Search
Keyword: os2first
hy99pers9c9a9n if posible = "0" HKEY_CURRENT_USER\Software\Burger Engine s9c9a9nThreadpriority = "4" HKEY_CURRENT_USER\Software\Burger Engine First Time User = "0" Dropping Routine This Trojan drops the following
\Software\HiSoft\ CrackDownloader\Settings It adds the following registry entries: HKEY_CURRENT_USER\Software\HiSoft\ CrackDownloader\Settings First Start = "0" HKEY_CURRENT_USER\Software\HiSoft
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
\Software\Blizzard Injector It adds the following registry entries: HKEY_CURRENT_USER\Software\Blizzard Injector First Time User = "0" This report is generated via an automated analysis system.
visiting malicious websites. NOTES: Other Details Based on analysis of the codes, it has the following capabilities: Hooks the macro Auto_Open . Before doing this, it first checks for the file STARTUP.XLS
address specified in the first command-line parameter through the port specified in the second command-line parameter. If a third and fourth command-line parameter were specified, it connects via a proxy
This spyware may be manually installed by a user. Arrival Details This spyware may be manually installed by a user. Installation This spyware drops the following files: C:\Private\10003a3f\import
use names of the existing folders, and hardcoded file names. This is to execute the malware copy first before opening the real folder. It then changes the attributes of the original folders into Hidden
technique enables the copy of the worm to execute first before opening the real folder. It then changes the attributes of the original folders to Hidden and System to avoid early detection.
November 15, this virus' destructive payload activates. It formats the first track of the hard disk and enters an infinite loop, which causes the system to hang. The following text string is found in this
LDPINCH malware are comprised of worms and Trojans noted for its information stealing routine. First strains of this malware family appeared in 2007. Its variants are known to be downloaded from
This spyware may be downloaded by other malware/grayware from remote sites. It logs a user's keystrokes to steal information. Arrival Details This spyware may be downloaded by the following
extensions: .avi .bmp .doc .gif .jpe .jpg .mp3 .mp4 .mpg .pdf .png .tif .txt .wav .wma .wmv .xls This routine enables the copy of the worm to execute first before opening the real folder or file. It then
LDPINCH malware are comprised of worms and Trojans noted for its information stealing routine. First strains of this malware family appeared in 2007. Its variants are known to be downloaded from
MUMA is a family of worms that spreads via network shares. It propagates by penetrating systems with weak administrator passwords and copying its program to vulnerable systems. In addition, it also
prompted Microsoft to issue an out-of-band patch days after its first variant came out. In later investigations, STUXNET was revealed to be targeting computers controlling critical infrastructures known as
.png .tif .txt .wav .wma .wmv .xls This routine enables the copy of the worm to execute first before opening the real folder or file. It then changes the attributes of the original folders and files to
First spotted in 2006, NUWAR malware spread across systems via mass mailing copies of itself as an attachment. Its worm variants contain its own Simple Mail Transfer Protocol (SMTP) engine to send
This Trojan may be downloaded by other malware/grayware from remote sites. It may be dropped by other malware. It arrives as a component bundled with malware/grayware packages. As of this writing,
opened, AutoCAD then loads and executes this malware. It first searches for the file BASE.DCL and looks for ACADDOC.LSP in the same folder where BASE.DCL is located. It also searches for the file