Search
Keyword: usojan.perl.malxmr.uwejs
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be dropped by other malware. It deletes
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes commands from a remote malicious user,
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
)\fake_drive (C: or D:)\perl (C: or D:)\strawberry (C: or D:)\targets.xls (C: or D:)\tsl (C: or D:)\wget.exe (C: or D:)\python Renames the following file after execution: %User Temp%\IXP000.TMP
\CurrentVersion\Explorer\ FileExts\.otf\OpenWithProgids\ otffile HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ FileExts\.pl\OpenWithProgids\ Perl HKEY_CURRENT_USER\Software\Microsoft
substrings: smpl vir malw test troj It terminates itself if any of the following user name(s) are found in the affected system: luser perl python trace dump It searches for itself in the following autostart
following user name(s) are found in the affected system: luser perl python trace dump It gathers the following information and reports it to its servers: Malware ID Filepath and Name of the log file OS
deletes the initially executed copy of itself It terminates itself if any of the following user name(s) are found in the affected system: luser perl python trace dump It gathers the following information
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It steals certain information from the system and/or
malicious script. It does the following: It checks if it's running in Windows or NixOS May execute an obfuscated PERL script that is used for back connection It requires certain parameters such as ip and port
HyperVisor VMwareVMware → VMware XenVMMXenVMM → Xen's HyperVisor prl hyperv → Perl HyperVisor KVMKVMKVM → Kernel-based Virtual Machine GenuineIntel Checks for the following AV related process: avastsvc.exe
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files found in specific folders. Arrival
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
%Program Files%\PDFCreator\COM\MS Office\is-{Random Characters}.tmp %Program Files%\PDFCreator\COM\Perl\is-{Random Characters}.tmp %Program Files%\PDFCreator\COM\Python\is-{Random Characters}.tmp %Program
%system root%\$recycle.bin\{malware file name}.exe %all users profile%\{malware file name}.exe %system root%\documents and settings\{malware file name}.exe %system root%\perl\{malware file name}.exe
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
curl status wget status oracle status mssql status perl status python status ruby status gcc status java status List of Drives IP server admin OS Version OS Name php version php sapi name traceroute Disk
), Windows Server 2008, and Windows Server 2012.) It deletes the initially executed copy of itself It terminates itself if any of the following user name(s) are found in the affected system: luser perl
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes commands from a remote malicious user,
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes commands from a remote malicious user,