Search
Keyword: IRC_IRCFLOOD.X
files. It avoids infecting files that contain the following strings in their names: PSTO WC32 WCUN WINC Backdoor Routine This file infector connects to any of the following IRC server(s):
\. It is also where the operating system is located.) This report is generated via an automated analysis system. Trojan:Win32/Agent (Microsoft); Generic PWS.sd (McAfee); IRC Trojan (Symantec);
This file infector arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This file infector arrives on a
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This worm arrives on a system as a file
wellsoffice.wellsfargo.com It sends the information it gathers to remote sites. Other Details Based on analysis of the codes, it has the following capabilities: Connects to a certain IRC server using a certain port and joins
Routine This worm joins any of the following IRC channel(s): #rxbot_paradise It executes the following command(s) from a remote malicious user: Create and delete files Download file from the Internet
QAKBOT malware are worms,Trojans, and backdoors that are known to spread through network shares, software vulnerabilities, or removable drives. Some of its variants may be downloaded from malicious
This backdoor may be dropped by other malware. This is the Trend Micro detection for files that exhibit certain behaviors. Arrival Details This backdoor may be dropped by the following malware:
\command=OGa\RD\GOx.exe shell\open\default=1 Backdoor Routine This worm connects to any of the following IRC server(s): sik.{BLOCKED}nix.net idem0.{BLOCKED}k.eu ogardf.{BLOCKED}ils.net ogardf.{BLOCKED}rk.biz
\Run J_Y = "%Windows%\J_Y.exe" Other System Modifications This worm adds the following registry keys: HKEY_CLASSES_ROOT\.cha HKEY_CLASSES_ROOT\ChatFile HKEY_CLASSES_ROOT\irc\Shell\ open\ddeexec
Routine This worm executes the following commands from a remote malicious user: Connect to a website Connect to an IRC channel to receive commands Copy files Delete files Download file Download malware
following backdoor capabilities: Block DNS Create processes Download other files Insert iframe tags into HTML files Join an IRC channel Log in to FTP sites Perfrom Slowloris, UDP, and SYN flooding Run Reverse
\Microsoft-Driver-1-53-2495-3625-9745\winsvn.exe" Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}0.com {BLOCKED}00.net
connects to any of the following IRC server(s): http://{BLOCKED}trocked.servequake.com It executes the following commands from a remote malicious user: Download and execute files Get drive information such
Manage open Windows Manage processes Manage registries Perform Denial of Service Perform remote shell Refresh IP Remove itself and clean autorun registry entries Set-up IRC bot Spread itself to all
strings: [autorun] icon=%SystemRoot%\system32\SHELL32.dll,4 action=Open folder to view files shellexecute=winrsrvdr32.exe UseAutoPlay=1 Backdoor Routine This worm connects to any of the following IRC server
has the following backdoor capabilities: Join an IRC channel Update Itself Download other files Perfrom Slowloris, UDP, and SYN flooding Run Reverse Socks4 proxy server Send MSN Messenger messages
QAKBOT malware are worms,Trojans, and backdoors that are known to spread through network shares, software vulnerabilities, or removable drives. Some of its variants may be downloaded from malicious
QAKBOT malware are worms,Trojans, and backdoors that are known to spread through network shares, software vulnerabilities, or removable drives. Some of its variants may be downloaded from malicious
automatic execution at every system startup: %User Profile%\Start Menu\Programs\Startup\{random}.lnk This backdoor is capable of connecting to a certain IRC server using a certain port and joins a channel