Search
Keyword: URL
following file name if it doesn't exist in the %Desktop%: C:/Users/Admoooon/Desktop/TORBrowser.exe It uses the following URL to download the TORBrowser:
following: Connects to the following URL to send encryption key: https://{BLOCKED}s-court.{BLOCKED}h.me/{KEY} However, as of this writing, the said sites are inaccessible. It deletes itself after execution.
following contents: Displays the following: Connects to the following URL to download a file: https://cdn.{BLOCKED}dapp.com/attachments/548593284985913388/548621341654515783/despacito.gif It requires the
dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored
Windows Vista, 7, and 8.) Other Details This Trojan does the following: It connects to the following URL to download and execute code in memory: https://{BLOCKED}er.com/image.rar The document contains the
NOTES: The user is able to customize the following: URL where the stole information will be sent E-mail address where the stolen information will be sent Icon to be use by the generated file Whether or not
files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to
files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to
\Temp on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware
Routine This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: a
exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its
from the following URL and renames the file when stored in the affected system: http://{BLOCKED}ource.com/i39xms It saves the files it downloads using the following names: %User Temp%
Trojan takes advantage of the following software vulnerabilities to download possibly malicious files: CVE-2013-1493 It downloads a possibly malicious file from a certain URL. The URL where this malware
writing, the said sites are inaccessible. NOTES: This backdoor sends the following information to the URL upon connection: Computer Name Current User Name OS Version Volume Information It saves the file it
of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter
" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\URL SystemMgr = "Del" Other Details This Trojan deletes itself after execution. This report is generated via an automated analysis system.
from the following URL and renames the file when stored in the affected system: http://{BLOCKED}s.com/v9puv4 http://{BLOCKED}il.no/yzky84 http://{BLOCKED}chuster.at/jxchtnpd It saves the files it
Trojan does not have any propagation routine. Backdoor Routine This Trojan does not have any backdoor routine. Download Routine This Trojan downloads the file from the following URL and renames the file
Trojan does not have any propagation routine. Backdoor Routine This Trojan does not have any backdoor routine. Download Routine This Trojan downloads the file from the following URL and renames the file
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It downloads a file from a certain URL then renames it