Search
Keyword: os2
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\googleupdate Start = "2" It adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft
}/0/ http://{BLOCKED}2.{BLOCKED}3.35.133:{random port}/1401_11/{computer name of affected system}/{value}/{value}/{value} It reports the following information of the affected system: Computer Name OS
keyboard and mouse activities Logs the user off Manipulate registry Get OS Version Get Host Name Shutdown Computer Open/Close a printer - Print a document Send stolen information It connects to the following
}dirom.ru/ls5/forum.php It posts the following information to its command and control (C&C) server: Machine GUID Computer Name Account Name Public IP Address OS Version The information are posted to the server in the
disable the Task Manager: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\ System DisableTaskMgr = "2" Backdoor Routine This Backdoor executes the following command(s) from a remote
following data: Computer Name OS Version Service Pack Other Details This Trojan connects to the following URL(s) to get the affected system's IP address: http://icanhazip.com/ It does the following: This
following data: Host Name Public IP Address Computer Name OS Version OS Platform User Accounts System Info(CPU, Memory, No. of Processors) Installed programs Services Other Details This backdoor connects to
retrieves the country code by accessing the following URL: http://ip-api.com/json/?fields=countryCode It gathers the following information and reports it to its servers: List of encrypted files Windows OS
encrypted files OS architecture (if 64bit) victim ID NOTES: It prevents to encrypt files containing any of the strings in its full path name: AppData Application Data Program Files temp $Recycle.Bin System