said sites are

or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected

the affected system's memory: taskmgr Other Details This Ransomware does the following: Displays the following lockscreen window: The url button opens the following links: http://{BLOCKED}ik.com/40qm

}tasunik.com/wordpress/personal/realestategj/oohay.php https://{BLOCKED}tasunik.com/wordpress/personal/realestategj/rehto.php It does the following: When users click the link on the PDF file, it accesses the said URL which is a phishing site, asking to

It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: SVMCwS3

message from premium phone numbers Grabs target premium phone number and message text from the URL http://{BLOCKED}0ldierz.com/command.php?action=recv Sends SMS to target premium phone number

CVE-2008-3068 Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL