Search
Keyword: browser hijacker
This Trojan does the following: It displays the following images to lure the user and redirect their browser to a malicious link: It redirects user's browser to the following sites: https://{BLOCKED
Trojan does not have rootkit capabilities. Other Details This Trojan does the following: It displays the following images to lure the user and redirect their browser to a malicious link: It redirects
Trojan does not have rootkit capabilities. Other Details This Trojan does the following: It displays the following webpage to lure the user and redirect their browser to a malicious link: It redirects
Trojan does not have rootkit capabilities. Other Details This Trojan does the following: It displays the following webpage to lure the user and redirect their browser to a malicious link: It redirects
Trojan does not have rootkit capabilities. Other Details This Trojan does the following: It displays the following images to lure the user and redirect their browser to a malicious link: It redirects
Trojan does not have rootkit capabilities. Other Details This Trojan does the following: It displays the following images to lure the user and redirect their browser to a malicious link: It redirects
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{8CBD351E-9082-3C2C-ABD2-16304F0F3BCC}
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Autostart Technique This Trojan adds the following registry keys to install itself as a Browser
Chromium Coccoc Comodo Dragon Cool Novo CoreFTP CyberFox DynDNS Elements Browser Epic Privacy Eudora FileZilla FlashFXP Flock Foxmail FTP Commander FTP Navigator IceCat IceDragon IncrediMail Internet
Server 2012.) Other System Modifications This adware adds the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\
\CurrentVersion\Explorer\ Browser Helper Objects\{792e40b2-b594-4631-b629-9900155cdf6f} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{792e40b2-b594-4631-b629-9900155cdf6f} It adds the following registry entries:
\CurrentVersion\Explorer\ Browser Helper Objects\{a6c8d61c-a398-40b8-b2b3-739acbc96262} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{a6c8d61c-a398-40b8-b2b3-739acbc96262} It adds the following registry entries:
Autostart Technique This adware adds the following registry entries to install itself as a Browser Helper Object (BHO): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser
and Current Computer Time User Name Computer Name OS version Running Processes Credentials, Cookies and Autofill Data from the following browsers: 360 Browser 7Star Amigo Brave Bromium CentBrowser
Programs Gathers information from: Browsers: Chromium Based Browsers Gecko Based Browsers FTP Clients: FileZilla Messaging Applications: Telegram VPN: ProtonVPN NordVPN OpenVPN Others: Discord Steam Browser
WarnOnPostRedirect = "0" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Internet Settings\ ZoneMap IEharden = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Internet Explorer\Main DEPOff = "1" Web Browser
keys: HKEY_CURRENT_USER\Software\Binkiland Browser HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Uninstall HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Uninstall\ Binkiland
NOTES: The Possible_SMPATCHBREXJS detection aims to detect browser extension component (normally with filename manifest.json ), where update URL is modified and pointed to hxxps://{BLOCKED}itscan[.
itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating registry keys/entries. It drops copies of itself into all the
This malware gathers various information on the affected device. It may connect to a C&C server to send information gathered. It is capable of setting bookmarks, setting browser homepage, and getting