Search
Keyword: URL
website. Download Routine This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its
It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Exploit:Java/CVE-2012-1723
}rfume.info/aprilprank/ After attempting to play the video, it prompts the user to login. This information is sent to the URL below: http://{BLOCKED}.{BLOCKED}.144.82/log.php?email={email}&pass={password}
vulnerability, this malware connects to a certain URL to possibly download other malicious files. This Trojan takes advantage of certain vulnerabilities. Arrival Details This Trojan may be downloaded from the
certain URL and saves it using a random file name. The URL, however, is not specified in the code. The downloaded file is then executed, thus, the malicious behaviors of the said file are also exhibited in
This backdoor connects to a certain URL to send and receive commands from a remote malicious user. This backdoor arrives on a system as a file dropped by other malware or as a file downloaded
files. As a result, malicious routines of the downloaded files are exhibited on the affected system. As of this writing, the said sites are inaccessible. NOTES: It also downloads the file from the URL
URL. Otherwise, it terminates itself.
The URL where this malware downloads the said file depends on the parameter passed on to it by its components.
Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}e.googleapis.com/test234234/xvplayer.exe It saves the files it
URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Other Details This Trojan requires its main component to successfully perform its
backdoor requires its main component to successfully perform its intended routine. NOTES: The dropped file in %User Temp% and the URL connection depends on the parameters passed to its components.
website. Download Routine This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its
intended routine. NOTES: It may connect to the following possibly malicious URL: http://www.{BLOCKED}u.com.tzsnxx.com:801/iclk/?zoneid=250873&uid=80358 This URL may redirect to different possibly malicious
However, as of this writing, the said sites are inaccessible. NOTES: This malware opens Internet Explorer and connects to the URL when VIEW PDF FILE is clicked. Spammed via email, Downloaded from the
website and run when a user accesses the said website. Other Details This Trojan does the following: The Trojan connects to the following possibly malicious URL after clicking the submit button: {Host
a miner for Monero cryptocurrency. Connects to the following URL to execute the miner: https://{BLOCKED}ve.com/lib/coinhive.min.js Wallet ID: {BLOCKED}qgAWYv1XDwA4a0e732i02WyoUx PUA.JScoinminer
document. If user clicks on any of the image, it accesses the following URL to download a file: https://{BLOCKED}v.com/ugo/Purchase%20Contract.zip The downloaded file is saved as Purchase Contract.zip in the
following: Downloads a script from the following URL and executes it: http://{BLOCKED}.{BLOCKED}.177.253:8080/index.asp It executes the following powershell commands: powershell.exe -NoP -sta -NonI -W Hidden
It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: hitFon
CVE-2009-1839 Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access