Search
Keyword: gif
This is the site where PE_SALITY.RL downloads other malicious files.
This is the site where PE_SALITY.RL downloads other possible malicious files.
using the following names: %User Temp%\vac.gif - encrypted GIF file detected as TROJ_EMBED.BF (Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}
Contact Us button is clicked: Ransomware Routine This Ransomware encrypts files with the following extensions: 3gp aac aiff ape avi bmp csv db dbf doc docx epub flac flv gif iso jpeg jpg json m4a m4v md mdb
subject = {computername} Drone It searches for target files in fixed drives. It gets information of its targeted files that: Do not end in the following file extensions: bmp png jpg jpeg gif tiff psd tga
asm asp aspx avi awk bas bat bmp c cs cls clw cmd cpp csproj css ctl cxx def dep dlg dsp dsw eps f f77 f90 f95 fla flac frm gif h hpp hta htm html hxx ico idl inc ini inl java jpeg jpg js la mak
Trojan drops the following files: %User Temp%\TempFolder.aaa\Macromedia.lok %User Temp%\TempFolder.aaa\xtras\Animated GIF Asset.x32 %User Temp%\TempFolder.aaa\xtras\DirectSound.x32 %User Temp%
\ Configuration {random numbers} = "{random hex values}" File Infection This Trojan avoids infecting the following file types: avi wav mp3 gif ico png bmp inf manifest chm log ini tmp lnk cmd bat scr msi sys dll
2003, and C:\ProgramData in Windows Vista and 7.) NOTES: This Trojan encrypts files with size greater than or equal to 1024 bytes except for the files with the following extension: avi wav mp3 gif ico png
DOT dotm dotx fla flv frm gif gpg hwp ibd jar java jpeg jpg key lay lay6 ldf max mdb mdf mid mkv mml mov mpeg mpg ms11 MYD MYI NEF odb odg odp ods odt otg otp ots ott PAQ pas pdf pem php png pot potm
following website to send and receive information: https://{BLOCKED}heck.com/images/{random path}.{jpeg | gif | bmp} https://{BLOCKED}la.com/images/{random path}.{jpeg | gif | bmp} It does the following:
filename}.{random extension} where {random extension} may any of the following: txt rtf doc chm hlp ttf pdf fb2 xls ppt mdb cda wav wma mp3 avi mpg mdv flv swf wmv vob bmp gif jpg png iso mdf mds bin dat nrg
xls jpg jpe bmp gif tif png This malware drops .LNK files in removable drives that point to a copy of itself. This is done to trick users into clicking the shorcut files and execute the malware copy.
xlsb xlsm xlt xltm xltx xlw xml asp bat brd c cmd dch dip jar js rb sch sh vbs 3g2 fla m4u swf bmp cgm djv gif nef png db dbf frm ibd ldf myd myi onenotec2 sqlite3 sqlitedb paq tbk tgz 3dm asc lay lay6
config cpp cr2 crt crw crwl cs csv cue dash dat db dbf dcr dcu dds default der dfm directory disc dmg dng doc docm docx dtd dvd dwg dxf eip emf eml eps epub erf fff flv frm gfx gif gzip h htm html idl iiq
extensions: 3fr 7z accdb ai arw bay bmp c cdr cer chm cpp cr2 crt crw csv cxx dbf dcr der djvu dng doc docm docx dwg dxf dxg eps erf fb2 gif gz h img indd jpe jpeg jpg kdc mdb mdf mef mht mrw nef nrw odb odc
vmlinuz img lnk jpg jpeg bmp gif png svg psd raw mp3 mp4 m4a aac ogg flac wav wma aiff ape avi flv m4v mkv mov mpg mpeg wmv swf 3gp doc docx xls xlsx ppt pptx odt odp ods txt rtf tex pdf epub md yml yaml
Documents.lnk Music.lnk New Folder.lnk Passwords.lnk Pictures.lnk Video.lnk It also uses the names of existing folders and names of files with the following extensions: avi bmp doc gif jpe jpg mp3 mp4 mpg pdf png
{extension} , which contains the non-malicious RTF document. The {extension} can be any of the following: 3gp avi bin bmp cda chm dat dll doc exe fb2 flv gif hlp iso jpg mdb mdf mds mdv mp3 mpg nrg ogg pdf png
archive file named %User Temp%\{random}.{extension} that contains the non-malicious RTF document. The {extension} can be any of the following: 3gp avi bin bmp cda chm dat dll doc exe fb2 flv gif hlp iso jpg