Search
Keyword: trojan backdoor
\CurrentVersion\Explorer\ ShellExecuteHooks {AEB6717E-7E19-11d0-97EE-00C04FD91972} = "" Propagation This Trojan Spy does not have any propagation routine. Backdoor Routine This Trojan Spy does not have any backdoor
" HKEY_CURRENT_USER\Software\Microsoft\ Installer\Products\B{Volume Serial Number} SH3 = "{C&C server}" Propagation This Trojan does not have any propagation routine. Backdoor Routine This Trojan does not have any
have any backdoor routine. It deletes the initially executed copy of itself. Arrival Details This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by
(32-bit), 2000(32-bit) and XP.) Propagation This Trojan Spy does not have any propagation routine. Backdoor Routine This Trojan Spy does not have any backdoor routine. Rootkit Capabilities This Trojan Spy
campaigns by threat actors. Remcos is a sophisticated remote access Trojan (RAT) that can be used to fully control and monitor machines running on Windows XP and later. Attackers use a social engineering
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It executes
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It runs certain commands that it receives remotely
entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run iexplore = {malware path and file name} Backdoor Routine This Trojan
TcpNumConnections = "fffe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\BITS id = "{32 numbers}" Backdoor Routine This Trojan connects to the following websites to send and receive information:
modifies the following file(s): It encrypts files and appends the extension .coin Backdoor Routine This Trojan connects to the following websites to send and receive information: http://{BLOCKED}.{BLOCKED
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ WBEM UpdateNew = "{hex values}" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ WBEM uid = "unknow" Backdoor Routine This Trojan opens the following ports: 8392 Other Details This Trojan
a file downloaded unknowingly by users when visiting malicious sites. Backdoor Routine This Trojan executes the following command(s) from a remote malicious user: May execute files with the following
Backdoor Routine This Trojan Spy executes the following commands from a remote malicious user: Enable and Disable a Specific Malicious Function Collect Host IP Info Delete File Take Screenshot It connects to
HKEY_CURRENT_USER\Software\Microsoft\ {random} {random name} = "{data}" Backdoor Routine This Trojan connects to the following websites to send and receive information: http://d{BLOCKED}se.com/z{BLOCKED}i/index.php
\Microsoft\ Windows NT\CurrentVersion\SvcHost\ netsvcs Dncp = "" HKLM\SYSTEM\CurrentControlSet\ Services\Dncp\Parameters ServiceDll = "{malware path}\McAltLib.dll" Backdoor Routine This Trojan connects to the
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It does not