Search

Displays a window when executed: Reads data from config file for the URL and Filename to be used in its download routine Trojan.Win32.Badur.htyo (Baidu-International), Trojan.Badur! (Agnitum),

the malicious link http://yxtz7.{BLOCKED}t.me : Upon clicking the link, it accesses the URL http://yxtz7.{BLOCKED}t.me/{url path} , which displays a fake Microsoft Office Outlook Web Access page. The

password: Sends the gathered credentials to the following URL via HTTP POST: http://{BLOCKED}ssportcom.com/ostoj1/next.php Connects to the following URL(s) to display the fake document: http://{BLOCKED

Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the

Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the

Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the

Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the

Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\URL SystemMgr = "Del" This report is generated via an automated analysis system. PWS:Win32/Magania.BQ (Microsoft); PWS-Gamania.gen.e (McAfee); Trojan.Gen

Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the

Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the

Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the

Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the

Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the

Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the

Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the

Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the

Description Name: Data-stealing malware - URL used for callbacks and downloads - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Command and Control Communication. This also indica...

Description Name: Suspicious URL - IM . This is Trend Micro detection for packets passing through MSN and instant messaging network protocols that can be used as Point of Entry or Lateral Movement. This also indicates a malware infection. Below are s...

Description Name: Suspicious URL - HTTP (Request) - Variant 1 . This is Trend Micro detection for packets passing through any network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are ...