Search
Keyword: bat
\ List {malware path}\{malware name}.exe = "{malware path}\{malware name}.exe:*:Enabled:Mantle Acne" NOTES: The extension name of the dropped copy is any of the following: bat cmd com exe pif scr
following: BAT CMD COM EXE PIF SCR It checks if it is being run in VMWare environment or Emulation software. If it is being run in a VMWare environment or Emulation software, it performs another routine where
copy of itself NOTES: Where {extension name} is any of the following: BAT CMD COM EXE PIF SCR Worm:Win32/Gamarue.I (Microsoft), Generic BackDoor.abd (McAfee), a variant of Win32/Kryptik.ALNP trojan
http://www.update.microsoft.com It deletes the initially executed copy of itself NOTES: Where {extension name} is any of the following: BAT CMD COM EXE PIF SCR It does not have rootkit capabilities. It does not exploit any
following extensions: enc exe lnk dll lib dat ini sys shs gadget idx scr etl cdf-ms lock manifest key evtx blf cdfs sfcache man mui ocx bat cat pdb sif sfc mdmp dmp drv cpl nls vtd gpd grp evt conf dev msc
following extensions: enc exe lnk dll lib dat ini sys shs gadget idx scr etl cdf-ms lock manifest key evtx blf cdfs sfcache man mui ocx bat cat pdb sif sfc mdmp dmp drv cpl nls vtd gpd grp evt conf dev msc
following extensions: enc exe lnk dll lib dat ini sys shs gadget idx scr etl cdf-ms lock manifest key evtx blf cdfs sfcache man mui ocx bat cat pdb sif sfc mdmp dmp drv cpl nls vtd gpd grp evt conf dev msc
its dropped copy may be any of the following: BAT CMD COM EXE PIF SCR Trojan-Downloader.Win32.Andromeda.tvq (Kaspersky), RDN/Worm-FGT!a (McAfee) Downloaded from the Internet, Dropped by other malware
bat file {Encrypted Folder}\{Generated Hash from File Path and Name}.info → contains encryption info of encrypted file It adds the following processes: To disable specific services %System%\cmd.exe /C
exfiltrates data found on the following mail client applications. Windows Mail %localappdata%\Microsoft\Windows Mail\Local Folders .eml The Bat! %localappdata%\The Bat! Mail Clients\The Bat\Local .TBB .TBN .MSG
encrypting files with the following file extensions: inf bat cab cmd com cpl cur dll drv exe hlp hta icl ico idx ini lnk msi ocx spl sys [Readme.html on Desktop] Trojan.WinGo.Rozena (IKARUS) Downloaded from
hlp icl icns ico ics lnk idx mod mpa msc msp msstyles msu nomedia prf rom rtp scr shs spl sys theme themepack deskthemepack bat cmd url mui inf pf ntldr nls hta ax msi mst iso Win64:Malware-gen (AVAST)
json xml csv db sql dbf mdb iso html htm xhtml php asp aspx js jsp css c cpp cxx h hpp hxx cs java class jar war ps1 bat vb awk sh cgi pl ada swift go py pyc bf coffee zip tar tgz bz2 7z rar bak It
{Drive}:\Contact Us.txt It avoids encrypting files with the following file extensions: 386 adv ani bat bin cab cmd com cpl cur deskthemepack diagcab diagcfg diagpkg dll drv exe hlp hta icl icns ico ics idx
.qxzb3ZaxP It drops the following file(s) as ransom note: {Encrypted Directory}\qxzb3ZaxP.README.txt It avoids encrypting files with the following file extensions: 386 adv ani bat bin cab cmd com cpl cur
adv ani bat bin cab cmd com cpl cur deskthemepack diagcab diagcfg diagpkg dll drv exe hlp hta icl icns ico ics idx key ldf lnk lock mod mpa msc msi msp msstyles msu nls nomedia ocx pdb prf ps1 rom rtp
Us.txt It avoids encrypting files with the following file extensions: 386 adv ani bat bin cab cmd com cpl cur deskthemepack diagcab diagcfg diagpkg dll drv exe hlp hta icl icns ico ics idx key ldf lnk lock
backdoor connects to the following URL(s) to check for an Internet connection: www.update.microsoft.com NOTES: The {extension name} of the dropped copy is any of the following: bat cmd com exe exe pif scr
the dropped copy is any of the following: bat cmd com exe pif scr Win32/TrojanDownloader.Wauchos.A (Eset), Worm:Win32/Gamarue.I (Microsoft) Spammed via email Compromises system security, Connects to
ai aif amr ape apnx ari arw asf asp aspx asx avi azw azw1 azw3 azw4 bak bat bay bin bmp camproj cat ccd cdi cdr cer cert cfg cgi class cmf cnf conf config cpp cr2 crt crw crwl cs csv cue dash dat db