Search
Keyword: hktl_drop.do (replaced with rtkt_vanti.gk)
15205 Total Search |
Showing Results : 1 - 20
attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, which could then result in an
infection makes the virus and host file un-executable and also the host unrestorable. These files cannot infect other files but must be replaced with clean backup copies. NOTES: This is the Trend Micro
infection makes the virus and host file un-executable and also the host unrestorable. These files cannot infect other files but must be replaced with clean backup copies. This File infector arrives on a
Modifications This Trojan modifies the following file(s): /etc/rc.local - adds "sh /usr/local/bin/npt" to run downloaded file on boot /var/spool/mail/{user} - contents replaced with "0" string /var/log/wtmp -
\system32\dllcache folder. It also avoids replacing file with strings: 360 avast avg avp ccApp dr.web egui feedback system UfSeAgnt updaterui win The original copy of replaced file is copied to the same
spammer used legitimate email templates of Neteller and replaced the links with a fake domain that will lead to a phishing website that looks identical to the legitimate one. The way that the bait of this
The said shell script exploits the DYLD_PRINT_TO_FILE vulnerability by writing the following string to the file /etc/sudoers : echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" where $(whoami) is replaced by the
TROJ_PEYKE.B may arrive as dropped files of another malware. It may arrive with component files all detected as TROJ_PEYKE.B. It creates a file where it uses for its keylogging routines. Another
privilege Parse contact information and upload Get indicated SMS & MMS messages and upload Uninstall detected legitimate banking app and replaced with malicious, fake app Control mute and ringing settings
} ammyy update [cold | hot ] plugin name (updates) If cold (hot update) is not specified, then the specified update is loaded, the file is replaced at startup (service) and starts, at the same time,
the driver to be replaced by checking the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services registry entry, the driver file found in the said registry entry should have a value of 3 in the Start
updating its own configurations. Apart from information theft, FakeSpy can also check for banking-related applications installed in the device. If they match FakeSpy’s apps of interest, they are replaced
entry is {User Preference} .) Propagation This Worm creates the following folders in all removable drives: {removable drive}:\$LimeUSB -> contains original files and folders which were replaced with
sites Information Theft This spyware monitors user transactions done on the following websites: Sites with strings specified in {Malware Path}\{Malware Name}.cfg It accepts the following parameters: -path
executes a custom command Install-ServiceBinary → replaces a service binary with one that adds a local admin or executes a custom command Restore-ServiceBinary → restores a replaced service binary with the
the host file Overwriting – the host file is entirely replaced by the malicious code Cavity— the code is inserted to a blank or unused space Most file infectors now do not use a single type of infection
HKEY_CURRENT_USER\Software\WinRAR SFX It adds the following registry entries: HKEY_CURRENT_USER\Software\WinRAR SFX {"%Application Data%\windows\" but all symbols are replaced with %} = "%Application Data%\windows
characters replaced with '_' However, as of this writing, the said sites are inaccessible. NOTES: It does not have rootkit capabilities. It does not exploit any vulnerability. Trojan:Win32/Miuref.A (Microsoft
attacks. For this campaign, the attackers managed to compromise the ICS vendor site and replaced the legitimate software installers with the Trojanized version. The purpose of this is to gain access to the
creates the following event(s): {Computer Name}{Fullpath and Filename} special characters replaced with '_' Troj/VBDrop-AR (Sophos) ,Trojan-Ransom.PornoAsset (Ikarus) ,Win32.Malware!Drop (Sunbelt)