Search
Keyword: JS_XORBAT.A
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. Arrival Details This Trojan arrives as an attachment to email messages spammed by other
As of this writing, the said sites are inaccessible. Download Routine As of this writing, the said sites are inaccessible. Other Details This Trojan connects to the following possibly malicious URL:
As of this writing, the said sites are inaccessible. Download Routine As of this writing, the said sites are inaccessible. Other Details This Trojan connects to the following possibly malicious URL:
This Trojan redirects browsers to certain sites. Other Details This Trojan redirects browsers to the following sites: http://{BLOCKED}team.com Connects to URLs/Ips
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. Arrival Details This Trojan arrives as an attachment to email messages spammed by other
Download Routine This Trojan takes advantage of the following software vulnerabilities to download possibly malicious files: Microsoft Internet Explorer Invalid Pointer Reference Remote Code
Other Details This Trojan connects to the following possibly malicious URL: http://{BLOCKED}rkstar.info:8080 http://{BLOCKED}nguide.at:8080 http://{BLOCKED}mecare.at:8080 http://{BLOCKED}be.ru:8080
Installation This Trojan drops and executes the following files: %User Temp%\ {malware name}.pdf - non-malicious .PDF file %User Temp%\ offer.exe - detected as TROJ_PROTUX.BB (Note: %User Temp% is
However, as of this writing, the said sites are inaccessible. Other Details This Trojan connects to the following possibly malicious URL: http://{BLOCKED}ear.ru However, as of this writing, the said
This Trojan drops file(s)/component(s). It injects itself into certain processes as part of its memory residency routine. Installation This Trojan drops the following file(s)/component(s): %Windows%\
This Trojan may be dropped by other malware. It redirects browsers to certain sites. Arrival Details This Trojan may be dropped by other malware. Other Details This Trojan redirects browsers to the
This Trojan redirects browsers to certain sites. Other Details This Trojan redirects browsers to the following sites: http://{BLOCKED}senfoppen.nl/1.html
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. However, as of this writing, the said sites are inaccessible. Arrival Details This Trojan
However, as of this writing, the said sites are inaccessible. Arrival Details However, as of this writing, the said sites are inaccessible. Download Routine This Trojan takes advantage of the
However, as of this writing, the said sites are inaccessible. It inserts an IFRAME tag that redirects users to certain URLs. Arrival Details However, as of this writing, the said sites are
Other Details Based on analysis of the codes, it has the following capabilities: Upon execution, it accesses the URL http://{BLOCKED}e.net/.go/check.html . The said URL may redirect to the following
This Trojan may be dropped by other malware. It exports functions used by other malware. Arrival Details This Trojan may be dropped by the following malware: WORM_QAKBOT family Other Details This
Other Details Based on analysis of the codes, it has the following capabilities: This is Trend Micro detection for malicious Javascripts extracted from malicious PDF files. It is used by TROJ_PIDIEF