Search
Keyword: Mal_SageCrypt
This Trojan may be downloaded from remote sites by other malware. Arrival Details This Trojan may be downloaded from the following remote site(s): http://web.kfc.ha.cn:6668/Down/my/124.exe It may be
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan may be unknowingly downloaded by a user while visiting malicious websites. It listens on ports. It connects to certain URLs. It may do this to remotely inform a malicious user of its
This Trojan may be unknowingly downloaded by a user while visiting malicious websites. It connects to certain URLs. It may do this to remotely inform a malicious user of its installation. It may also
Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CLASSES_ROOT\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
This Trojan connects to URLs to download other possibly malicious files and configuration files. It checks and reports to the URLs if certain processes are running on the system. This Trojan may be
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. However, as of this writing, the said sites are inaccessible. It uses
This Trojan terminates itself if it detects it is being run in a virtual environment. Installation This Trojan terminates itself if it finds the following processes in the affected system's memory:
This Trojan is a configuration file dropped by variants of WORM_QAKBOT malware. It contains the following information: URL where it can download an updated copy of its configuration file. FTP and IRC
This spyware attempts to steal information, such as user names and passwords, used when logging into certain banking or finance-related websites. Arrival Details This spyware may be unknowingly
This Trojan connects to certain websites to send and receive information. Installation This Trojan drops the following copies of itself into the affected system: %System%\{random}.exe (Note: %System%
This Trojan deletes itself after execution. Installation This Trojan drops the following copies of itself into the affected system: %Windows%\Help\2ACE4CFBAF2C.exe (Note: %Windows% is the Windows
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It modifies the Internet
However, as of this writing, the said sites are inaccessible. Arrival Details However, as of this writing, the said sites are inaccessible. Installation This Trojan drops the following copies of
This Trojan may arrive bundled with malware packages as a malware component. It may be downloaded by other malware/grayware/spyware from remote sites. It deletes itself after execution. Arrival
This spyware is injected into all running processes to remain memory resident. It attempts to steal information, such as user names and passwords, used when logging into certain banking or
This spyware is injected into all running processes to remain memory resident. It attempts to steal information, such as user names and passwords, used when logging into certain banking or
This spyware is injected into all running processes to remain memory resident. It attempts to steal information, such as user names and passwords, used when logging into certain banking or
This worm arrives by connecting affected removable drives to a system. It deletes registry entries, causing some applications and programs to not function properly. It drops an AUTORUN.INF file to