Search
Keyword: URL
Timetravel (Machinecoin) vanilla-> Blake-256 8-rounds x11evo->Permuted x11 x11-> X11 x13-> X13 x14-> X14 x15-> X15 x17-> X17 xevan-> Xevan (BitSend) yescrypt-> Yescrypt zr5-> ZR5 -o, --url=URL-> URL of mining
does not have any downloading capability. Rogue Antivirus Routine This Trojan displays the following fake alerts: When users agree to buy the software, it connects to the following URL to continue the
file from a URL and execute it. Urlopen - Opens a URL through a browser Urlhide - Creates a HTTP GET request PCShutdown - Executes a shutdown command PCRestart - Executes a restart command PCLogoff -
font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} Users who click the embedded URL are
redirected to a site that provides a download link
with malicious code. These sites redirect the user to malicious websites where the malicious code is hosted. A new Gumblar attack has been given the name "Gumblar.8080," which originated from a URL
executed to relate the above-mentioned __EventConsumer to the __EventFilter. The malicious script connects to the following URL to notify a remote user of an infection: http://{BLOCKED
information to a remote URL. It connects to a malicious URL in order to receive commands from a remote malicious user. This backdoor may be manually installed by a user. It connects to a website to send and
execStartApp - runs a package execDelete - uninstalls a package execOpenUrl - opens a URL The said commands are obtained from the following URL: http://{BLOCKED}h.gongfu-android.com:8511/search/getty.php It
the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware
file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: date guid Other Details This Trojan executes the
\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} DisplayName = "Search" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} URL =
minutes) Download and execute arbitrary file Update and uninstall itself Visit URL It connects to the following websites to send and receive information: http://{BLOCKED}.{BLOCKED}.145.174:6667/{generated
URL to send the gathered information: wordpress.{BLOCKED}log.net:3360 Win32/Spy.Agent.NYU trojan (ESET) Downloaded from the Internet, Dropped by other malware Connects to URLs/IPs
It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: val prime
(DOWNLOAD) - Downloads and execute arbitrary file (EXEC) - Executes command (GET) - Sends GET floods (HELP) - Print Commands (OPENURL) - Opens a URL using a hidden browser (POST) - Sends POST floods (QUIT) -
scon.exe It does the following: Posts information about the affected system to the URL http://{BLOCKED}.ha.cn:81/admin/count.php Posted information include: MAC address, PC type, antivirus name Executes the
Windows XP and Server 2003.) NOTES: Backdoor Routine This Backdoor executes the following commands from a remote malicious user: Connects to another URL Downloads other files Executes a file named %System%
It may be dropped by TROJ_DROPPER.ZBB. It injects itself into specific processes as part of its memory residency routine. It connects to the following possibly malicious URL This Trojan may be
{domain name to access} Content-Length: {length of information to send} {encrypted information} It uses the URL /{BLOCKED}fqwbio0sa when accessing the malicious sites. None Downloaded from the Internet
URL http://{BLOCKED}.{BLOCKED}.35.133/1712us12/{computername}/-/{OS Version}-{Service Pack}/0/ to send information. The following information are posted: Computer name Operating system version Service