Search
Keyword: URL
downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED
following: This Trojan presents the user a fake message tricking them to click on the following link: http://{BLOCKED}editltd.com/lusada/onedrv/index.htm Clicking on the URL displays this webpage: Choosing an
from the following URL and renames the file when stored in the affected system: http://{BLOCKED}kesya.com/76g8h8y7 It saves the files it downloads using the following names: %User Temp%\XzJkKFrSn.exe
insertion of a certain malicious script. It does the following: Connects to the following URL to mine cryptocurrency: https://{BLOCKED}ve.com/lib/coinhive.min.js?rnd={Random Number}
This Coinminer arrives as a component bundled with malware/grayware packages. It downloads a file from a certain URL then renames it before storing it in the affected system. It executes the
-windowstyle hidden -e {base-64 encoded string} It does not exploit any vulnerability. NOTES: This Trojan also connects to the URL http://{BLOCKED}.{BLOCKED}.14.193:80/connect to send the gathered information as
or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) NOTES: This Trojan connects to the URL {BLOCKED}.{BLOCKED}.128.129:1337 to receive additional blocks for mining Primecoins .
then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where
software to download malicious files: Oracle Java SE Remote Java Runtime Environment Vulnerability (CVE-2012-0507) It downloads a possibly malicious file from a certain URL. The URL where this malware
possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: tt t lcdrlio Exploit:Java/CVE-2012-1723
{random filename}.exe" Other Details This Trojan connects to the following possibly malicious URL: http://{BLOCKED}iness.com {helplinks URL of installed program} However, as of this writing, the said sites
displays the following as ransom note: It directs to the following URL when the "Buy BitCoin" button was clicked: https://www.youtube.com/watch?v={BLOCKED}J3Q9g https://www.{BLOCKED}e.com/en
malicious users. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}.{BLOCKED}.43.146/888.jpg It saves the files it
{BLOCKED}.{BLOCKED}.117.63/{jpr.exe or sava.exe} %User Temp%\{random numbers}.exe&start %User Temp%\{random numbers}.exe Download Routine This Trojan downloads the file from the following URL and renames the
file from the following URL and renames the file when stored in the affected system: http://serverstresstestgood.{BLOCKED}s.org/big/big.exe It takes advantage of the following software vulnerabilities to
versions.) Other Details This Hacking Tool does the following: It attempts to activate the following: Microsoft Windows OS Microsoft Office 2010-2021 It opens the following URL upon clicking the button
users: gedpmjxvac It displays text boxes to input custom data for e-mail creation purpose: It connects to the following URL to check spam score of e-mail composed: http://spamcheck.postmarkapp.com/filter
URL containing a DLL/EXE to load and execute PEBytes - a byte array containing a DLL/EXE to load and execute ComputerName - Optional, an array of computer names to run the script on FuncReturnType -
proceed with its intended routine. It connects to the following URL to download its component which it will load in its memory and perform its malicious routine: https://d{BLOCKED
Set last modified time to files Download files Download files from URL List database catalogs List database tables List table columns Execute database query Execute arbitrary commands Rootkit