Search
Keyword: URL
exploits the said vulnerabilities, it connects to the following URL to download malicious files detected by Trend Micro as TROJ_RANSOM.NTW and BKDR_ZACCESS.NTW: http://{Random}.{BLOCKED}ip.name/temp/newyear/
cssrs.exe and System.exe , the malware connects to the following URL using a random port. A remote malicious user will then be able to execute arbitrary commands in the affected system: {BLOCKED}ga.zapto.org
{BLOCKED}6.club96.info/wepay.html When visited, it displays the following message: It then redirects to the following URL: http://{BLOCKED}6.club96.info The said URL then redirects to the following website:
certain vulnerability in Java Runtime Environment. It is part of the Blackhole Exploit kit. This Trojan downloads a possibly malicious file from a certain URL. The URL where this it downloads the said file
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It downloads a file from a certain URL then renames it
information-stealing capability. NOTES: Rootkit Capabilities This malware does not have rootkit capabilities. Other Details It reports system infection by sending IP address and infection time to the following URL via
intended routine. NOTES: It adds the following user accounts to the Administrator group: piress This file accepts a URL as a parameter and downloads it to the mentioned file above and executes it.
the following non-malicious URL to get the IP: http://icanhazip.com Trojan:Win32/Danglo!gmb (Microsoft); Win32/TrojanDownloader.Hancitor.A (ESET-NOD32); RDN/Downloader.a!ti (McAfee); Trojan.Smoaler
8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
all dropped files after execution. As of this writing, the URL http://{BLOCKED}.{BLOCKED}.131.49/upd2/install.exe is inaccessible. W97M/Generic(AVG); MW97:Downloader-AI [Trj](Avast); W97M.Downloader
"rundll32.exe "C:\Users\win7\SoundMax.dll", Launch" Other Details This backdoor connects to the following possibly malicious URL: http://{BLOCKED}.{BLOCKED}.204.227:443/{n} NOTES: The {n} in the URL refers to the
file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: figs hobs Trojan.Maljava (Symantec);
ucp_profile.php It requires its main component to successfully perform its intended routine. NOTES: It connects to the following URL to download the contents of the file that will be used to compute for its crypt
exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its
URL where this malware downloads the said file depends on the parameter passed on to it by its components. BehavesLike.Flash.Exploit.cb (McAfee); Troj/SWFExp-CD (Sophos); SWF/Exploit.ExKit.L (Nod32)
visiting malicious sites. Dropping Routine This Trojan drops the following files: %User Temp%\GID.dat ← required for the downloaded file to work, contains the url to connect (Note: %User Temp% is the user's
pipe to send and receive commands. It connects to the following DNS Server and URL to send and receive information: post.{data}.{random number}.ns1.torayservice.com post.{data}.{random number
browser, it will connect to the URL mentioned above and will display a download window where the user can set the path and filename of the downloaded file manually. NOTES: This malware displays the following
or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected
or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected