Search
Keyword: usoj_proxy.bcw
PROXY malware is known to act as a proxy server, allowing remote malicious users to utilize the affected systems in order to hide their identities when performing malicious activities. Its variants
shell commands Enumerate files and directories Read files Get user name Get computer name Get OS type and version Get processor information Get drive information Get and use proxy settings Sleep for an
Perform remote shell commands Enumerate files and directories Read files Get user name Get computer name Get OS type and version Get processor information Get drive information Get and use proxy settings
Perform remote shell commands Enumerate files and directories Read files Get user name Get computer name Get OS type and version Get processor information Get drive information Get and use proxy settings
shell commands Enumerate files and directories Read files Get user name Get computer name Get OS type and version Get processor information Get drive information Get and use proxy settings Sleep for an
shell commands Enumerate files and directories Read files Get user name Get computer name Get OS type and version Get processor information Get drive information Get and use proxy settings Sleep for an
version Get processor information Get drive information Get adapters information Get and use proxy settings Sleep for an amount of time It connects to the following URL(s) to send and receive commands from
shell commands Enumerate files and directories Read files Get user name Get computer name Get OS type and version Get processor information Get drive information Get and use proxy settings Sleep for an
{Encrypted Information}{Date and Time of Connection} It posts the following information to its command and control (C&C) server: Computer Name Local IP Address Proxy Server IP and Port Malware ID However, as
This adware may arrive bundled with malware packages as a malware component. It may be manually installed by a user. As of this writing, the said sites are inaccessible. Arrival Details This adware
Trojan steals the following information: Computer Name Explorer File Version Network Proxy Settings Network Proxy HTTP Network Proxy HTTP port Network Proxy FTP Network Proxy Auto Configuration (It steals
execute arbitrary files Use proxy server settings of current user Delete Arbitrary File Upload Files Perform Remote Shell Load a file using LoadLibrary Search Files Gather Proxy Settings Enumerate Processes
computer that employs a proxy by reading proxy-related registry entries. If it finds one, it employs the user's proxy server settings to connect to its C&C server. It does not have rootkit capabilities. It
the target URL. -u URL | --url=URL → Target URL. --url-reload → Reload target URL after command execution. -l LOGFILE → Parse target from HTTP proxy log file. -m BULKFILE → Scan multiple targets given
data: Proxy Server IP and Port Host Name Local IP Address OS Version NOTES: It does not have rootkit capabilities. It does not exploit any vulnerability. Trojan-Downloader.Win32.Agent (Sunbelt),
the following files: %User Temp%\mafcss.exe - also detected as TROJ_PROXY.AXA %User Temp%\{random}.doc - Normal Document %User Profile%\APPLICATION DATA\MICROSOFT\Plugins\ntuser.n1s - Proxy
system. Other Details It checks if the system has a proxy enabled by querying the registries below: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ProxyEnable ProxyServer
there are open windows that contain any of the following strings: ollydbg Process Explorer Process Hacker Process Monitor SoftICE W32Dasm Wireshark It finds a user of the computer that employs a proxy by
said sites are inaccessible. Information Theft This backdoor gathers the following data: Host Name Local IP Address OS Version Proxy Server IP and Port NOTES: It does not have rootkit capabilities. It
Computer Name Kernel32.dll File Version Network Proxy Settings Network Proxy HTTP Network Proxy HTTP port Network Proxy FTP Network Proxy Auto Configuration Windows Credentials Other Details This backdoor