Search
Keyword: MS10-087
This backdoor arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded
entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run MS x86 Service = "msservice32.exe" Other System Modifications This
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run MS x86 Service = "msservice32.exe" Other System Modifications This
This adware may arrive bundled with malware packages as a malware component. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
This malware is the payload of the exploit related to Sandworm zero-day vulnerability. The said vulnerability has been covered in MS14-060 and believed to be used in cyber attacks against European
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It executes
files: The file DECRYPT_INSTRUCTION.HTML also provides the instructions on how to decrypt files: It encrypts database, web, MS Office, video, images, script, text, and other non-binary files. Spammed via
modifies the following file(s): database files web files MS Office files video images script files text files other non-binary files It adds the following registry keys: HKEY_CURRENT_USER\Software\{UID}
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes commands from a remote malicious user,
versions of the following applications: Flash MS Office PDF Java It reports if any of the following files are present: icbc - C:/Windows/SysWOW64/SubmitControl.dll icbc -
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This worm arrives on a system as a file
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
\svchost.exe -k krnlsrvc" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\MediaCenter DisplayName = "MS Media Control Center" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\MediaCenter\Parameters
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes the dropped file(s). As a result, malicious
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes commands from a remote malicious user,