Search
Keyword: URL
possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Other Details This Trojan deletes itself after
/tmp/.rksu_sysi.lock It connects to the following URL to get the infected machine's download speed: http://ipv4.download.{BLOCKED}band.com/200MB.zip It sends the gathered information to the following URL: http://
unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED
}.{BLOCKED}.201 However as of this writing, the said URL is inaccessible. If a successful connection has been established, the C2 server should reply with the following information: Download links for
a specific file name to proceed with its intended routine. It connects to the following URL to download its component which it will load in its memory and perform its malicious routine: https://d
\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED
\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED
\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED
\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED
link which supposedly points to a success story article. In actual, the URL points to a rogue Finance Reports website with a screenshot of a check amounting to $8,795 highlighted as a sample to tease
}ncessurplus.com/adobe/ NOTES: It checks for the installed Java version. If 1.5 It loads a jar file from the following URL and it passes parameters to it: http://{BLOCKED}ncessurplus.com/topic/accidentally-results-stay.php
}o.{BLOCKED}l/wwo7s?fotos={email address of receiver} http://goo.gl/PVwkU?skype={email address of receiver} http://{BLOCKED}o.{BLOCKED}l/WKyb5?profil={email address of receiver} The URL leads the user
files. As a result, malicious routines of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said
files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to
files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to
URL it accesses is a private IP address. Therefore, it intends to download the file from a host in the Local Area Network (LAN). This file may have been created for testing purposes or the said IP
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Game\ XYDE Url = "{random values}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{30909876-4567-3908-4056-909834565103}\InprocServer32 ThreadingModel =
system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: exec xkey
The reply from the said website may contain other URL where this malware can download other files. This Trojan may be dropped by other malware. It may be unknowingly downloaded by a user while
name}\Local Settings\Temp on Windows 2000, XP, and Server 2003.) NOTES: This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on