680334

Total Analyses

67%

Shared Malware

267552

Unique Domains

Recent Analyses (see more)

Dec. 8, 2016, 6:01 a.m. 680231b7bd253b18af622c578b6dae66
Dec. 8, 2016, 5:59 a.m. 2b0eec1d163135c03bc54a4653078034
Dec. 8, 2016, 5:58 a.m. 496ee42136af75a88243e5cc9df0ba78
Dec. 8, 2016, 5:57 a.m. e4b43e377586abc0dd7c47a9a18d811c
Dec. 8, 2016, 5:57 a.m. e4b43e377586abc0dd7c47a9a18d811c
Dec. 8, 2016, 5:57 a.m. c1a5c844fd34a3e5cd67a3e8d446058f
Dec. 8, 2016, 5:56 a.m. a81ce9a908d313b0e5ffec8d6b902397
Dec. 8, 2016, 5:54 a.m. 477ede478285b8038d5d9e519c93da95
Dec. 8, 2016, 5:54 a.m. ee0f089e3e831a0c70d59e4ba6b0e1e0
Dec. 8, 2016, 5:54 a.m. d03ecec7048ae1f9d78f2b461c9b443c

Recent Domains

pokeronline2000.net
file4hosti.info
mcc.godaddy.com
download-setup.net
www.google.com
ak2.imgaft.com
img1.wsimg.com
www.gstatic.com
survey.g.doubleclick.net
dp.g.doubleclick.net

Public Tags

crypter ipkiller athena_http athena_irc kelihos Neurevt betabot pony phorpiex citadel gameover_zeus downloader karagny blackshades aryan_ircbot Boleto Jdjdjd smoke VI virus Fareit andromeda (2.6) Zeus_P2P darkcomet umbraloader andromeda(2.7) bitcoin PWS:Win32/Fareit.gen!C #betabot 1.3.4.5 0day exploit ring 0 CVE-2012-4792 CFR blackrev andromeda DOITYOUR netravler APT keyboy ipkiller2 Autoit Injector Sirefef Ransom Urausy ponyb xtreme_rat yoyoddos esupport.com gamarue Phishing Attachment Phishing Win32/Extats Spammer Win32/Nedsym.G DarkSouthKorea2 fakeav, rougeav fakeav Opera Software Breach bayrob kozy, trojan kozy Seinup rogueware notkazy iceix tor C:\WINDOWS\Flash\taskkill.exe Malicious Really? antivm ZeroAccess Ransomware ubnt.com Symmi Malware - Downloader zbot zeus Simda password stealer,minecraft #Alureon #ZeroAccess miner .NET Rogue Anti Virus! YoutubeMalvert $$_system32_21f9a9c4a2f8b514.cdf-ms FinSpy FinFisher Setup.exe irc Zaccess Frutas Dmitry Rassohin mario.php .ru hidden folders bitcoin miner Keylogger dnscalc MoneyPak FBI Zbot, BlackHole2 Adware KBM2 Verti Technology Group RocketFuel SaveValet AddLyrics NSIS JS Blacole kaspersky support_tool VBS PHP PCAP email Java CVE-2011-3544 CVE-2010-0840 DefaultTab Search Results KBM WebCake Hardware Paravirtualization VB Banker jRat RAT ares.http.botnet rxBot Nettraveler shylock dirtjumper_drive Caphaw infinity bot Medfos solar spam upatre ngrbot ZHELATIN Vertexnet cgrinder madness Athena HTTP Crilock CryptoLocker dirtjumper_drive2 Expiro Asprox Kuluoz VoiceMessage 10-23-13 Zeus Zbot fareit spynet VBS worm hesperbot ~$normal.dotm srmrt kz necurs Skype chapetti 2013-3918 PM4_MSN Lethic solarbot fastflux Treizt ZeroAccess Athena Yeteneksizsiniz Facebook Yetenek Sizsiniz, Facebook Yeteneksizsiniz litecoin zeroaccess, p2p zeroaccess p2p #yeteneksizsiniz Atrax neutrino darkddoser mptools linux_ddos linux ddos bot plasmaHTTP plasma_http #Asprox yamato samsung galaxy ace pvp.player cutwail khelios Cryptolocker Related asprox-related-but-maybe-not-initial-kuluoz GameOver Zeus Zeus, GameOver volatility silentbanker Qakbot Java Explots ferret zeus-p2p Cridex Java/CVE-2013-0422 Exploit Java/CVE-2011-3544 Exploit Java Exploits Alina spyeye Adpeak dexter pos backoored, cobalt, strike target FrontRange Solutions Agent umbra todo CVE-2006-2389 sdbot https://fuckav.ru/showthread.php?p=93825#post93825 #malware crypt service WalmartForm Advantage Trojan Gatak Worm suppobox Credential Steal Malware from russia Trojan Dorkbot malware asprox, kuluoz facebook malware malicious facebook extension browser malware report.creditcard report.exe Asprox stage2 Chewbacca Sneakernet Trojan Zeus GameOver UPX Mono/.Net .cpl Packed Evil PDF Java Exploit Jolly Roger Unconventional BinaryLangID .docm Pony Downloader may_be_not dropper not_Asprox 4chan cryptocurrency trojan Mcafee Files winlogionfire.exe court statement ID147-08.zip ltc miner cve-2012-4202 SGH CVE-2010-3333 CVE-2014-0496 CVE-2012-0158 #fatmal #fatura #zararli #subat2014 #fatmal Rebhip worm andormeda malwr_flo_vall ltc minner Windows Internet Explorer sifreli clickbot clickfraud extension installer Jolly Roger Stealer asprox-adfraud CITADEL 1.3.5.1 Dipverdle Valter SNS not-asprox 4shared bau_bhr facebook admin CVE-2014-0322 dirtjumper sykipot INC 800871 plugx index.html?e=sck zeus,iceix, zeus,iceix CVE-2014-1761 tracur dll Uroburos php,php shell shell stuxnet !Testen RTF-Dokument RTF:CVE-2010-3333 Ole:CVE-2012-0158 luud poko CyberGate Winlock DARKHAT RAT 1.0.3 Trojon IIS ISAPI CVE-2007-5659 CVE-2010-0188 CVE-2009-0927 CVE-2008-2992 hacktools Pdf:CVE-2014-0496 CVE-2013-3346 CVE-2013-2729 unwanted syrianmalware xtremerat ruskill careto mandiant apt1 chinese regedit ftp winpcap icmp http firewall russian autorun forensic smtp mouse Androemda Somoto Skywiper EraseMBR Palevo Conficker/Stuxnet Conficker/Duqu MandiantAPT1 hunter2 UNRECOM CVE-2010-2883 CVE-2014-1776 Chinese APT Internet Explorer JavaScript Trojan, Dirt Jumper version 5 fake av Zbot variant Zeus P2P BetterSurf hunter2 spam dropper malware test Rotbrow predator.txt sql injection InstallCore CVE-2014-0493 powershell outbrowse BitcoinMining ssologin.js spindest fax word ntdll.dll Windows 7 webplayer Mine AutoIt-GEN-RAT kippo honeypot MiniDuke Windows XP gif sso.jss POSHCODER fake_bill Soraya Telekom c2 backend Zeus GameOver Etumbot Flush flush IptabLes IptabLex CyrptoWall hubzu-app.min.js gif89 php zip Pandemiya fake flash chokas RTF OLE Steals Personal Info #CVE-2013-2729 Andromeda2.9 Andromeda 2.9 fake flash player zeusVM Havex hello suspicious ML - Referida WEKBY #SampleStinch Banking Trojan CosmicDuke (MiniDuke2) Gauss Duqu Duqu-Keylogger Miniduke Nemesis Gemina Miniduke,Nemesis,Gemina Nemesis Gemina smokeloader #dofoil-smokeloader-work_work_module #dofoil-smokeloader-work-module cryptowall kevin FLARE-ON C6 e php BrutPOS Pitty Tiger Campaign Troj/ReRol.A PittyTiger RAT Coin Stealer timba banker plimrost darkomet,apt darkomet bulshit ;) asprox-secondary-module Strategic Web Compromise dyreza Pushdo magnitude Sazoora.B Dyre dgameover Flashpack <A> Baill malware_tg sasser emotet banking spyware lllll IRC.Bot Havex_Fertger SOGU XSLCmd BACKOFF BlackPOS Korplug 14e8a9e1f213e241604fb09236d49b65 #hk my new photo SolarBot v1.1 Napolar Shockwave Exploit, Trojan Swfti Smoke Loader Dofoil Neverquest Viper Asprox_module spotflux DGAmeover Zeus 20141009_N 10/10/2014 zemot cryptowall-2.0 mkrul APT, Fexel Fexel vawtrak rerdom tordal hancitor Dyre_spam PDF/Exploit.CVE-2013-2729 CVE-2014-4114 OrcaRAT 1.doc Kaiten PUP Elknot Apple storm Bagle,storm Bagle sality alman waledac Carberp spybot dorkbot rogue antivirus dridex kegotip UFR Usteal Paycrypt MS Sysinternals Streuner vbs, visual basic script visual basic script acceso directo usb virus Useless "Virus" steam peexe assembly apt18 Operation Poisoned Handover @PhysicalDrive0 torrentlocker Vulncheck poweliks Clod Yakes tofsee cryptorbit neelabh rai gvim editor Trojan Krazy Trojan Malware Russian Origin Trojan Downloader Codex. goehringd Steam Stealer Downloaders Recieved by e-mail on 17.11.2014. hack SteamStealer matsnu Linux ELF DDOS Malware regin hc_spam crypto ransomware cryptolocker cycbot ransowmare cryptolocker Malware _dropper Dyzap dasd Sony GOP Hack Malware Sony hack trojan banker bladabindi hacktool inunx server Carta certificada malware emotet malware bladabindi tuscas Zeus P2P (Banking Trojan) Navigation Copyright (C) 2013 SIGNED FILES Trojan.Win32.Destover.d Trojan.Win32.Destover.a hacktool Exploit.RTF.CVE-2010-3333 (v) Exploit.RTF.CVE-2012-0158 (v) Exploit.RTF.CVE-2012-0158 (v) coinminer brother printer driver installation crypter application (riskware) linuz agent trojan macro adware besttoolbar BAT/TrojanDownloader.Agent.NGU trojan #malware #Dyreza asprox kuluoz VBS KRYPTIC spatet malware pua malware spatet andromeda / Win32/TrojanDownloader.Wauchos.A malware worm PUP.Optional.OneClickDownloader.A proxy changer malware trustezeb malware (cryptolocker) Win32.Wipall.A WIPER DESTOVER lswebbroker.exe toolbar perion MacDefender MacProtector adroid malware adware ibrite Tinba phase hancitor, hancitor.b fleercivet bolware banatrix Chanitor TorrentLocker RansomWare lockhunter joke_sample Braviax Anti-Debugging Kovter Subject: Signature Invoice torlocker MACRO MALWARE fgh cve-2014-6332 cc.php upatre downloader Banking Malware SteamTrade roxio retriver roxio retrieve Malware antiVM removed removed antiVM FileLock SoftonicDownloader, Softonic Softonic SoftonicDownloader powerliks SteamRipper hupigon XOR.DDOS Linux Malware Minecraft 1 2 sdfsdf df s sdfsdf df s d sdf sdfsdf df s d sdfsdf df s d sdf d sdfsdf df s d sdf ds BackDoorMSFC deathbycaptcha antigate FinFisher Dropper CBT-Locker CTB-Locker zegost tagtag TurlaCarbon Cobra Turla Worm Almanahe Worm (Rootkit) Sality cryptowall-3.0 browser-hijacker SpeedBit VideoAccelerator thanks Trojan.Anaki malware from spam mail Voice#7909661.zip no-replay@voice_global.co.uk Subject: Voice Message voice.exe ragebot botnet VirLock malware reveton INFOADMIN herpesnet Kronos 55555555555555 crucial.com - Rootkit NetWire CTBLOCKER DOWNLOADER CTB LOCKER T CRYPTOWALL 3.0 scr mail mediyes-Rootkit fynloski-RAT account_report0209.zip planeris.exe account_report0209.scr cloudflare_bypass Hmei7 steam_malware CTBLOCKER broban dos av Private Pri Uroburos 2013 32-Bit Dropper Uroburos 2006 32-Bit Dropper Uroburos 2010 32-Bit Dropper ComRAT TurlaCarbon.A COMpfun recslurp Torrent Locker RIPEMD RIPEMD-160 crack OnionDuke jone SignDetect.exe SignDetect CTB LOCKER DOWNLOADER USBFIX Geodo FileCoder cxcds ASDF njrat from contaigo adobe9 facebook virus gadis mabuk itpiz #LogPOS Steam Virus #PwnPOS Word 2003 XML firefox Self Deleting Dyre, Dyreza Babar EvilBunny Babar Dropper Casper Dropper Casper x86 Executable Payload Visualizar_Processo_MPF_000874732666213.cpl dll from torrent locker Brazil Malware Comprovante Fatura Exe Brazil Malware 3L1Q3r7o8n3F exe Malware Comprovante Fatura Exe Trojan Heur RP vm detection malware fake ccleaner onkods trapwot TORRENTLOCKER TURKEY prvnap bunitu redyms redirector MALWARE TROJAN BANKER Server.exe vmdetect Equation-Group EquationDrug W97M.Dropper.C Andromeda/Gamarue BadJoke TROJ_GEN.R047H01H813 troyan downloader W32/WinWrapper.Adware honeynet Mebromi BIOS rootkit jjj fortest<()='"> INV3487 Honeynet project forensic challenge 14 Banking Trojan Vawtrak Slave DHL Malware Iran Rosena phishing,denial_of_service denial of service Laziok sufod bot vote scam trade Downloader, macros Graftor Upatre / Hupigon TORRENLOCKER Bebloh badpdf may be okay teslacrypt Win32/Detplock Equation_FannyWorm Emotet_Version_2 Emotet_Version_3 RIG BleedingLife2 Invoice rasomware cryptoloker NYF ICMP/NX Sober HAVEX 64-bit inbudiana.com HVL-Rat cnc INV3572 dhl C Swift Credit Card-SPAM swift-cut.co.uk-Sample swift-Sample swift-spam-Sample Fiesta sulit woo Unknown Malware ruckguv CozyDuke chakravyuh Phasebot Definitely Something Here CTB encoder W97M/Downloader Teslalocker Cryptolocker new version 2015 Teslalocker Ramspmware Tor 2015 Teslalocker Ramsomware Tor 2015 no-malware MediaGet gh0st tesl Microsoft Word Intruder rms, rat, remote manipulator system pdf attachment Macromalware MHT Geodo_zip trojan.droper1 Cryptolocker-alphacrypt Geodo_pdf BotNet IRC - Palevo Family Kazy Backdoor Trojan trojan2 agent-anaq Rombertik CryptoLocker_BreakingBad2015 BreakingBad2015 cryptolocker varient correos ransomware correos, ransomware Worm:Win32/Goldrv.A Crypt0L0cker Cryptolocker2015MayBREAKINGBAD1BITCOINNEW.exe Bitcoin_1_BTC_SERVER_ACTIVATION Ransomware Breaking Bad 2015 Cryptolocker Rovnix.D Bifrost LostDoor Putty-info-St alphacrypt Breaking Bad Shizzle Infostealer Trojan.Gamarue FakeAntiVirus Advanced SystemCare cryptowall tesla Rovnix CDBurnerXP no OpenCandy Malware CDBurnerXP with OpenCandy Malware Breaking Bad ransomware Skatteverket Peter Winter HawkEye Keylogger herdprotect portable EMET 5.2 User Guide.pdf CipherQ rovnix-reactor marmoolak emilio di donato RAT-Intresting Rolog Worm dridex (invader) PUM Evoltin APT Winnti Lmaobox #Solar DUQU 2.0 csrss Duqu2 Rootkit #Dyre H-worm Browser Hijacker #Zeus Sofacy (APT28) - Downloader boulot MultiPlug Worm.Obfuscated CTP_LOCKER NitlovePOS spybanker downloader BAT cryptlocker pa CT_LOCKER CTB_LOCKER #ZeusVM #KINS #ZeusVM scipt kidi virus nohand pony-2.0 VeRoS_Dz #Gorynych drop pony and cryptowall QQPass Trojan-PSW.Win32.QQPass Trojan-PSW 盗号木马 Qqthief 勒索 敲竹杠 QQ粘虫 beebone SPYBANKER DOWNLOADER AND SPYBANKER DROPPED no-ip سشقب DINO Malware d3d9 contains REMOTE connection commands in strings Twux packer, themida themida packer HackingTeam HackingTeam-APT CVE-2015-5119 Flash Exploit save on Stealer-D Angler EK, Flash Exploit Angler EK BD2015_AUTRE Garry cox #Xylibox #CYBERCRiME WHQ #Goodware #Legit #Harmless PWS:HTML/Phish.GC Mal/Phish-A INV4034 уппа Sednit, которая также извес Ginas doc resume.doc mydoom CVE-2015-5123 HAMMERTOSS Game mal4-exec1 Rodecap Bunitu-Trojan Minidionis #H1N1 #H1N1 LDR sag festi Spearphishing cryptor Bad-BIOS Poison-Ivy-New шифровальщик Angel Beats VoodooHTTP skidware DiamonFox/Gorynych H1N1 UEFI Malicious File AlienSpy HFC Hash File Checker Creased installer StageFright 200 euro p2c, don't use this lol nvm its a 39 euro p2c oops turkojan torrentino malwr . com/analysis/NThlZjdmMzIzZDM2NDczNGFmZTIwZ Tesla crypt 2.0 teronezpz Stealer cryptowall30-exe telecom tim urlzone MD5 collision Csgolounge shareimg.pics prntscreen.pics SenseI fakeBSOD cryptowall30-doc Mac cw3-Feb not_PlugX Gootkit cw3-Mar cw3-Apr cw3-May cw3-Jun cw3-Jul cw3-Aug netwire RAT my first tag :) teslacrypt 2 legitimate Turla-Droper Slenfbot NewPoSThings SKID USE NETSUPPORT AS RAT cw3-Sep MultiHack.exe Pandora Safe VBE MALWARE maphack Prime World MapHack, Prime World, Nival BillGates AESDDoS XORDDoS TinySH IRCDDOS ShiFu obsolete malware Dridex_doc Briba mare neutrinobot energy-scam cw3-Oct perl reverse shell pantstealer.A cuniform.GEN:Z pantstealer.A, cuniform.GEN:Z cw3-Nov cryptowall40? cryptowall-4 Screensaver csgo scam test 1 test2 Downloader.Sapaviro Ramnit Trojan PSAS 5 cryptowall40-js cryptowall40-doc pax Excel phishing spear-phishing spear-phishing FAKE AV DROP ALL SHIT Bookworm Goodware Linux ransomware [Trojan.Win32.Crypt.cxd] jse File Name: XrqdCtbv.exe 301 darkcommet UofC phishing attempt #cryptdieyou orcamento Derkziel Office Builder v5 Fake corebot nymaim OZONE bob SEO Optimized PDF Modpos Modpos Malware Chimera weekend virus, maybe, crypter коммерческое_предложение Teslacrypt with extention vvv dUP cw3-Dec doc, macro Fun malwr botnet loader Malicious Spam WhatsApp <info@funerariasantamarina.es> Un telegrama oral breve se ha cobrado ctjb Dylan Moruga ks amk dennisvdm YTD Airy radamant cw3-Jan zanglerss Killdisk BlackEnergy Ransom32 BlackEnergy-XLS-Dropper Microsoft Excel MS-OGRAPH code execution (MS11-072 SanDisk UltraFit USB 3.0 errorz PP Delivered Vendor Submit Bartallex Trojan-Downloader GamesFlight Flight.exe HSBC Morphing dangerous penetrator MIME junk mayhem Adwind IOC mạnh dorifel Houdini (iniduoh) Houdini moker mokes Ransomware voorbeeld via vba NirSoft DLL Export Viewer false positive Trojan/Downloader Malspam Tesla Crypt Dameware Dameware keygen Locky Dridex_js Tyupkin Green Dispenser Malware 1 Malware vol info nav zeus,zbot mp3 teslacrypt cryptowall issahar Analysis By Learnerskp Crytomalware Analysis By Learnerskp Cryto Ransomware mp3 extension OSX-malware-HackingTeam locky ransomware drops TeslaCrypt Emdivi int@inc.draw Awss2016 OnlineDraw awss2016onlinedraw@embarqmail.com OSX-Transmission Ransomware A200K was here angler ramsoware angler ramsoware unk eda2 Crypto Locker Suprise RansomWare surprise Saddlebrook printer Driver HessenPC1 20160315 email attachment Maldoc hiddentear တာရာ cryptowall4096 Phishing - E-Mail/Password PHP_phishing Nemucod FSG TeslaCrypt, Ransomware, Win32, Malware ursnif.hp maktub Maktub Locker unpacked Locky-downloader Ransom.Locky gdoor rokku Cake/Rooster cryptohasyou patched Petya Booyah PowerWare USB Stealer TreasureHunt TreasureHunter sam mireware ZeusBot ty-agent-installer kimcilware jobcrypter encryptor_raas tcp 5000 synology upnp ocx Kasidet samas decrypter shade files100005@gmail.com a4yhexpmth2ldj3v.onion simple word document Win32.Cridex cryptohost Linux.DDOS.Flood.L database outlook jigsaw Dridex dropper teslacrypt4 qws jar Gozi Zusy Krypt RemoteAdmin test-jar test-xls test-exe test-zip test-doc test-swf test-vbs test-jpg Dridex120 test-known-exe jigsaw2.0 MULTIGRAIN POS Malware uWarrior Exploit.CVE-2015-1770 Exploit.CVE-2012-1856 CryptXXX Dee415 clean MBRLock keybase mobef activedocument order-ae-gz zbot_1 Shell r57 Html Clean #locky Phishing Steam Shell b374k Ohagi Word-based Malware Locky, Ransomware, Pre-infection File bankslip TravNet Bloomberg Finance L.P. Dalexis Imminent Monitor RAT PYSSHH4 brlock crysis 8lock8 H.worm cryptohitman magic HTTP request lum snslocker 7ev3n 7ev3n-HONE$T seginchile @PD0 sanction Coverton malmacrofromemail DMA Locker vipasana #vaklik more zyklon VBA.Trojan.Downloader.Locky Filecoder.Locky x0rb0t (trojan) CerBer Ransomware Cerber Decryptor v. 1.0 Keygen Incident6-2 Malicious training adsoft_installer installcube zcrypt RAA #ramnsomware #jimbo #ransomware #DEDCryptor CHM #ransomware #jimbo It's a new malware Detected by Kaspbersky as Trojan.MSWord.Agent.ea Trojan.MSWord.Agent.ea Trojan.MSWord.Agent Parite Trojan downloader Trojan/MSWord.Agent.ea VBA:Downloader-CGH [Trj] W2000M/Agent.225018 VBA.Trojan-Downloader.Agent.alu O97M.Downloader.DX PP97M/Downloader VBA/TrojanDownloader.Agent.BHS New or modified PP97M/Downloader WM/Agent.BHS!tr.dldr Macro.Trojan-Downloader.Donoff.AS W97M/Downloader.bfp TrojanDownloader:O97M/Donoff rar_sfx Satana NOTEPAD suckmydick Cerber ramsomware Kryptik Curt->Luke Phish Locky, Zepto, Ransomware Zepto bfsvc.exe backdoor funny payload visual effects spreder Cerber, Ransomware Patchwork, The Dropping Elephant Patchwork The Dropping Elephant skimming gr0wlit Avalon flash ConfuserEx DotNET_Reactor DotNET_PhoenixProtector DotNET_VisualBasic_Malware DotNET_SmartAssembly RunPE PERun DotNET_Crypto_Obfuscator Locky downloader Putty2, CTF CTF Putty2 interpark CrypMIC EnigmaProtector DarkFire Gozi.EQ Trojan.MSIL Tyupkin mbr cobaltstrike Operation Manul microsoft 2016 microsoft office pro 2016 RandomsomWare HMN flash, CVE-2016-1019 PUP.InstallMonstr VMProtect hitler Linux.Lady ZProtect PE_NIMDA.B (UNPACKED) PE_NIMDA.B (UNPACKED - REBUILT) Dropped Files Zepto, Locky Alpha Ransomware petya ransomware majinta Course PPT Document Properties Grzegorz jackowiak Barclays Network PayLoad Content Static Analysis Hilfe, Trojaner, Darkkomet? Mutabaha In Dell Command Monitor Program Files-omsa - ini ProgramData Folder winword.dat VeraCrypt cryptography TrueCrypt JOKAR Android-Trojan apk apk,bankun HijackBank IP address medusa irc bot Quasar Quasar Client Mokes.A python banned-lQuftg9dHle9 Variant.Razy W32/Bayrob Chrome GRA8E1~1.DLL BehaviorAnalysis Google Installs at Startup VirusTotal Lock Steal Info Microsoft Steals info Groove Registry Keys W64/Rootkit_TojanDownloader.Necurs detoxcrypto Windows Hotkey Explorer Trojan.Downloader.CryptoLocker.Ransomware Trojan.CryptoLocker.Ransomware Trojan.Emotet Trojan.CryptoLocker.Ransomware.Cerber Trojan.VB.Inject.Kryptik Trojan.NetLogger Trojan.Zerber.Ransomware Trojan.VB.Krypt #Trojan.Downloader.CryptoLocker.Ransomware AVG Win32/Sality Removal Tool mischa Win32/Riskware.RemoteAdmin.Ammyy HTTP Requests Corrupted Mutex Help What is it? DarkComet? Komplex.A B0k9 Flareon3 txt document txt winlocker Winlcoker winlocker builder vidhi Adobe-Strings Automation Servers-MSWord MS Office Add-Ins IP Addresses Steals Info from Local Browser Adobe University Collects Fingerprint Info IP Listed w/ Trojans on VirusTotal Strings SharePoint BlueTooth Analysis Failed Disable Password Authentication-Strings Schemas-Strings Hidden and Dangerous-Strings Mirai Streams Adobe Capture Parent-Child Object Device IO Control VMDetect-Anti-Virtualization Normal.dotm R Drive-Writing Center PIPE/lsarpc Smart Tags File Block Blackboard Microsoft Schemas Delete Command Adobe-FeatureLockdown Adobe-ControlSet Adobe-AVPrivate Adobe-Collab Adobe-Access Hotfix Object Streams Parent RDF User Participation Report Signatures NtCreateMutant Control NIS C:\notexist.htm Object RunMRU HKEY_CLASSES_ROOT\gopher mailto\shell\open\command \FEATURE_HTTP_USERNAME_PASSWORD_DISABLE Network Connections Spoof Block GlobalLock BagsMRU Bags Keven Unicode payload log file detected Setup-Systems Management Saddokuh Shadow Backing Story locky dll .odin GodzillaLoader Medusa isnt 500kB lol activator Trojan-GoDaddyCertificate Download PCAP-Network Analysis Commands Managed Changes Default Settings Synchronize Dummy Locky dropper HangulHanjaConv Dell GMbot ELF DOOM 2016 FITGIRL REPACK DOOM (2016) FitGirl TrickBot Security Certificates wsf MIME_KILLBIT AssHats Shade Ransomware MetroHTTP Restore v3 d:\w7rtm\ds\security\protocols\credssp\lsa\credapi Impersonate C: Drive-RasLab FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING BeginTransaction id Groove-Old Data BamlAttributeInfoRecord Unknown Markup Ext Build Tasks DLL Ignorable bubbling event Routed Event Triggers Binding FEATURE_BUFFERBREAKING INTERNETWRITEFILE /r:System.-DLLs DealersChoice.B Building Blocks customXml/itemProps3.xmlPK Messenger cmd Alzaeem Hex-Crypter V1.exe Mutex-Global Mutex-Lock Secondary Author Rujukan Angka Bibliography Styles Secondary Open/Close Output HTML Roaming Netscape Navigator Custom XML Props www.IEC.ch Office Test Microsoft Themes VirusTotal Report Decode Object ShellCode DLL Add-Ins PowerPoint\DisabledCmdBarItemsCheckBoxes KYIMEShareCachedData.MutexObject.User Groove.Mutex.SystemServices.Lock PlugIns Favorites Links Shell.CMruPidlList Adobe Flash Remote Administration Tool - NanoCore SoftWare - Remote Administrator Tool (quasar) Fallout Bethesda Windows 10 pillorydowncommercials.co.uk Malware - AutoIt setup Remote Administration Tool Bug-Strings Illegal - Strings Camera-Lens-Focus-Strings Mask FROM DHCP-SERVER WolfVision Common Policy-Security Certificate NetLock-Budapest Default Apps MACOSX-strings Windows-RasLab Global\AcrobatViewerIsRunning YouTube.crx GMail.crx Behavior-Runs Internet Explorer Global\Groove.Mutex.SystemServices.GlobalLock MSCTF.Shared.MUTEX.MOH errIllegalConstructor = 'Illegal constructor' Windows Update Not Trusted #vundo #malware #vundo vundo Creates Alternate Data Stream-Signatures Angelo State-QDrive 11112 Facebook massange trojan Destroy UuidCreate Strings-External Functions Temp-Windows Strings-W. T. Ever-loving. F. Anti-Virtualization - file detail Python DLLs Collab Workflows Paper Cut Failed to Repair Chrome PowerPoint.PIP Special Paths Messages OPWBypassMigration XDocs_XMLEditVerbHandler adhoc.rcd CMMGR32.EXE CChat.exe depends.exe ISignup.exe Bill DOC PowerDuke tw.yahoo.com PrincessLocker Dharma fake mail ATO RasLabBUS Angelo in Strings Feature Lockdown PS Country IP Address designation Creates Modified Copy of Itself-Signatures Possible Ransomware zohiradda.hopto.org:5552 koko1990.ddns.net:1177 NJRAT meuhost12345.freedynamicdns.org:1177 NJRAT NJRAT sder1391.hopto.org:1177 divilo.ddns.net:1177 NJRAT Stealer Predator Logger email:coolmlggggg@mail.com domain:deceptiveenginee email:coolmlggggg@mail.com deceptiveengineering.com Contacts http://serviceman33.ru/ http://serviceman33.ru/Files.aspx Drops Stealer NJRAT staypositive.ddns.net:5552 Paper Capture Plugin Splash Trojan-Adobe Security Certificate Shitty Crypter ClassLibary1 Non Obfuscated DLL payload encrypted with RC4 e:\project rat\new\WindowsFormsApplication3\ClassL gonsine.ddns.net:5552 hussam711test.ddns.net:5552 hcsc60.ddns.net:5553 NJRA NJrat : 41.111.41.185 : 5552 ayylmao.sexxxy.biz NJrat:abbas1996.myftp.biz:1177 - 141.255.152.111 NJrat: mohamed1369.hopto.org : 5553 NJrat : djab55.myftp.org : 1177 GIMP 2 Ghostscript Embedded PE32 file MySpell Enchant Ordering Arkhangel'skaya oblast - Strings Font Map Shared Python MIME WTF!!!-Dropped Files Python Hotshot WTF-Strings Built-In Objects Dropped Python File Hidden Dummy Layouts CMI-CreateHive PrivDiscUiShown Default User AcroDistX requestedExecutionLevel level='asInvoker' Translation IP tested on VT-warning Embedded Non-Windows Executable-win32 API function Makefile Pepflashplayer.dll JET-Strings Temp File-Local Unsigned www.w3.org/2000/09/xmldsig#sha1 PermissionSet Unrestricted="true" ID="Custom" Same DroppedFiles-PCAP www.w3.org Foreign IP Address TDrive Saudi Arabia IP Adobe PDF-Exported/Extracted Info PE Imphash System Shared Computer Lab Solutions-TDrive-ASU HeartBeat Compressed Executable-UPX Spraycan WyseOverride JuicePress Connected to Pegasus! VirusTotal-Malicious File Osiris Goldeneye

Last Comments

Not maleware.
Malware
Malware
File located on SharePoint 2013 server running Server 2012R2 at this location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\TEMPLATE\LAYOUTS\INIT.JS File appeared in IE temp directory of end user machines. Trend Micro alerted & quarantine this file on end user machines on virus definitions version 12.941.00. This quarantine caused functionality issues with corporate SharePoint site. Trend Micro recommended the virus definition files be reverted to the previous day's virus definitions.
Malware spam: "Shipping status changed for your parcel # 1996466" / ups@ups-service.com http://blog.dynamoo.com/2016/12/malware-spam-shipping-status-changed.html #Hancitor #Pony #Vawtrak