Search

Description Name: CVE-2017-0144 - Remote Code Execution - SMB (Request) . This is Trend Micro detection for SMB2 and SMB network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiting thi...

This worm may be downloaded from remote sites by other malware. Arrival Details This worm may be downloaded from remote site(s) by the following malware: WORM_RIMECUD.ZB It may be downloaded from the

This Trojan modifies registry entries to disable various system services. This action prevents most of the system functions to be used. It connects to certain websites to send and receive

This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It uses the Windows Task Scheduler to add a scheduled

This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details

This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes commands from a remote malicious user,

database files web files MS Office files video images script files text files other non-binary files It adds the following registry keys: HKEY_CURRENT_USER\Software\{UID} HKEY_CURRENT_USER\Software\{UID}

This ransomware is delivered as an attached document, via spam email. It disguises itself as a fake Thai customs form. Instead of the usual ransom note, MIRCOP demands to be paid back, assuming

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes the dropped file(s). As a result, malicious

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes the initially executed copy of itself.

This Trojan may be downloaded by other malware/grayware/spyware from remote sites. It modifies the Internet Explorer Zone Settings. It connects to certain websites to send and receive information.

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It does not

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It does not

 jfif ico gif emf dib bmp It renames encrypted files using the following names: {5 to 10 alphanumeric characters}.{2 to 5 alphanumeric characters} It deletes the initially executed copy of itself

FTPInfo MS IE FTP Martin Prikryl Maxprog FTP Disk My FTP NCH Software ClassicFTP NCH Software Fling NetDrive NetSarang NexusFile Nico Mak Computing WinZip Notepad++ NppFTP RhinoSoft FTPVoyager Robo-FTP 3.7

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are

the malware in %temp% folder} HKEY_Current_User\Microsoft\Windows\ CurrentVersion\Run "MS Sound Drivers" = {dropped copy of the malware in %temp% folder} HKEY_Current_User\Microsoft\Windows

This Trojan may be downloaded by other malware/grayware/spyware from remote sites. It modifies the Internet Explorer Zone Settings. It connects to certain websites to send and receive information.