Search
Keyword: URL
or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected
Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}.{BLOCKED}.89.4/good/good.exe It takes advantage of the
Server and URL to send and receive information: {random numbers}.ns7.{BLOCKED}ervice.com/updates.rss {random numbers}.ns8.{BLOCKED}ervice.com/pixel.gif {random numbers}.ns9.{BLOCKED}ervice.com/dot.gif It
following URL to verify the key: https://jokebeatzz.l{BLOCKED}ty.de/kws.txt As of this writing, the current key is "cracked:cracked" Trojan.Win32.Diztakun.bckd (Kaspersky); Ransom.HiddenTear (Symantec);
or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected
\Windows.) It adds the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\BITS URL = "http://{BLOCKED}.197.146:12345/1.txt" Dropping Routine This Trojan drops the following files:
\ Windows\CurrentVersion\URL SystemMgr = "Del" Other Details This spyware connects to the following possibly malicious URL: http://www.{BLOCKED}r.com/3/m.rar This report is generated via an automated analysis
the following URL(s) to send and receive commands from a remote malicious user: {BLOCKED}.{BLOCKED}.252.125:5555 NOTES: The URL it accesses is a private IP address. Therefore, its C&C server is a host
2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file
Trojan downloads the file from the following URL and renames the file when stored in the affected system: https://{BLOCKED}n.co.uk/wp-content/uploads/2012/09/banner.exe It saves the files it downloads
remote user or malware/grayware to download files: Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2014-0556) It downloads a possibly malicious file from a certain URL. The URL where this
and receive commands from a remote malicious user: {BLOCKED}.{BLOCKED}.238.178:443/search?hl={random} NOTES: It sends the following information to the URL upon connection: OS Version Volume Information
Delete, Creation Time) Retrieve Volume/Drive Information Visit URL / Download File Delay (10s) It connects to the following websites to send and receive information: http://{BLOCKED}sean.{BLOCKED}p.net/
\SearchScopes\{24588FA4-10F1-41D7-B19D-6E22361E47FA} URL = "http://www.{BLOCKED}e.cn/search?q={searchTerms}" It modifies the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer
exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components.
Server 2012.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: viz
the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}cro.com.br/m8isda It saves the files it downloads using the following names: %User Temp%
the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}utplanet.com/ty43ff333.exe It saves the files it downloads using the following names: %User Temp%
browser, it will connect to the URL mentioned above and will display a download window where the user can set the path and filename of the downloaded file manually. NOTES: This malware displays the following
" Other Details This Trojan connects to the following possibly malicious URL: {random domain name}.xyz {helplinks URL of installed program} However, as of this writing, the said sites are inaccessible.