Search
Keyword: browser hijacker
NOTES: Backdoor Routine This backdoor starts a hidden default browser. It injects codes in the hidden default browser to perform its backdoor routines. It connects to email-dns.{BLOCKED}s-blog.com at port
capability. Other Details This backdoor deletes the initially executed copy of itself NOTES: This backdoor starts a hidden default browser. It injects codes in the hidden default browser to perform its backdoor
also utilize malware and browser attacks in the past to steal cookies. They do this to impersonate users on the websites they frequent, ‘fooling’ the website into automatically providing the compromised
\MSNComms32.dll,CRLnetInterval rasnetppm NOTES: This Trojan comes with an installer that executes its DLL component. The DLL component is injected to a browser process to monitor search requests from the following search engines:
}.exe Web Browser Home Page and Search Page Modification This spyware modifies the Internet Explorer Zone Settings. Other Details This spyware deletes itself after execution. PWS:Win32/Zbot (Microsoft),
\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{6C26A577-FBE2-4428-A567-503A9CC5AD10} NoExplorer = "1" Other System Modifications This spyware adds the following registry entries:
also utilize malware and browser attacks in the past to steal cookies. They do this to impersonate users on the websites they frequent, ‘fooling’ the website into automatically providing the compromised
\SOFTWARE\Microsoft\ Internet Explorer\Main Enable Browser Extensions = "yes" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Schedule AtTaskMaxHours = "48" Other Details This Trojan connects to the
\StandardProfile\AuthorizedApplications\ List %Windows%\explorer.exe = "%Windows%\explorer.exe:*:Enabled" Web Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer Zone Settings.
Details This Trojan is a zero-day exploit for the following vulnerability: CVE-2015-0311 NOTES: Once a compromised website is visited, the user's browser with a vulnerable version of Adobe Flash loads a
registry keys: HKEY_LOCAL_MACHINE\Software\Classes\ MJ HKEY_CLASSES_ROOT\MJ Web Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer Zone Settings. Dropping Routine This
Identity Ordinal = "2" (Note: The default value data of the said registry entry is 1 .) Web Browser Home Page and Search Page Modification This spyware modifies the Internet Explorer Zone Settings. Other
\Microsoft\ Windows\CurrentVersion\explorer\ Browser Helper Objects\{B1D3576A-CA42-4D09-83C1-15D563C19D71} Other System Modifications This spyware adds the following registry keys: HKEY_CLASSES_ROOT\CLSID\
installation routine: HKEY_CURRENT_USER\Software\Microsoft\ {random} Web Browser Home Page and Search Page Modification This spyware modifies the Internet Explorer Zone Settings. Information Theft This spyware
\ Windows\CurrentVersion\Explorer\ Browser Helper Objects NoExplorer = "1" Dropping Routine This Trojan drops the following files: %System Root%\temp\errotemp.tmp %User Profile%\ognhbbkl\ognhbbkl.dll (Note:
{D88010C6-6CDF-4515-93F5-7B7BAD8B1826} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{D88010C6-6CDF-4515-93F5-7B7BAD8B1826} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT
\Microsoft\ Windows\CurrentVersion\policies\ system EnableLUA = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects NoExplorer = "1" Dropping Routine This Trojan
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{D064D15F-F40D-4234-8C66-FE1B8D7297FF}
\Microsoft\ Windows\CurrentVersion\policies\ system EnableLUA = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects NoExplorer = "1" Dropping Routine This Trojan
hex number 2}{type identifier byte: "1"=recv, "2"=send}{random string or encrypted user data} Web Browser Home Page and Search Page Modification This Backdoor modifies the Internet Explorer Zone