p.exe Loads Ransomware Cerber Variant 91.190.218.63 40.117.145.132 443 PCAP File Download Traffic Analysis

SHA256: 71b2f1c5642d24c7f35479399c96cc572b1f0a24d4843ed0fddbf93af12d59c3 File name: p.exe Detection ratio: 36 / 56 Analysis date: 2016-11-27 00:03:46 UTC ( 0 minutes ago ) GData Trojan.GenericKD.3764705 20161127 Ikarus Trojan.Win32.Filecoder 20161126 Invincea virus.win32.sality.at 20161018 K7GW Trojan ( 004e16c11 ) 20161127 Kaspersky Trojan.Win32.Inject.acgan 20161127 Malwarebytes Trojan.MalPack.NSIS 20161127 McAfee Artemis!81D6AF74652B 20161127 McAfee-GW-Edition BehavesLike.Win32.Ransom.cc 20161126 eScan Trojan.GenericKD.3764705 20161127 Microsoft Ransom:Win32/Cerber 20161126 Panda Trj/Genetic.gen 20161126 Qihoo-360 HEUR/QVM20.1.6872.Malware.Gen 20161127 Sophos Mal/Generic-S 20161127 Symantec Trojan.Gen 20161127 Tencent Win32.Trojan.Inject.Auto 20161127 TrendMicro-HouseCall TROJ_GEN.R047H09KP16 20161127 VIPRE Trojan.Win32.Generic!BT 20161126 nProtect Ransom/W32.Cerber.163103 20161126 2016-11-26 17:43:28.144466 IP 192.168.1.102.51195 > 203.162.253.20.80: Flags [P.], seq 0:376, ack 1, win 256, length 376: HTTP: GET /p.exe HTTP/1.1 E….L@…WF…f…….P~..*%…P…….GET /p.exe HTTP/1.1 […]

Snurrepin.com Delivers doc.exe CERBER Ransomware Malware PCAP File Download Traffic Analysis

SHA256: 69e6f40fa4231edb47d52b5a19de15720b3e5fc19f68bb3060e9b6e06c307d42 File name: doc.exe Detection ratio: 9 / 56 Analysis date: 2016-11-26 23:56:21 UTC ( 0 minutes ago ) CrowdStrike Falcon (ML) malicious_confidence_75% (W) 20161024 ESET-NOD32 NSIS/Injector.KT 20161126 Invincea virus.win32.sality.at 20161018 Kaspersky UDS:DangerousObject.Multi.Generic 20161127 McAfee Artemis!4D4D6D2C7CC6 20161127 McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20161126 Qihoo-360 HEUR/QVM42.0.0000.Malware.Gen 20161127 Rising Malware.FakePDF@CV!1.6AC1-LyO8PTdeqgK (cloud) 20161126 Symantec Ransom.Cerber 20161127 2016-11-26 17:05:51.661059 IP 192.168.1.102.50496 > 89.33.242.29.80: Flags [P.], seq 0:392, ack 1, win 256, length 392: HTTP: GET /doc.exe HTTP/1.1 E…..@….Y…fY!…@.PQf-.DC..P…”S..GET /doc.exe HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Encoding: gzip, deflate Range: bytes=214078- Unless-Modified-Since: Sat, 26 Nov […]

Graftor LoadMoney 185.20.186.52 Malware Trojan Clickfraud PCAP File Download Traffic Analysis

SHA256: 572b756cd5cfda893c5e32f7bdcb4e44d57e7101b507afcdee8646b3417fe6e3 File name: autorun.exe Detection ratio: 47 / 56 Analysis date: 2016-11-26 23:22:55 UTC ( 0 minutes ago ) AhnLab-V3 PUP/Win32.LoadMoney.C1370399 20161126 Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20161126 Arcabit Trojan.Graftor.D42051 20161126 Avast Win32:Malware-gen 20161126 Avira (no cloud) APPL/Agent.755 20161126 BitDefender Gen:Variant.Graftor.270417 20161126 CAT-QuickHeal Trojan.Mupad 20161126 Comodo ApplicUnwnt.Win32.RuKometa.~A 20161126 CrowdStrike Falcon (ML) malicious_confidence_68% (D) 20161024 Cyren W32/Selfdel.N 20161127 DrWeb Trojan.LoadMoney.1377 20161127 ESET-NOD32 a variant of Win32/RuKometa.E potentially unwanted 20161126 Emsisoft Gen:Variant.Graftor.270417 (B) 20161127 F-Prot W32/Selfdel.N 20161127 F-Secure Gen:Variant.Graftor.270417 20161127 Fortinet W32/SelfDel.BTBP!tr 20161127 GData Gen:Variant.Graftor.270417 2016-11-26 17:34:54.019260 IP 192.168.1.102.51015 > 82.118.16.96.80: Flags [P.], seq 0:386, ack 1, win 256, length 386: HTTP: GET /autorun.exe […]

speedupmypc.exe Speed Up My PC PUP Adware Riskware Bundler PCAP File Download Traffic Sample

SHA256: fd399751ceb5ed4c25d690f2f10aabeb4dfad6341714029c24748df0481963f0 File name: speedupmypc.exe Detection ratio: 15 / 56 Analysis date: 2016-11-16 04:24:21 UTC ( 0 minutes ago ) AVG PCSB.C 20161116 AVware Trojan.Win32.Generic!BT 20161116 AegisLab W32.Application.Uniblue!c 20161116 DrWeb Program.Unwanted.1514 20161116 ESET-NOD32 Win32/SpeedUpMyPC.A potentially unwanted 20161116 Fortinet Riskware/SpeedUpMyPC 20161116 GData Win32.Application.Uniblue.A 20161116 Ikarus PUA.Uniblue 20161115 Invincea virus.win32.sality.at 20161018 K7AntiVirus Adware ( 004bb0441 ) 20161115 K7GW Adware ( 004bb0441 ) 20161116 Malwarebytes PUP.Optional.Uniblue 20161116 McAfee-GW-Edition BehavesLike.Win32.Obfuscated.tc 20161116 SUPERAntiSpyware PUP.SpeedUpMyPC/Variant 20161116 VIPRE Trojan.Win32.Generic!BT 20161116 2016-11-15 18:43:07.173960 IP 192.168.1.102.52775 > 107.20.189.243.80: Flags [P.], seq 0:342, ack 1, win 256, length 342: HTTP: GET /cm/afterdownload/speedupmypc/uk-mpu-1/setup/speedupmypc.exe HTTP/1.1 E..~I.@….r…fk….’.P ….R..P…v…GET /cm/afterdownload/speedupmypc/uk-mpu-1/setup/speedupmypc.exe HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, […]

microsoftsup.com POST /gate.php Trojan Malware Downloader PCAP file download traffic sample

SHA256: 55754d7bc221d58cebc24daeb3476fa2dbfdaf6ab75e9d3a30456dd5cbf589e5 File name: 2.exe Detection ratio: 49 / 56 Analysis date: 2016-11-16 03:38:39 UTC ( 0 minutes ago ) ALYac Trojan.Generic.19684864 20161116 AVG Win32/Blacked 20161116 AVware Trojan.Win32.Generic!BT 20161116 Ad-Aware Trojan.Generic.19684864 20161116 AegisLab Troj.W32.Generic!c 20161116 AhnLab-V3 Trojan/Win32.Generic.N2111031230 20161116 Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20161116 Arcabit Trojan.Generic.D12C5E00 20161116 Avast Win32:Adware-gen [Adw] 20161116 Avira (no cloud) TR/Black.Gen2 20161116 Baidu Win32.Packed.VMProtect.a 20161115 BitDefender Trojan.Generic.19684864 20161116 Bkav HW32.Packed.509F 20161112 CAT-QuickHeal TrojanPWS.Fareit 20161115 ClamAV Win.Trojan.Generic-1750 20161116 Comodo UnclassifiedMalware 20161116 CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024 Cyren   2016-11-15 19:21:22.301485 IP 192.168.1.102.53489 > 59.188.68.200.80: Flags [P.], seq 0:294, ack 1, win 256, length 294: HTTP: GET /down/2.exe HTTP/1.1 E..NF.@…p….f;.D….P…}.p.sP…H”..GET […]