Search

malware/grayware or malicious users. NOTES: This malware contains a malicious CPL file that may cause harm to your system when executed. TrojanDownloader:Win32/Retefe.A (Microsoft)

execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Windows Firewall Cpl = "{malware path and file name}" This report is generated via an automated analysis

This spyware adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Windows Firewall Cpl = "

This spyware adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Windows Firewall Cpl = "

Description Name: CPL File Transfer detected . This is Trend Micro detection for packets passing through any network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior:Suspiciou...

Application drops the following files: %User Temp%\7ZipSfx.000\Tools\imdisk\cpl\amd64\imdisk.cpl %User Temp%\7ZipSfx.000\Tools\imdisk\cpl\i386\imdisk.cpl %User Temp%\7ZipSfx.000\Tools\x86\offreg.old %User Temp%

encrypting files with the following file extensions: cmd ani adv msi msp com nls ocx mpa cpl mod hta prf rtp rdp bin shs wpx bat rom msc spl ics key exe dll UDS:Trojan-Ransom.OSX.Agent.gen (KASPERSKY) Dropped

note: !!_FILES_ENCRYPTED_.txt It avoids encrypting files with the following file extensions: ani ax bat cab cmd cpl cur deskthemepack diagcab diagpkg dll drv exe hlp hta icl icns ico ics idx inf lnk mod

avoids encrypting files with the following file extensions: sys exe dll bat bin cmd com cpl gadget inf1 ins inx isu job jse lnk msc msi mst paf pif rgs scr sct shb shs u3p vb vbe vbs vbscript ws wsh wsf

CAB cab CMD cmd COM com cpl CPL exe EXE ini INI dll DLL lnk LNK url URL ttf TTF DECRYPT.txt It avoids encrypting files with the following strings in their file path: $RECYCLE.BIN rsa NTDETECT.COM ntldr

Windows Firewall Cpl = "{malware path and file name}" Dropping Routine This spyware drops the following files: %Desktop%\208031.LNK %User Profile%\My Documents\001120.bat %User Profile%\Cookies

\Run Windows Firewall Cpl = "{malware path and file name}" Dropping Routine This spyware drops the following files: %Desktop%\414110.LNK %User Profile%\My Documents\121112.bat %User Profile%\Cookies

Windows Firewall Cpl = "{malware path and file name}" Dropping Routine This Trojan drops the following files: %Desktop%\402711.LNK %User Profile%\My Documents\444027.bat %User Profile%\Cookies

Windows Firewall Cpl = "{malware path and file name}" Dropping Routine This Trojan drops the following files: %Desktop%\103911.LNK %User Profile%\My Documents\495321.bat %User Profile%\Cookies

drops the following file(s) as ransom note: {All affected directories}\readme.pdf It avoids encrypting files with the following file extensions: 386 adv ani bat bin blf cab cmd com cpl cur dat

\Run Windows Firewall Cpl = "{malware path and file name}" Dropping Routine This Trojan drops the following files: %Desktop%\051112.LNK %User Profile%\My Documents\205111.bat %User Profile%\Cookies

\Run Windows Firewall Cpl = "{malware path and file name}" Dropping Routine This spyware drops the following files: %Desktop%\111222.LNK %User Profile%\My Documents\442411.bat %User Profile%\Cookies

following extensions: enc exe lnk dll lib dat ini sys shs gadget idx scr etl cdf-ms lock manifest key evtx blf cdfs sfcache man mui ocx bat cat pdb sif sfc mdmp dmp drv cpl nls vtd gpd grp evt conf dev msc

following extensions: enc exe lnk dll lib dat ini sys shs gadget idx scr etl cdf-ms lock manifest key evtx blf cdfs sfcache man mui ocx bat cat pdb sif sfc mdmp dmp drv cpl nls vtd gpd grp evt conf dev msc

following extensions: enc exe lnk dll lib dat ini sys shs gadget idx scr etl cdf-ms lock manifest key evtx blf cdfs sfcache man mui ocx bat cat pdb sif sfc mdmp dmp drv cpl nls vtd gpd grp evt conf dev msc