Search
Keyword: URL
exploits the said vulnerabilities, it connects to the following URL to download malicious files detected by Trend Micro as TROJ_RANSOM.NTW and BKDR_ZACCESS.NTW: http://{Random}.{BLOCKED}ip.name/temp/newyear/
cssrs.exe and System.exe , the malware connects to the following URL using a random port. A remote malicious user will then be able to execute arbitrary commands in the affected system: {BLOCKED}ga.zapto.org
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It downloads a file from a certain URL then renames it
information-stealing capability. NOTES: Rootkit Capabilities This malware does not have rootkit capabilities. Other Details It reports system infection by sending IP address and infection time to the following URL via
certain vulnerability in Java Runtime Environment. It is part of the Blackhole Exploit kit. This Trojan downloads a possibly malicious file from a certain URL. The URL where this it downloads the said file
{BLOCKED}6.club96.info/wepay.html When visited, it displays the following message: It then redirects to the following URL: http://{BLOCKED}6.club96.info The said URL then redirects to the following website:
the following non-malicious URL to get the IP: http://icanhazip.com Trojan:Win32/Danglo!gmb (Microsoft); Win32/TrojanDownloader.Hancitor.A (ESET-NOD32); RDN/Downloader.a!ti (McAfee); Trojan.Smoaler
intended routine. NOTES: It adds the following user accounts to the Administrator group: piress This file accepts a URL as a parameter and downloads it to the mentioned file above and executes it.
2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file
the following URL(s) to send and receive commands from a remote malicious user: {BLOCKED}.{BLOCKED}.252.125:5555 NOTES: The URL it accesses is a private IP address. Therefore, its C&C server is a host
file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: figs hobs Trojan.Maljava (Symantec);
ucp_profile.php It requires its main component to successfully perform its intended routine. NOTES: It connects to the following URL to download the contents of the file that will be used to compute for its crypt
"rundll32.exe "C:\Users\win7\SoundMax.dll", Launch" Other Details This backdoor connects to the following possibly malicious URL: http://{BLOCKED}.{BLOCKED}.204.227:443/{n} NOTES: The {n} in the URL refers to the
8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
all dropped files after execution. As of this writing, the URL http://{BLOCKED}.{BLOCKED}.131.49/upd2/install.exe is inaccessible. W97M/Generic(AVG); MW97:Downloader-AI [Trj](Avast); W97M.Downloader
\SearchScopes\{24588FA4-10F1-41D7-B19D-6E22361E47FA} URL = "http://www.{BLOCKED}e.cn/search?q={searchTerms}" It modifies the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer
URL where this malware downloads the said file depends on the parameter passed on to it by its components. BehavesLike.Flash.Exploit.cb (McAfee); Troj/SWFExp-CD (Sophos); SWF/Exploit.ExKit.L (Nod32)
" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\URL SystemMgr = "Del" Other Details This Trojan deletes itself after execution. This report is generated via an automated analysis system.
visiting malicious sites. Dropping Routine This Trojan drops the following files: %User Temp%\GID.dat ← required for the downloaded file to work, contains the url to connect (Note: %User Temp% is the user's
pipe to send and receive commands. It connects to the following DNS Server and URL to send and receive information: post.{data}.{random number}.ns1.torayservice.com post.{data}.{random number