Search
Keyword: Possible_OLGM-23
Trojan and its main component will connect to a possible malicious site with the following format: http://{IP}/{BLOCKED}/i.html Trojan:Win32/Enchanim (Microsoft)
amount of time a message is queued before it is returned depends on local configura- tion parameters. Most likely there is a network problem that prevented delivery, but it is also possible that the
Trojan and its main component will connect to a possible malicious site with the following format: http://{IP}/{BLOCKED}/i.html Trojan:Win32/Enchanim (Microsoft)
user accesses the said website. NOTES: This is the Trend Micro detection for Java files used as a component of another malware. This malware is used to download files. A URL where a possible malicious
%windows% directory is to trick regedit.exe that this is the component that it needs. Therefore, loading the malicious clb.dll into the system. It listens to port 3389/TCP, the port for RCP, for possible
a possible configuration or component file that contains its intended routines and send back information such as host name and IP address: http://{BLOCKED}7s.{BLOCKED}p.net/kys_allow_get.asp?name
The malware uses similar techniques as those of PlugX, like process injection and use of blob file. The malware directly loads the backdoor file located in its command-and-control
could allow remote code execution. This vulnerability exists in an invalid flag reference in several versions of Internet Explorer. Under certain conditions, it is possible to access the invalid flag
This Trojan may be dropped by other malware. It arrives as a component bundled with malware/grayware/spyware packages. It displays fake alerts that warn users of infection. It also displays fake
This Trojan may be hosted on a website and run when a user accesses the said website. It accesses websites to download files. This action allows this malware to possibly add other malware on the
Details This Trojan does the following: Loads and runs the Java class iqtoL__.class (detected as TROJ_JAVA.BW) to allow all possible permissionsin the malware package, which include access to users' files,
Java archive file (.JAR) that is hosted in a malicious Web site. It may connect to remote sites to download possible malicious files. It requires its main component to successfully perform its intended
Trend Micro has received multiple samples of this worm from multiple, independent sources, including customer reports and internal sources. These indicate that this worm poses a high risk to users
file as %system%\drivers\etc\hosts.sam . It opens a hidden instance of iexplore.exe where it injects its dropped component, %windows%\http.dll . It connects to possible malicious sites to send and
saves the files it downloads using the following names: %User Temp%\\{random}.TMP - downloaded file %Current%\\{malware name}.sig - possible configuration file (Note: %User Temp% is the current user's
codes, the configuration file contains additional URL(s) where the malware may connects to, possibly to download and execute other possible malicious file. The downloaded file is saved as %User Temp%\nt
with malicious code(s). Once an unsuspecting user views an infected file it executes possible malicious file in the affected system. Once this compromised file is executed, it executes the component
1.2 for possible failures in synchronization. To continue with the completion of the synchronization, datas are required. You must be connected to the Internet. Variant Information This spyware has the
following: Upon execution, this spyware displays the following window: When translated in English, it says: "For your safety, Itau is updating its iToken device to version 1.2 for possible imperfections in
This backdoor is related to a possible targeted attack. This backdoor arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It may be dropped by other