Search
Keyword: URL
user accesses the said website. NOTES: This is the Trend Micro detection for Java files used as a component of another malware. It is used to download files. A URL where a possible malicious file is
URL: http://www.{BLOCKED}rm.com/wzandoom.php?tp=4a5accc3be44aa74 Currently, the above-mentioned URL is inaccessible.
The URL where this malware downloads the said file depends on the parameter passed on to it by its components. It determines the type of the downloaded file, whether .EXE or .DLL, and saved it as
}fc.{BLOCKED}a.pl/showthread.php?t=142286 http://bsfgbvsfc.osa.pl/showthread.php?t=142286 --> The said URL redirects to: http://www.{BLOCKED}e.pl/index.html http://www.bee.pl/index.html --> It then
possibly malicious file into the system. It saves the downloaded file as %User Temp%\best.exe . However, the URL where the file is downloaded is not found in the code of the malicious Java class file. (Note:
which attempts to access the url http://{BLOCKED}er.{BLOCKED}a.pl to download and execute possibly malicious file. The downloaded file is usually saved as %User Temp%\add.exe. As a a result, routines of
website and run when a user accesses the said website. Download Routine This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
vulnerability, this malware connects to a certain URL to possibly download other malicious files. This Trojan may be hosted on a website and run when a user accesses the said website. It requires its main
\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed
NOTES: This Trojan is used to create a network traffic as transport device interface for the URL {BLOCKED}new.{BLOCKED}google.com. It may connect to the following: {BLOCKED}2.4.{BLOCKED}3.78 on ports 80,
The URL where this malware downloads the said file depends on the parameter passed on to it by its components.
file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Other Details This Trojan requires the existence of the following
following argument: -o forest.confidecn.com:443 -u forest1 -p x -t 1 --donate-leve=1 --nicehash where: -o - URL of mining server -u - username for mining server -p - password for mining server -t - number of
script: https://i.{BLOCKED}r.com/96vV0YR.png http://oi65.{BLOCKED}c.com/2z8thcz.jpg Connects to the following URL to check the country of the IP address: https://{BLOCKED}o.io/country The malware does not
support is enabled It uses the system's central processing unit(CPU) resources to mine for cryptocurrency. This behavior makes the system run abnormally slow. Connects to the following URL for coinmining
clr.txt → Contains the URL that will download additional malicious files. %Windows%\system\cabs.exe → detected as Backdoor.Win32.MIRAI.MJY %Temp%\v.exe → detected as Trojan.Win32.DISKWRITE.AA (Note:
password: Sends the gathered credentials to the following URL via HTTP POST: http://{BLOCKED}gdom.com/ost/next.php Connects to the following URL(s) to display the fake document: http://{BLOCKED
writing, the said site is inaccessible. --> NOTES: This Trojan shows the following fake message and URL inside the PDF, tricking the users to click on the link:
message and URL inside the PDF, tricking users to click on the link: Dropped by other malware, Spammed via email Connects to URLs/IPs
message and URL inside the PDF, tricking users to click on the link: PDF/Phishing.A.Gen trojan (NOD32) Spammed via email, Dropped by other malware Connects to URLs/IPs