Search
Keyword: URL
body. Aside from this, it also intercepts SMS messages and sends them via SMS or HTTP. If it sends by HTTP, it appends the following to the URL where it sends the intercepted SMS messages: ?sender={sender
file. It starts a background thread to download a configuration file from Dropbox . Contents of the downloaded configuration file point to URL where another malicious .APK file is downloaded: It then
\Software\Microsoft\ Internet Explorer\Main TabProcGrowth = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\URL SystemMgr = "Del" Other Details This worm connects to the following possibly
following malware: TROJ_CHALCOL.A Backdoor Routine This backdoor executes the following commands from a remote malicious user: Download files Execute files Get URL to download Perform remote shell Remove
hosted. It decodes the downloaded file and saves it locally as follows: %User Temp%\{Random File Name}.exe The URL where this malware is hosted is not specified in the malware code. It does not have rootkit
remote site to dowload a file. However, the URL where the malware will connect is not in the malware body. Connects to URLs/IPs, Downloads files, Drops files
randomly-generated URL as follows: http://{10 random characters}.com/index.html?{random} http://{10 random characters}.net/index.html?{random} http://{10 random characters}.org/index.html?{random} http://{10 random
commands. It connects to a URL to send and receive commands from a remote malicious user. Based on its code, it is capable of opening a remote shell, logging keystrokes, creating screen captures, browsing and
UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0;Windows NT 5.1;NET CLR 2.0.3.5) Cookie: {random value}{Computer Name} When the Trojan downloads a file from the malicious URL to the user's system,
visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}leans.com/images/al0212.exe http://
software vulnerabilities to download possibly malicious files: Oracle Java SE Remote Java Runtime Environment Vulnerability (CVE-2012-0507) It downloads a possibly malicious file from a certain URL. The URL
malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: tt t lcdrlio Exploit:Java/CVE-2012-0507
filename}.exe" Other Details This Trojan connects to the following URL(s) to check for an Internet connection: www.msn.com It connects to the following possibly malicious URL: {helplinks URL of installed
the following names: /tmp/{7 Random Filename 1} /tmp/seasame Other Details This Trojan does the following: It downloads from the following URL depending on system processor: {BLOCKED}.{BLOCKED
malicious routines of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
URL to mine cryptocurrency: https://cdn.{BLOCKED}erpool.tk/webmr-x7.js Connects to the following URL: https://{BLOCKED}ystem1.space/php3/doms1.php -Link to be send to friends http://{BLOCKED
connects to the following malicious URL to create and send encryption keys: http://{BLOCKED}vv2z7lassu.onion.link/ed2/createkeys.php http://{BLOCKED}vv2z7lassu.onion.link/ed2/savekey.php
Upon opening the document, shows the following user prompt: NOTES: The malware contains an embedded object which contains the malicious URL: The malware is capable of connecting to the malicious URL upon
URL: {helplinks URL of installed program} http://{BLOCKED}3.com/default.aspx http://{BLOCKED}.{BLOCKED}.57.38/ However, as of this writing, the said sites are inaccessible.
malicious sites. Other Details This Ransomware does the following: It accesses the following URL and download a non-malicious file: