Search
Keyword: URL
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
retrieves the game session ticket by getting the value of "-t" argument from running RobloxPlayerBeta.exe process. It uses Discord Webhook URL to send the Roblox Cookie as an automated message to its Discord
file://{BLOCKED}.{BLOCKED}.150.66/icon.png It also connects to the following URL to download file: http://{BLOCKED}.{BLOCKED}.116.217/images/logo/info_zKfSmJ+voZNLPQjPedpd2G7aRb9tf+gPVKNRffjd+XE=.png
checks the MAC address of the computer and generates an MD5 hash of it then compares it to a list. if found on the list, the malware downloads from the URL https://{BLOCKED}tfix.com/logo2.jpg?{MD5hash}. if
information-stealing capability. Other Details This Trojan does the following: It connects to the following URL upon execution: https://bit.ly/{BLOCKED}H which redirects to http://vip.{BLOCKED}heet.com:8080/open?id
Profile%\Pictures Internet login credentials such as Google Chrome It connects to the following URL to obtain the control server information from Pastebin: https://pastebin.com/raw/{BLOCKED}J
connects to the following URL to receive data using HTTP GET: http://sl.{BLOCKED}r.org/cj/?msg NOTES: However, as of this writing, the said sites are inaccessible. This malware arrives to the system as an
Displays a window when executed: Reads data from config file for the URL and Filename to be used in its download routine Trojan.Win32.Badur.htyo (Baidu-International), Trojan.Badur! (Agnitum),
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\URL SystemMgr = "Del" This report is generated via an automated analysis system. PWS:Win32/Magania.BQ (Microsoft); PWS-Gamania.gen.e (McAfee); Trojan.Gen
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing. adobe air 1.0,adobe air 1.01,adobe air 1.1,adobe air 1.5,adobe air 1.5.1,adobe flash_player 10.0.0.584,adobe
firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when