Search
Keyword: URL
does not have any propagation routine. Backdoor Routine This backdoor executes the following commands from a remote malicious user: Download a file Execute downloaded file Get URL to download Sleep for 5
posting messages in the aforementioned sites. The messages posted may contain a URL that leads to its copy. Worm Spreads via Facebook Private Messages, Instant Messengers Downloaded from the Internet,
GlobalUserOffline = 0 NOTES: It connects to the following URL to inform the remote user about its installation: http://{BLOCKED}.137.85/xml?a=2003&ip=self&kw= TrojanDownloader:Win32/Tracur.AG (Microsoft) Connects to
information, and the URL where it sends its stolen data.
\tus5A0A.txt . It also connects to the URL {BLOCKED.{BLOCKED}.100/0502uk12/{computername}/0/{OS Version}-{Service Pack}/0/ to send information. The following information are posted: Computer name Operating
downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}3.{BLOCKED}1.28.235/kwefewef/fgdsee/dxzq.jpg It saves the files it downloads using the
{random numbers} Information Theft This backdoor gathers the following data: User name Computer name OS type and version Processor information Drive information NOTES: In the URL it connects to, {uri} may
List of strings it will monitor usually related to banking URL to send stolen information Stolen Information This spyware sends the gathered information via HTTP POST to the following URL: http://
downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed
applications. It is an installer package for New Player application. This adware connects to the following URL to get the data it will display on its installer: http://{BLOCKED}.mxp{version}.com/{random value} It
specify the algorithm to use scrypt scrypt(1024, 1, 1) (default) sha256d SHA-256d -o, --url=URL URL of mining server (default: http://127.0.0.1:9332/) -O, --userpass=U:P username:password pair for mining
NOTES: It connects to the following URL to report its installation: http://api.{BLOCKED}right.com/rs This adware may display advertisements such as popups and banners in browsers. This adware accepts the
of this writing, the files to be downloaded are not available in the server It connects to the following URL to report system information: http://{BLOCKED}neiro1.{BLOCKED}dagemdesites.ws/cisco.asp
downloaded url file name}[1].txt - (example: %Temporary Internet Files%\Content.IE5\{random}\discreteness[1].txt) (Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and
\Explorer\ Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012} @ = "" HKEY_CURRENT_USER\Software\AppDataLow\ BHOinit url = "http://{BLOCKED}pickupforu.com/dgabbana/ " HKEY_CURRENT_USER\Software
pool cryptonight/2 cryptonight/half cryptonight/xtlv9 cryptonight/wow -wownero pool cryptonight/r -o, --url=URL = URL of mining server -O, --userpass=U:P = username:password pair for mining server -u,
the following: Connects to the following URL to download a file: http://{BLOCKED}o.{BLOCKED}ntabros.com/78234.bin Shows the following: executes the following commands to download and execute a file:
content details backup paths password usernames Other Details This Trojan Spy does the following: It connect to the following url to receives instructions with an encoded public network range to scan:
which connects to the URL https://{BLOCKED}r.ru/ Trojan.Win32.Hesv.cmfp (KASPERSKY), Ransom.MyLittleRansom (NORTON), Mal/Cryptear-A (SOPHOS_LITE) Dropped by other malware, Downloaded from the Internet
the file from the following URL and renames the file when stored in the affected system: https://{BLOCKED}e.ibb.co/kO6xZ6/insane_uriel_by_urielstock_3.jpg Other Details This Ransomware connects to the