Search
Keyword: microsoft internet explorer
\{Generated Hash} Autostart Technique This Ransomware adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
following URL(s) to send and receive commands from a remote malicious user: {BLOCKED}.{BLOCKED}.123.29:443 Dropped by other malware, Downloaded from the Internet Drops files, Terminates processes, Compromises
}.toxcrypt Downloaded from the Internet Modifies files, Connects to URLs/IPs
the following applications: Facebook Hacker Pro Dropped by other malware, Downloaded from the Internet Drops files
Service Internet Connection Service Media Center Service Network Storage Service Peer Networking Address PNRP Machine Name Power Policy Program Compatibility Service Remote Registry Configuration Smart Card
Trojan-Downloader.JS.Nemucod (Ikarus) Downloaded from the Internet Drops files, Connects to URLs/IPs, Executes files
Rootkit.81414 (BITDEFENDER); Trojan horse SCGeneric_c1.BEI (AVG) Dropped by other malware, Downloaded from the Internet
displays the following after encrypting files: Dropped by other malware, Downloaded from the Internet Displays graphics/image, Displays windows, Terminates processes, Connects to URLs/IPs, Downloads files,
ransom notes containing the following text: Ransom.HiddenTear(Malwarebytes) Downloaded from the Internet Connects to URLs/IPs, Steals information, Encrypts files, Displays graphics/image, Displays
Communication based on HTTP Protocol: Fetching for a list of IP addresses or domains for scanning a range of IP Fetching for a list of passwords Reports the scan results It fetches internet resources using
malware, Downloaded from the Internet Displays graphics/image, Encrypts files
Lite) Spammed via email, Dropped by other malware, Downloaded from the Internet Connects to URLs/IPs, Downloads files
Troj/Banaran-A (SOPHOS_LITE) Dropped by other malware, Downloaded from the Internet Displays message/message boxes, Encrypts files
following after encryption: Trojan-Ransom.BeethoveN (Ikarus), MSIL/Filecoder.BeethoveN.A (ESET-NOD32), Trojan.Ransom.BeethoveN (ALYac) Dropped by other malware, Downloaded from the Internet Drops files,
local time is less than January 2016 Dropped by other malware, Downloaded from the Internet Collects system information, Steals information, Drops files, Terminates processes, Connects to URLs/IPs,
malware, Downloaded from the Internet Encrypts files, Steals information
vcreg.sys vradfil2.sys UPATRE Ups the Ante With Attachment Inside An Attachment Dropped by other malware, Downloaded from the Internet
query parameters: Data Exec Ack Cmd Raw Id Inst Careto and OS X Obfuscation Dropped by other malware, Spammed via email, Downloaded from the Internet Collects system information, Compromises system
Trojan-Ransom.Win32.Locky.bqr (Kaspersky); Ransom.Locky (Symantec) Downloaded from the Internet Connects to URLs/IPs, Encrypts files, Displays message/message boxes, Steals information
Delete Shadows /Quiet /All NOTES: It displays the following ransom note: Trojan-Ransom.Win32.Locky.cad (Kaspersky), Ransom.Locky (Symantec), Dropped by other malware, Downloaded from the Internet Encrypts