Search
Keyword: URL
following: Connects to the following URL to send encryption key: https://{BLOCKED}s-court.{BLOCKED}h.me/{KEY} However, as of this writing, the said sites are inaccessible. It deletes itself after execution.
dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored
following contents: Displays the following: Connects to the following URL to download a file: https://cdn.{BLOCKED}dapp.com/attachments/548593284985913388/548621341654515783/despacito.gif It requires the
following file name if it doesn't exist in the %Desktop%: C:/Users/Admoooon/Desktop/TORBrowser.exe It uses the following URL to download the TORBrowser:
Windows Vista, 7, and 8.) Other Details This Trojan does the following: It connects to the following URL to download and execute code in memory: https://{BLOCKED}er.com/image.rar The document contains the
Trojan does not have any propagation routine. Backdoor Routine This Trojan does not have any backdoor routine. Download Routine This Trojan downloads the file from the following URL and renames the file
Trojan does not have any propagation routine. Backdoor Routine This Trojan does not have any backdoor routine. Download Routine This Trojan downloads the file from the following URL and renames the file
executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this
exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components.
information via HTTP POST to the following URL: http://bit.ly/{BLOCKED}ni NOTES: The URL http://bit.ly/{BLOCKED}ni redirects to http://www.{BLOCKED}ople.com.br/wp-content/uploads/2012/12/logo-gvt.gif.
delay proxy suspend open URL install unknown (Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, XP, and
downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. NOTES: The said site (where users can get
are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its
possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Information Theft This Trojan does not have any
from the following URL and renames the file when stored in the affected system: %User Temp%\GSTOUF.exe (Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\
from the following URL and renames the file when stored in the affected system: http://{BLOCKED}ource.com/i39xms It saves the files it downloads using the following names: %User Temp%
possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Other Details This Trojan deletes itself after
from the following URL and renames the file when stored in the affected system: http://{BLOCKED}s.com/v9puv4 http://{BLOCKED}il.no/yzky84 http://{BLOCKED}chuster.at/jxchtnpd It saves the files it
NOTES: The user is able to customize the following: URL where the stole information will be sent E-mail address where the stolen information will be sent Icon to be use by the generated file Whether or not
unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED