Search
Keyword: URL
Information Theft This backdoor gathers the following information on the affected computer: Computer Name OS Version RAM NOTES: This backdoor pings the following URL to get its IP address where it connects to
{BLOCKED}b.org/gate.php It deletes itself after execution. NOTES: This Trojan connects to the URL http://api.ipify.org , which is possibly non-malicious. Trojan:Win32/Chanitor (Microsoft);
\AppData\Local\Temp\notepad.exe and C:\Users\{username}\AppData\Local\Temp\newnotepad.exe 002 - exit 003 - download from URL received and save to C:\Users\{username}\AppData\Local\Temp\notepad.exe 004 - save
url {BLOCKED}.{BLOCKED}.19.190 ): Ransomware Routine This Ransomware encrypts files with the following extensions: .bak .sql .backup .7z .rar .zip .tiff .jpeg .jpg .accdb .sqlite .dbf .1cd .mdb .cd .cdr
monero cryptocurrency (XMR) and it requires credentials for the mining server. It accepts the following parameters: -a, --algo=ALGO → cryptonight (default) or cryptonight-lite -o, --url=URL → URL of mining
downloaded manually by accessing the malicious URL above. It does not exploit any vulnerability. JS.Downloader (Symantec) Downloaded from the Internet, Dropped by other malware Connects to URLs/IPs, Downloads
name} on Windows Vista and 7.) Other Details This Ransomware does the following: This Ransomware connects to the following malicious URL to create and send encryption keys: http://{BLOCKED
contains the following URL which was not used by its functions: http://thanhlong.{BLOCKED}e.com.vn/mediacenter/hk2.php?info= http://thanhlong.jujube.com.vn/mediacenter/hk2.php?info= --> Ransomware Routine
visiting malicious sites. Installation This Trojan drops the following files: %Windows%\System\msinfo.exe -> Detected as Trojan.Win32.SHELMA.AMC %Windows%\System\upslist.txt -> Contains list of URL to
said registry entry is {User Preference} .) Information Theft This spyware gathers the following data: Chrome-stored username Chrome-stored password Chrome-stored origin url Other Details This spyware
information gathered to a specific URL It locks the screen and displays the following image: Ransomware Routine This Ransomware leaves text files that serve as ransom notes containing the following text:
when visiting malicious sites. Other Details This Coinminer does the following: It accepts the following parameters: -a, --algo=ALGO → cryptonight (default) or cryptonight-lite -o, --url=URL → URL of
Print Commands (OPENURL) - Opens a URL using a hidden browser (POST) - Sends POST floods (QUIT) - Terminate itself (SHELL EXEC) - Executes shell command (SPEEDTEST) - check connection speed
\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} DisplayName = "Search" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} URL =
folder to view files using Windows Explorer Backdoor Routine This worm executes the following commands from a remote malicious user: Download and execute file Propagate via USB drives Visit a URL It
Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system:
Trojan does not have any backdoor routine. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: https://{BLOCKED
" in its filename. A ransom message is contained in the file LUTFEN_OKUYUN.inf . It may connect to the following URL to download the key used in encrypting the files: https://{BLOCKED
XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming on Windows Vista and 7.) NOTES: It connects to the following URL to log infection to malware server: http://{BLOCKED}venturoso.com.br/log.php
does not have rootkit capabilities. Information Theft This Trojan does not have any information-stealing capability. Other Details This Trojan does the following: It connects to the following URL to