Search
Keyword: os2first
PIRMINAY is a family of Trojans first spotted in 2011. Its variants are known to gather system information from an affected system and send the stolen data back to a remote server. PIRMINAY is also
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It employs registry shell spawning by adding certain
following URL: https://{BLOCKED}anotherrace.com/javascript/log3.php?logins=1 NOTES: This is a Google browser extension named IDKEY STOR . This malware looks for the following strings first before its
inaccessible. It deletes the initially executed copy of itself NOTES: This malware gets the file name it uses for its dropped copy from the existing folder name where it drops its copy. It first injects codes to
first sector (512 bytes) of the MBR. It is capable of downloading a backdoor module which can execute the following backdoor commands: Delete a specific service Delete a specific registry Download and
[a-km-zA-HJ-NP-Z1-9]{25,34} to validate the copied Bitcoin address wherein: The first character should be 1 or 3 The second up to the last character should be a letter or number except for l, I, O, or 0 The address
%Application Data%\{First 2 letters of Computer Name} (Note: %Application Data% is the Application Data folder, where it usually is C:\Documents and Settings\{user name}\Application Data on Windows 2000, Windows
after execution. NOTES: The random variables {8 random character value name}, {8 random character folder name} and {8 random character file name} are combinations of first four characters of the file name
file is installed using UtilInstall.exe where the downloaded malware is dropped. It starts the service of the installed malware for the first time. Downloaded from the Internet, Dropped by other malware
arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues." sun jdk 5.0_update_14,sun jdk
determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension,
where you are prompted before an unsigned Java app runs in the browser. You are given an option to update Java first if it is below the security baseline. You may also choose to let unsigned apps to not
$true It adds the following scheduled tasks: Task Name: Sysnetsf Task Trigger: System startup & Every 10 minutes since first triggered Task Command: %Application Data%\WINYS\{Executed Malware File Name
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
" HKEY_CURRENT_USER\Software\8pGWqWq FirstExecution = "{date and time of first execution}" Other Details This spyware connects to the following possibly malicious URL: {BLOCKED}.{BLOCKED}.114.221:1616 Worm.Win32.AutoIt
CARBERP is a Trojan family first seen in 2009. This banking Trojan is designed to steal user credentials through hooking network APIs in WININET.DLL , monitoingr user browsing activities. It has the
KELIHOS is a botnet first seen in 2010. It is mainly used for spreading other malware through spammed email messages. Besides spamming, some variants exhibit Biitcoin mining and distributed denial of
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
first attacker. Compromises system security