Search
Keyword: Coinminer_MALXMR.SMGH2-ELF64
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This
Autostart Technique The scheduled task executes the malware every: One System CarePeriod One System Care Monitor One System Care Run Delay One System Care Task Dropping Routine This Potentially
CVE-2011-0096 This vulnerability is found in Microsoft Windows. When exploited, a remote attacker is able to execute malicious scripts on the infected system when the user visits websites, thus,
CVE-2010-2729 This security update addresses a vulnerability in the Print Spooler service. Once successfully exploited, this could result to remote code execution when an attacker sends a specially
CVE-2010-2731,CVE-2010-2730,CVE-2010-1899 This security update addresses vulnerability in Internet Information Services (IIS) that could allow remote code execution once a sends a specially crafted
CVE-2010-2552,CVE-2010-2551,CVE-2010-2550 This security update resolves several privately reported vulnerabilities in Microsoft Windows . The most serious of these may allow remote code execution if
CVE-2010-2561 This security update addresses a privately reported vulnerability in Microsoft XML Core Services, which could allow remote code execution if a user viewed a specially crafted Web page
CVE-2011-0026,CVE-2011-0027 This security update resolves two vulnerabilities in Microsoft Data Access Components (MDAC), which could allow remote code execution. An attacker could gain the same user
CVE-2013-3918 A vulnerability exists in the InformationCardSigninHelper Class ActiveX control of the ActiveX Kill Bits component. This update resolves that vulnerability by not allowing it to run in
\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder
\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder
" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER
\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder
CVE-2014-1776 This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a maliciously-crafted webpage
CVE-2011-0034 This security bulletin resolves a reported vulnerability in the OpenType Compact Font Format (CFF) driver. It may allow remote code execution once an attacker convinces a user to view a
CVE-2010-2568 This security update addresses a publicly disclosed vulnerability in Windows Shell , which may allow remote code execution once icon of a specially crafted shortcut is displayed. If
(MS12-009) Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640) 
CVE-2012-0148,CVE-2012-0149 This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to
CVE-2010-1887,CVE-2010-1894,CVE-2010-1895,CVE-2010-1896,CVE-2010-1897 This update addresses one publicly disclosed and four privately reported vulnerabilities in the Windows kernel-mode drivers. The
Edition Service Pack 2 For information on patches specific to the affected software, please proceed to this Microsoft Web page .
This ransomware uses a free photo upload service as its C&C server. This way, it is able to mask its C&C routines. To get a one-glance comprehensive view of