Search
Keyword: JS_XORBAT.B
%User Temp%\DLG\ui\common\base %User Temp%\DLG\ui\common\base\css %User Temp%\DLG\ui\common\progress\css %User Temp%\DLG\ui\common\last\js %User Temp%\DLG\ui\offers\fd286b8d7f971e3468eba12c41b59383
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It attempts to steal sensitive online banking information, such as user names and
\ui\offers\d033278d2583e0fe2b7585ceb4483ad9\img %User Temp%\DLG\ui\common\base\css %User Temp%\DLG\ui\offers\d033278d2583e0fe2b7585ceb4483ad9\js %User Temp%\DLG\ui\common\base\js %User Temp%\DLG\ui
\ui\offers\1522ef138ba104249c3934a80811f825\img %User Temp%\DLG\ui\offers\1522ef138ba104249c3934a80811f825\js %User Temp%\DLG\ui\common\progress\css %User Temp%\DLG\ui\common\progress\img %User Temp%
\offers\offers\opera %User Temp%\ip\bin %Application Data%\InstallPack\logs %User Temp%\ip %User Temp%\ip\bin\Tools %User Temp%\ip\js %User Temp%\ip\offers\offers %User Temp%\ip\offers\offers\avast %User
\ runas\command HKEY_CURRENT_USER\jS HKEY_CURRENT_USER\jS\DefaultIcon HKEY_CURRENT_USER\jS\shell HKEY_CURRENT_USER\jS\shell\ open HKEY_CURRENT_USER\jS\shell\ open\command HKEY_CURRENT_USER\jS\shell\ runas
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This File infector arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This File infector arrives on a
%AppDataLocal%\pip\cache\http\a\6\9\b\d\{username} %System Root%\excel2k\{username} %AppDataLocal%\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg.KEKW %System Root%\Python27\Lib\site-packages
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It may be injected into
{B3E47B04-71C9-4887-978A-C7B73D705D72} %User Temp%\~zm_{B3E47B04-71C9-4887-978A-C7B73D705D72}\css %User Temp%\~zm_{B3E47B04-71C9-4887-978A-C7B73D705D72}\images %User Temp%\~zm_{B3E47B04-71C9-4887-978A-C7B73D705D72}\js (Note: %User Temp%
\icons %User Temp%\~zm_{C6B674EE-5539-4B47-94BA-46A998DA5880}\js %User Temp%\~zm_{C6B674EE-5539-4B47-94BA-46A998DA5880}\js\bramus %User Temp%\~zm_{C6B674EE-5539-4B47-94BA-46A998DA5880}\js\prototype (Note:
This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be manually installed by a user. Arrival Details
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It modifies the Internet
\Microsoft.Office.Desktop_8wekyb3d8bbwe %Program Files%\AxGlyph\HTMLForms\js %Program Files%\AxGlyph\Dat\GXX\301 %All Users Profile%\Microsoft\Word %Program Files%\AxGlyph\HTMLForms\1 %Program Files%\AxGlyph\Dat\8PX\101 %Application Data%
This spyware may be manually installed by a user. Arrival Details This spyware may be manually installed by a user. Installation This spyware drops the following files: %All Users Profile%
{8D121F0E-DD71-419D-B363-B008D4BE8476} %User Temp%\~zm_{8D121F0E-DD71-419D-B363-B008D4BE8476}\css %User Temp%\~zm_{8D121F0E-DD71-419D-B363-B008D4BE8476}\images %User Temp%\~zm_{8D121F0E-DD71-419D-B363-B008D4BE8476}\js (Note: %User Temp%
{39285E50-72B9-4EBA-BB36-4204B4438777} %User Temp%\~zm_{39285E50-72B9-4EBA-BB36-4204B4438777}\css %User Temp%\~zm_{39285E50-72B9-4EBA-BB36-4204B4438777}\images %User Temp%\~zm_{39285E50-72B9-4EBA-BB36-4204B4438777}\js (Note: %User Temp%
{5A6C0D54-E2F2-4ABB-B2D3-7C7BC9B804C5} %User Temp%\~zm_{5A6C0D54-E2F2-4ABB-B2D3-7C7BC9B804C5}\css %User Temp%\~zm_{5A6C0D54-E2F2-4ABB-B2D3-7C7BC9B804C5}\images %User Temp%\~zm_{5A6C0D54-E2F2-4ABB-B2D3-7C7BC9B804C5}\js (Note: %User Temp%