Search
Keyword: PDF_FAREIT
This threat, dubbed as BitCrypt, is a ransomware that steals funds from various cryptocurrency wallets. To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It gathers information and reports it to its servers.
\CurrentControlSet\ services\VSS (Note: This is the Windows Volume Shadow Copy (VSS) Service) Other Details This Trojan encrypts files with the following extensions: doc xls rft pdf dbf jpg dwg cdr psd cd mdb png lcd
extensions: wb2 cdr srw p7b odm mdf p7c 3fr der odb arw rwl cer xlk pdd rw2 crt dx r3d pem bay ptx pfx indd nrw p12 bd backup torrent kwm pwm safe xl xls xlsx xlsm xlsb xltm xlt xlam xla mdb rtf txt xml csv pdf
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
malicious sites. Installation This adware adds the following folders: %All Users Profile%\Start Menu\Programs\PDF Creator %Application Data%\Microsoft\Protect\S-1-5-21-1614895754-436374069-682003330-1003
compression (small file sizes)\Printing\ Formats HKEY_CURRENT_USER\Software\PDFCreator\ Profiles\High compression (small file sizes)\Printing\ Formats\PDF HKEY_CURRENT_USER\Software\PDFCreator\ Profiles\High
\Software\PDF Architect 6\ Options\General Send user statistics = "1” HKEY_CURRENT_USER\Software\pdfforge\ PDFCreator\Settings\ApplicationSettings Language = "en” HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ AppID\
\Images2PDF\Images2PDF.settings %Program Files%\PDFCreator\PayPal.ico %Program Files%\PDFCreator\pdfforge.ico %Program Files%\PDFCreator\DeleteMonitorDll.exe %ProgramData%\PDF Architect 3\Installation
\Licenses\GPL License.lnk %Common Programs%\PDFCreator\PDFCreator Help.lnk %Common Programs%\PDFCreator\PDFCreator on the Web.lnk %Common Programs%\PDFCreator\PDFCreator.lnk %Desktop%\PDF Architect 2.lnk
}7.com/ http://en.{BLOCKED}7.com "%Program Files%\ZXT2007 Software\Image To PDF\ImageToPDF.exe" %System%\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} %System%\DllHost.exe /Processid:
\nsDialogs.dll %Windows%\primopdf.ini %Program Files%\Nitro PDF\PrimoPDF\gsdll32.dll %Program Files%\Nitro PDF\PrimoPDF\PrimoRun.exe %Program Files%\Nitro PDF\PrimoPDF\PrimInstInfo.txt %Program Files%\Nitro PDF
This Trojan arrives as attachment to mass-mailed email messages. It deletes itself after execution. Arrival Details This Trojan arrives as attachment to mass-mailed email messages. Dropping Routine
Application adds the following folders: %User Temp%\ns{random}.tmp %Program Files%\Nitro PDF %Common Programs%\PrimoPDF (Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and
users when visiting malicious sites. Installation This Potentially Unwanted Application adds the following folders: %User Temp%\ns{random}.tmp %Program Files%\Nitro PDF %Common Programs%\PrimoPDF (Note:
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
\pair4.js %Program Files%\Adobe\acrobat reader dc\Reader\click on 'change' to select default pdf handler.pdf %Program Files%\Adobe\acrobat reader dc\Reader\webresources\resource0\base_uris.js %Program Files%
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies Internet Explorer security settings. This
This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Hacking Tool arrives on a
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ pdfforge Images2PDF\DefaultIcon HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ pdfforge Images2PDF\shell\open\ command HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 2\ Links HKEY_LOCAL_MACHINE