Search
Keyword: URL
may use proxy connections by connecting to the URL {Proxy server name}:{Port Number} . The proxy server name and port number depends on the file {malware path}\mpc.dat} If the said file is not present,
%System Root%:\Users\Public\Libraries\up to the following URL using HTTP POST. http://{BLOCKED}lys.com/index.aspx?id=_3 Backdoor Routine It connects to the following URL to download an executable file:
following: It can access SQL and PostgreSQL database (requires Host, Username, Password, and Database name ) It connects to the following URL to acquire an update: http://{BLOCKED
only connects to the said URL once a specific link is clicked by the user.
Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine. Apache Software Foundation Tomcat JK Web Server Connector
file, it accesses the said URL which is a phishing site, asking to fill out data to be stolen. Trojan:Win32/Pdfphish.AG (Microsoft)
PDF file, it accesses the said URL which is a phishing site, asking to fill out data to be stolen.
malicious URL to send the gathered information and get an XML configuration file. This backdoor may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a
website and run when a user accesses the said website. It may be downloaded from the following remote sites: http://{BLOCKED}9.cn/d/all.htm NOTES: Upon execution, it attempts to connect to the following URL
executes the following commands from a remote malicious user: Capture screen shots Download files Upload files Enumerate files and folders Execute files Get default internet browser Navigate and open a URL
Intermediate Driver sample, which is included in Windows WDK. It blocks communication to certain antivirus-related organizations by checking if URL addresses contain specific strings. It is registered as a
This file contains a URL where it connects to possibly download other files. It deletes itself after execution. Arrival Details This Trojan arrives on a system as a file dropped by other malware or as a
}-pool.fr:443 -u 45hgMAs1sNdMs7H9aCQm8oMCG5HGg37nv9Ab5r8u4R9gcWkSteobyt6faTuV8tnzhSUH3WFmStG1YXtsvSkSo5sz2ugxSW4 -a sets the algorithm -o sets the url for mining server -u sets username for mining server Changes
a user. Download Routine This Adware accesses the following websites to download files: http://download-new.utorrent.com/endpoint/utorrent/os/windows/track/stable/ -> Non-malicious URL It saves the
visiting malicious sites. Installation This Trojan drops the following non-malicious file: %Application Data%\ID - contains URL of the remote server (Note: %Application Data% is the current user's
downloads the file specified in the URL in the parameter assof . It saves the files it downloads using the following names: %User Temp%\{random number}.exe It then executes the downloaded files. As a result,
Routine This Trojan takes advantage of the following software vulnerabilities to download possibly malicious files: CVE-2010-0840 NOTES: It downloads from the URL specified in the parameter p and saves it
Routine This Trojan saves the files it downloads using the following names: {Parameter-based}.exe It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said
Routine This Trojan saves the files it downloads using the following names: {Parameter-based}.exe It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said
Installation This malware drops the following file(s)/component(s): %TEMP%\{random name}.exe Download Routine This malware downloads a possibly malicious file from a certain URL. The URL where this malware