Search
Keyword: URL
when visiting malicious sites. Other Details This Coinminer does the following: It accepts the following parameters: -a, --algo=ALGO → cryptonight (default) or cryptonight-lite -o, --url=URL → URL of
{pseudorandom alpha characters}.{BLOCKED}m/forum/ NOTES: It may connect to a remote URL to download its configuration file. The said file contains information where the malware can download an updated copy of
folders: {All User's Profile}\Application Data\padpd\bg.jpg %System Root%\Program Data\padpd\bg.jpg It loads contents from the URL http://www.{BLOCKED}5.com/user/content_ajax_release5.php . The URL where
unsuccessful, will download from the following URL instead: URL2: https://{BLOCKED}icavirtual.org/wp-content/out/lim.php URL1: https://{BLOCKED}o.us/wp-content/out/lim.php If unsuccessful, will download from the
OS architecture Domain Username Date Other Details This Trojan does the following: If Administrator role: It connects to the following URL to download component loaded in its memory: http://cdn.
}p.ru/pro/project/index.php http://www.{BLOCKED}p.ru/pro/project/index2.php Other Details Based on analysis of the codes, it has the following capabilities: It accesses the following URL to POST information about the affected
{hash} http://{BLOCKED}egta.su//b/{eve|opt|letr}/{hash} Information Theft This spyware s configuration file contains the following information: Search URL (referrer url) Update URL (new C&C) Click URL
{hash} http://{BLOCKED}egta.su//b/{eve|opt|letr}/{hash} Information Theft This spyware s configuration file contains the following information: Search URL (referrer url) Update URL (new C&C) Click URL
legitimate UPS website to trick them into clicking the malicious URL that starts the infection chain. When users executed the backdoor, it steals stored information found in certain FTP clients and email
local computer names, user names, and IP addresses and of retrieving a file from a remote URL without the users' knowledge.
site. Users can easily spot the phishing site if they see the site URL is something else other than https://online.dubaifirst.com/ . To avoid becoming victims of phishing scams, Trend Micro advises users
This backdoor connects to a certain URL to send and receive commands from a remote malicious user. It gathers certain information and sends the gathered information via HTTP POST to a specific URL.
below: CVE-2012-0507 NOTES: It downloads from the URL specified in the parameter b that the web page hosting the virus provides and executes the downloaded file. As a result, malicious routines of the
Server 2003.) NOTES: This is a Java class file that is used to execute an exploit code. Once successful, it may download a possibly malicious file from a certain URL. The URL where this malware downloads
executes the dropped component file. The dropped component file downloads a file from a URL specified in the encrypted parameter,. p . The downloaded file is saved as %User Temp%\{random number}.exe , and is
intended routine. NOTES: This is a malicious Java archive file (.JAR), which attempts to download and execute possibly malicious file from a certain website. The URL where this malware downloads the said
Server 2003.) NOTES: This is a Java class file that is used to execute an exploit code. Once successful, it may download a possibly malicious file from a certain URL. The URL where this malware downloads
Server 2003.) NOTES: This is a Java class file that is used to execute an exploit code. Once successful, it may download a possibly malicious file from a certain URL. The URL where this malware downloads
The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Exploit:Java/CVE-2012-1723.AC (Microsoft), Exploit.Java.CVE-2012-0507.nh (Kaspersky),
component of a malicious Java archive file (.JAR), which is capable of downloading and executing other possibly malicious files from a certain URL. The URL where this malware downloads the said file depends