Search
Keyword: js
\32C2AB3B1F54422C94CB9BA82FD12572\casinocom_new_notif %User Temp%\32C2AB3B1F54422C94CB9BA82FD12572 %Program Files%\tempo_5964 %User Temp%\32C2AB3B1F54422C94CB9BA82FD12572\casinocom_new_notif\js %User Temp%
DRIDEX. Should the user click on the malicious link that is supposed to be his/her bill, a JS file will then be downloaded. The file infects the user's machine once it's executed. The links are already
JS AdInject (Sophos); JS/Redir.YA (F-Prot); JS/Redir (AVG)
%User Temp%\8E0D477075EE4B81A5C41E5C097AD5A8\casinocom_new_notif\js %User Temp%\8E0D477075EE4B81A5C41E5C097AD5A8\casinocom_new_notif (Note: %User Temp% is the current user's Temp folder, which is usually
Application creates the following folders: %User Temp%\9223DC79B55340EFA3F61AEFE5CAC0D6\casinocom_new_notif\js %User Temp%\9223DC79B55340EFA3F61AEFE5CAC0D6\casinocom_new_notif\html %User Temp%
\BA7279CC1C1443E5A83C45760F1BCF8A\casinocom_new_notif\css %Program Files%\tempo_5004 %Program Files%\tempo_10292 %User Temp%\BA7279CC1C1443E5A83C45760F1BCF8A\casinocom_new_notif\js %User Temp%\BA7279CC1C1443E5A83C45760F1BCF8A
%User Profile%\nsupdate\js %User Profile%\nsupdate\img (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server
following files: /client_id.txt Ransomware Routine This Ransomware encrypts files with the following extensions: db csv sql xml cer cgi htm html xhtml css js php dat log gif jpg jpeg png svg tif tiff raw ps
\new\js %Program Files%\tempo_687 %System Root%\Users %Program Files%\tempo_19472 (Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local
strings as part of the URL 2012 adi afp aic ap avi bank blogs book brand build car child com contact css dv events faq flash global go gov gr groups ho home house hp id identity images img java js lib list
Temp%\670D7EC15DBC4B29A924FDAB35CF7F23\ladbrokes\js %Program Files%\tempo_725 %User Temp%\670D7EC15DBC4B29A924FDAB35CF7F23\ladbrokes\css %Program Files%\tempo_1012 %User Temp%
\is-3AI55.tmp %User Temp%\is-3AI55.tmp\_isetup %Program Files%\Microsoft Data %User Temp%\Folder_Temp_12-21 %User Temp%\Folder_Temp_12-21\adds %User Temp%\Folder_Temp_12-21\js %User Temp%\Folder_Temp_12-21\xml
\js\library.js %System Root%\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv %System Root%\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion
\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png %Program Files%\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\settings.js %System Root%\Program Files\Windows Sidebar\Gadgets
\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf\51.9_0\config\skin\widgets\SPE-options\js %AppDataLocal%\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf\51.9_0
routine upon activation by the user: Upon execution of this malicious embedded JS file, it displays the following message box to trick the user: It does not have rootkit capabilities. It does not exploit
user: Upon execution of this malicious embedded JS file, it displays the following message box to trick the user: It does not have rootkit capabilities. It does not exploit any vulnerability.
and will execute its routine upon activation by the user: Upon execution of this malicious embedded JS file, it displays the following message box to trick the user: JS/TrojanDownloader.Agent.QHW trojan
\pkg_1035415a0\AskTB %User Temp%\pkg_1035415a0\installiq_v2e %User Temp%\pkg_1035415a0\installiq_v2e\js %User Temp%\pkg_1035415a0\installiq_v2e\template_skin %User Temp%\pkg_1035415a0\product.iq.openfreely %User
mp3 wav aac mov mp4 mkv avi vmg wmv pdf torrent js vb vbs exe dll cab msi Have file sizes not below 50 bytes Have file sizes not exceeding 2 gigabytes It hides the target files. It saves its log into