PUA.JS.Revizer.AA

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Este malware no tiene ninguna rutina de propagación.

Este malware no tiene ninguna rutina de puerta trasera.

Este malware no tiene ninguna capacidad para robar información.

Se conecta a determinados sitios Web para enviar y recibir información.

Detalles de entrada

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Propagación

Este malware no tiene ninguna rutina de propagación.

Rutina de puerta trasera

Este malware no tiene ninguna rutina de puerta trasera.

Robo de información

Este malware no tiene ninguna capacidad para robar información.

Otros detalles

Se conecta al sitio Web siguiente para enviar y recibir información:

• During launch:
  • (http or https)://{BLOCKED}ch.biz/metric/?mid=&wid=52096={1 or blank}&tid=7854&rid=LAUNCHED&t={time in milliseconds}
• After the script is loaded:
  • If a script element of the current URL contains "1eaefda9f709934a5d{any characters}.js" in its URL source path:
    • (http or https)://{BLOCKED}ch.biz/metric/?mid=&wid=52096={1 or blank}&tid=7854&rid=LOADED&custom1={current hostname}&custom2={first 50 characters of current URL's pathname}&custom3={domain name the script element}&t={time in milliseconds}
  • Else:
    • (http or https)://{BLOCKED}ch.biz/metric/?mid=&wid=52096={1 or blank}&tid=7854&rid=LOADED&custom1={current hostname}&custom2={first 50 characters of current URL's pathname}&t={time in milliseconds}
• If current URL's hostname equal to "{BLOCKED}ysambadresult.in":
  • (http or https)://{BLOCKED}ch.biz/metric/?mid=&wid=52096={1 or blank}&tid=7854&rid=URL_BLACKLISTED&custom1={current hostname}&t={time in milliseconds}
• If current URL ends with the following strings:
  • jpg
  • png
  • jpeg
  • gif
  • bmp
  • pdf
  • xls
  • js
  • xml
  • doc
  • docs
  • txt
  • css
  • It sends information to the following website(s):
    • (http or https)://{BLOCKED}ch.biz/metric/?mid=&wid=52096={1 or blank}&tid=7854&rid=URL_STATICFILE&t={time in milliseconds}
• If current URL's hostname contains any of following strings:
  • paypal.com
  • secure.
  • .gov
  • doubleclick.net
  • addthis.com
  • twitter.com
  • docs.google.com
  • drive.google.com
  • analytics.google.com
  • notifications.google.com
  • It avoids them and sends information to the following website(s):
    • (http or https)://{BLOCKED}ch.biz/metric/?mid=&wid=52096={1 or blank}&tid=7854&rid=URL_IGNOREDOMAIN&t={time in milliseconds}
• If current URL's "link" element equal to "chrome-webstore-item":
  • (http or https)://{BLOCKED}ch.biz/metric/?mid=&wid=52096={1 or blank}&tid=7854&rid=PROMO_ANLZ&custom1={current hostname}&custom2={current URL}&custom3={chrome-website-item link URL}&t={time in milliseconds}
• If an error occured:
  • (http or https)://{BLOCKED}ch.biz/log/?l=error&m={"undefined" or "!empty message!"}|{error message}&t={time in milliseconds}
• If execution is completed without errors:
  • (http or https)://{BLOCKED}ch.biz/metric/?mid=&wid=52096={1 or blank}&tid=7854&rid=FINISHED&custom1={current hostname}&t={time in milliseconds}

Hace lo siguiente:

• Avoids execution in the following domains that contains the following strings:
  • dostup-{any combination of letters}.com
  • freevideodownloader
  • musvk
  • {BLOCKED}ne.xyz
  • {BLOCKED}ock.com
  • {BLOCKED}amedia.tech