Search
Keyword: bat
5303 Total Search |
Showing Results : 1 - 20
This file infector infects by appending its code to target host files. File Infection This file infector infects the following file types: BAT It infects by appending its code to target host files.
{path of file containing list of AV name} It sends and executes the following bat file to disable the cloud capabilities of the AV. specific_cloud_switch_off.bat It sends and execute the following bat
{extension name} is any of the following: BAT CMD COM EXE PIF SCR Worm:Win32/Gamarue.I (Microsoft)
HKLM\SOFTWARE\Classes\ reg\shell\open\ command HKLM\SOFTWARE\Classes\ .bat HKLM\SOFTWARE\Classes\ bat\shell\open\ command HKLM\SOFTWARE\Classes\ .vbs HKLM\SOFTWARE\Classes\ VBS\shell\open\ command HKLM
most users wouldn't bat an eye should they receive notification emails from these sites. However, users should still be critical about the content of such emails in case they turn out to be spam, such as
Settings\Temp\ms{random characters}.{extension name}" NOTES: Where {extension name} is any of the following: BAT CMD COM EXE PIF SCR Worm:Win32/Gamarue.I (Microsoft), Backdoor-FGP!a (McAfee),
{extension name} is any of the following: BAT CMD COM EXE PIF SCR Worm:Win32/Gamarue.I (Microsoft), Win32/TrojanDownloader.Wauchos.A trojan (ESET)
subdirectories with the following file extensions: bat bmp doc docm docx gif html jpeg jpg mp3 mp4 pdf png ppt pptm pptx psd rar rtf txt vbs wav xls xlsm xlsx zip Ransom.YeeScrLocker(Norton);MSIL/LockScreen.RC!tr
Details This backdoor connects to the following possibly malicious URL: http://{BLOCKED}d.pl/image.php NOTES: Where {extension name} is any of the following: BAT CMD COM EXE PIF SCR
encrypting files with the following file extensions: cmd ani adv msi msp com nls ocx mpa cpl mod hta prf rtp rdp bin shs wpx bat rom msc spl ics key exe dll UDS:Trojan-Ransom.OSX.Agent.gen (KASPERSKY) Dropped
{BLOCKED}ge.com/image.php NOTES: Where {extension name} is any of the following: BAT CMD COM EXE PIF SCR
Details This backdoor connects to the following possibly malicious URL: http://{BLOCKED}.{BLOCKED}.54.150/image.php NOTES: Where {extension name} is any of the following: BAT CMD COM EXE PIF SCR
http://{BLOCKED}.{BLOCKED}.44.162/u/fuckedupshit.exe It deletes the initially executed copy of itself NOTES: Where {extension name} is any of the following: BAT CMD COM EXE PIF SCR Worm:Win32/Gamarue.F
delete shadows /all /quiet After encrypting the files it will drop and execute a bat file that will be used to delete itself It encrypts files in all fixed, remote and removable drives. Shows the
{BLOCKED}.{BLOCKED}.68.244/image.php http://{BLOCKED}.{BLOCKED}.114.163/r.pack NOTES: The {extension name} is any of the following: BAT CMD COM EXE PIF SCR Worm:Win32/Gamarue (Microsoft), Backdoor.Trojan
extension name} contained in the malware's file name can be any of the following: exe com scr pif cmd bat Worm:Win32/Gamarue.F (Microsoft), W32/Gamarue-BK (SOPHOS)
{argument 2} {argument 3} Not encrypted file extension list - list of avoided extension, with the following default values: • sys • dll • ini • log • dat • bmp • png • bat • exe • com • bin Folder List -
note: !!_FILES_ENCRYPTED_.txt It avoids encrypting files with the following file extensions: ani ax bat cab cmd cpl cur deskthemepack diagcab diagpkg dll drv exe hlp hta icl icns ico ics idx inf lnk mod
http://{BLOCKED}asen.ru/images/image.php NOTES: Where {file extension} is any of the following: BAT CMD COM EXE PIF SCR Worm:Win32/Gamarue.I (Microsoft), Backdoor.Win32.Androm (Ikarus)
copy may be any of the following: BAT CMD COM EXE PIF SCR Trojan-Downloader.Win32.Andromeda.adxa (Kaspersky), Win32/TrojanDownloader.Wauchos.L trojan (NOD32), Troj/Mdrop-FIL (Sophos Lite)