Search
Keyword: URL
downloaded manually by accessing the malicious URL above. It does not exploit any vulnerability. JS.Downloader (Symantec) Downloaded from the Internet, Dropped by other malware Connects to URLs/IPs, Downloads
name} on Windows Vista and 7.) Other Details This Ransomware does the following: This Ransomware connects to the following malicious URL to create and send encryption keys: http://{BLOCKED
contains the following URL which was not used by its functions: http://thanhlong.{BLOCKED}e.com.vn/mediacenter/hk2.php?info= http://thanhlong.jujube.com.vn/mediacenter/hk2.php?info= --> Ransomware Routine
visiting malicious sites. Installation This Trojan drops the following files: %Windows%\System\msinfo.exe -> Detected as Trojan.Win32.SHELMA.AMC %Windows%\System\upslist.txt -> Contains list of URL to
when visiting malicious sites. Other Details This Coinminer does the following: It accepts the following parameters: -a, --algo=ALGO → cryptonight (default) or cryptonight-lite -o, --url=URL → URL of
information gathered to a specific URL It locks the screen and displays the following image: Ransomware Routine This Ransomware leaves text files that serve as ransom notes containing the following text:
does not have rootkit capabilities. Information Theft This Trojan does not have any information-stealing capability. Other Details This Trojan does the following: It connects to the following URL to
\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} DisplayName = "Search" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} URL =
Print Commands (OPENURL) - Opens a URL using a hidden browser (POST) - Sends POST floods (QUIT) - Terminate itself (SHELL EXEC) - Executes shell command (SPEEDTEST) - check connection speed
URL to send the gathered information: wordpress.{BLOCKED}log.net:3360 Win32/Spy.Agent.NYU trojan (ESET) Downloaded from the Internet, Dropped by other malware Connects to URLs/IPs
(DOWNLOAD) - Downloads and execute arbitrary file (EXEC) - Executes command (GET) - Sends GET floods (HELP) - Print Commands (OPENURL) - Opens a URL using a hidden browser (POST) - Sends POST floods (QUIT) -
monero cryptocurrency (XMR) and it requires credentials for the mining server. It accepts the following parameters: -a, --algo=ALGO → cryptonight (default) or cryptonight-lite -o, --url=URL → URL of mining
folder to view files using Windows Explorer Backdoor Routine This worm executes the following commands from a remote malicious user: Download and execute file Propagate via USB drives Visit a URL It
said registry entry is {User Preference} .) Information Theft This spyware gathers the following data: Chrome-stored username Chrome-stored password Chrome-stored origin url Other Details This spyware
" in its filename. A ransom message is contained in the file LUTFEN_OKUYUN.inf . It may connect to the following URL to download the key used in encrypting the files: https://{BLOCKED
Information Theft This backdoor gathers the following information on the affected computer: Computer Name OS Version RAM NOTES: This backdoor pings the following URL to get its IP address where it connects to
Trojan does not have any backdoor routine. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: https://{BLOCKED
XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming on Windows Vista and 7.) NOTES: It connects to the following URL to log infection to malware server: http://{BLOCKED}venturoso.com.br/log.php
Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system:
{domain name to access} Content-Length: {length of information to send} {encrypted information} It uses the URL /{BLOCKED}fqwbio0sa when accessing the malicious sites. None Downloaded from the Internet