Search
Keyword: troj_cryptesla
This Trojan connects to the certain URL(s) to download its component file(s). Installation This Trojan injects threads into the following normal process(es): Explorer.exe Autostart Technique This
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It executes the downloaded files. As a result, malicious routines of the downloaded files
Installation This Trojan drops the following component file(s): %Startup%\ .jse %Windows%\Survival_0.txt (Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.) Autostart
This Trojan may arrive as a file that exports functions used by other malware. It arrives as a component bundled with malware/grayware packages. However, as of this writing, the said sites are
This Trojan may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. However, as of this writing, the said sites are inaccessible. It executes
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes the downloaded files. As a result, malicious
Installation This Trojan drops the following files: %User Temp%\RarSFX4\d.7z %User Temp%\RarSFX4\7za.exe %User Temp%\RarSFX4\explorer.exe %User Temp%\RarSFX4\nircmdc.exe (Note: %User Temp% is the
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes downloaded files whose malicious routines
This Trojan may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. Arrival Details This Trojan may be dropped by other malware. It may be
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It arrives as a component bundled with malware/grayware
This Trojan deletes itself after execution. Installation This Trojan drops the following files: %System%\ismserv.dll - non-malicious file (Note: %System% is the Windows system folder, which is
Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CLASSES_ROOT\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
It is a fake system diagnostic tool that tricks users into thinking that it is a legitimate program capable of searching for errors and issues on the affected system. Upon execution, it displays a
It opens TCP port 33440 and creates a completion port so that whenever a user tries to connect to any website, the request to that website will be intercepted and redirected to the proxy server on
This Trojan deletes itself after execution. Installation This Trojan drops the following copies of itself into the affected system: %Application Data%\{random numbers}.exe (Note: %Application Data%
This Trojan may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious websites. It installs a fake
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the user's Internet Explorer home page into
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are
This Trojan deletes itself after execution. Installation This Trojan drops the following copies of itself into the affected system: C:\Documents and Settings\All Users\Application Data\{random folder