Search
Keyword: browser hijacker
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\explorer\ Browser Helper Objects\{0B5EC4A2-489E-456B-9E2C-73A5C666A24F}
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\explorer\ Browser Helper Objects\{995F8105-DF5B-41C7-904A-E2B468CA8F1A}
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\explorer\ Browser Helper Objects\{839741A2-B652-4685-A461-481D90915C0F}
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\explorer\ Browser Helper Objects\{2B907C4B-1311-4D9A-B950-7805000785A5}
\FireFox Description = "FireFox Browser Driver" Other Details This Trojan connects to the following possibly malicious URL: http://www.{BLOCKED}ya.com/din.htm It deletes itself after execution. This report
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{3C67828F-33E1-4407-AE8B-DD078B2A3444}
\winspool.sampleclass\Clsid HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ Ext\CLSID
every time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\explorer\ Browser Helper Objects\
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\explorer\ Browser Helper Objects\{56610F97-C71D-4DA4-B29D-4A914746C7CD}
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\explorer\ Browser Helper Objects\{53B50C5B-A8B9-4CCC-A06F-BBA6DC4A3F78}
\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\Browser Helper Objects\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}\ C:\windows\system32\msmsgs.exe %System%\ConfigEx.dll (Note: %System% is the Windows system
connects to the following websites to send and receive information: http://www.{BLOCKED}n.com/65/nua.php http://{BLOCKED}teronline.in/ Web Browser Home Page and Search Page Modification This Trojan modifies
. The Trojan checks if the browser used is any of the following: Chrome Firefox Internet Explorer It also checks for the following Flash Player ActiveX Control versions: 10.3.181.14 10.3.181.22
networks: Android Browser Same Origin Policy Bypass Vulnerability (CVE-2014-6041) It propagates via social networking sites by sending malicious links to all the user's contacts. The said links point to a
user's browser with a vulnerable version of Adobe Flash loads a specially-crafted Adobe Flash file. This exploit Adobe Flash file allows remote arbitrary code to execute on the affected system. Thus,
\CurrentVersion\Explorer\ Browser Helper Objects HKEY_CLASSES_ROOT\CLSID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ Ext\CLSID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
automatic execution every time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\
\shell32.dll,-30596" Propagation This worm drops the following copy(ies) of itself in all removable drives: {Drive Letter}:\SAM_17122.JPG.jse Web Browser Home Page and Search Page Modification This worm modifies the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Policies\ Ext\CLSID It adds the following registry entries:
\ Services\GbpKm HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000} This report is generated via an automated analysis system.