Search
Keyword: Coinminer_MALXMR.SMGH2-ELF64
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This
This DYRE variant is downloaded by an upgraded version of UPATRE that has the capability to disable detection. Other notable routines of the said UPATRE variant include disabling of firewall/network
" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\ge DisplayName = "Google Update" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\ge Start = "2" It adds the following registry entries to enable its
"13a83" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\Tcpip\Parameters DefaultTTL = "4" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\Tcpip\Parameters TcpMaxDupAcks = "2" HKEY_LOCAL_MACHINE\SYSTEM
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes commands from a remote malicious user,
LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\WhoWhere
\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\WhoWhere LDAP Server ID = "3" HKEY_CURRENT_USER\Software\Microsoft
This backdoor arrives via removable drives. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the user's
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
This spyware may be downloaded by other malware/grayware/spyware from remote sites. It connects to certain websites to send and receive information. It deletes itself after execution. Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
|WantMoney8|WantMoney9|WantMoney10 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ WantMoney1|WantMoney2|WantMoney3|WantMoney4|WantMoney5|WantMoney6|WantMoney7|WantMoney8|WantMoney9|WantMoney10 EditFlags = 2
" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER
" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER
CVE-2014-0301 This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted image
(MS13-096) Vulnerability in Microsoft Graphics Component Could allow Remote Code Execution (2908005) 
2008 for x64-based Systems Service Pack 2,Windows Server 2008 for Itanium-based Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008
" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER
\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1