Graftor Malware Trojan zanab.exe POST /poon/post.php www.gongotree.com Traffic Sample PCAP file Download

SHA256: 8fd5bcadd9ae6b1875024f1d5ca24a579727905f440600631ec972712f28c3f5 File name: zanab.exe Detection ratio: 41 / 55 Analysis date: 2017-01-24 02:48:20 UTC ( 0 minutes ago ) ALYac Gen:Variant.Graftor.318298 20170123 AVG Luhe.Packed.C 20170123 AVware Trojan.Win32.Generic!BT 20170124 Ad-Aware Gen:Variant.Graftor.318298 20170124 AegisLab W32.W.Otwycal.l6ei 20170123 AhnLab-V3 Trojan/Win32.Fsysna.C1743112 20170123 Antiy-AVL Trojan/Win32.Fsysna 20170124 Arcabit Trojan.Graftor.D4DB5A 20170124 Avast Win32:Malware-gen 20170124 Avira (no cloud) DR/Delphi.bsqgm 20170123 BitDefender Gen:Variant.Graftor.318298 20170124 CAT-QuickHeal (Suspicious) – DNAScan 20170123 Comodo TrojWare.Win32.Spy.Banker.Gen 20170124 CrowdStrike Falcon (ML) malicious_confidence_83% (W) 20161024 Cyren W32/SysVenFak.A.gen!Eldorado 20170124 DrWeb Trojan.DownLoader14.15241 20170124 ESET-NOD32 a variant of Win32/Injector.DJNW 20170124 Emsisoft Gen:Variant.Graftor.318298 (B) 20170124 F-Prot W32/SysVenFak.A.gen!Eldorado 20170124 2017-01-23 21:08:29.692015 IP 192.168.1.102.50506 > 46.173.219.26.80: Flags [P.], seq 0:289, ack 1, […]

sub.exe totalwellbeing.com.au Cerber Ransomware Trojan Malware PCAP file download traffic sample

SHA256: 849aa2e275d84c05213f95f764331df0dd743b17b32f61174ac45946544f67eb File name: sub.exe Detection ratio: 16 / 55 Analysis date: 2017-01-24 02:42:52 UTC ( 0 minutes ago ) Avast Win32:Malware-gen 20170124 Avira (no cloud) TR/Crypt.Xpack.gsrsm 20170123 CrowdStrike Falcon (ML) malicious_confidence_76% (W) 20161024 DrWeb Trojan.Encoder.5994 20170124 ESET-NOD32 NSIS/Injector.SH 20170124 GData Win32.Trojan.Agent.XY7YM7 20170124 Invincea ransom.win32.critroni.b 20170111 Kaspersky Trojan-Ransom.Win32.Zerber.bghv 20170124 Malwarebytes Ransom.Cerber 20170124 McAfee Artemis!130678330541 20170124 McAfee-GW-Edition BehavesLike.Win32.ObfusRansom.fc 20170124 Rising Trojan.Injector!8.C4-pKe2N6RHzqF (cloud) 20170124 Sophos Mal/Generic-S 20170124 Symantec ML.Attribute.VeryHighConfidence [Heur.AdvML.B] 20170123 2017-01-23 20:55:04.860000 IP 192.168.1.102.50480 > 162.214.17.204.80: Flags [P.], seq 0:314, ack 1, win 256, length 314: HTTP: GET /wp-includes/images/wlw/sub.exe HTTP/1.1 E..b5.@…L….f…..0.P.M.`\.j\P….|..GET /wp-includes/images/wlw/sub.exe HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us […]

Jadtre Unknown Malware Trojan Traffic Analysis PCAP file download sample mbfce24rgn65bx3g.er29sl.com

SHA256: 065fdaa90c06c60f77fcae1420b1612eb266e55bbd417f60cedd33014be30529 File name: read.php?f=0.dat Detection ratio: 5 / 55 Analysis date: 2017-01-24 02:35:57 UTC ( 0 minutes ago )   Baidu Win32.Trojan.WisdomEyes.16070401.9500.9995 20170123 CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024 ESET-NOD32 a variant of Win32/GenKryptik.RZM 20170124 Fortinet W32/Kryptik.FNGP!tr 20170124 Invincea virus.win32.jadtre.b 20170111 2017-01-23 20:52:10.544193 IP 192.168.1.102.50465 > 54.165.109.229.80: Flags [P.], seq 0:292, ack 1, win 256, length 292: HTTP: GET /read.php?f=0.dat HTTP/1.1 E..Lj.@…(….f6.m..!.P….k   ~.P…….GET /read.php?f=0.dat HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Encoding: gzip, deflate Host: smoeroota.top Connection: Keep-Alive 2017-01-23 20:52:40.577524 IP 192.168.1.102.63681 > 75.75.75.75.53: 49466+ A? mbfce24rgn65bx3g.rzunt3u2.com. (47) […]

DICVFL.exe Trojan Downloader Malware Traffic Analysis Sample PCAP file download

SHA256: 2933b492fec30500750c3d5f598bf99fdf976e15dbc8895393b94a91233bd7fc File name: DICVFL.exe Detection ratio: 25 / 55 Analysis date: 2017-01-24 02:29:56 UTC ( 0 minutes ago ) Ad-Aware Trojan.GenericKD.4218289 20170124 AegisLab Ml.Attribute.Veryhighconfidence.[Heur.Advml!c 20170123 AhnLab-V3 Trojan/Win32.Autoit.C1702709 20170123 Arcabit Trojan.Generic.D405DB1 20170124 Avast Other:Malware-gen [Trj] 20170124 Baidu Win32.Trojan.WisdomEyes.16070401.9500.9784 20170123 BitDefender Trojan.GenericKD.4218289 20170124 CMC Trojan.Win32.Generic!O 20170123 CrowdStrike Falcon (ML) malicious_confidence_75% (W) 20161024 DrWeb Trojan.DownLoader23.48840 20170124 Emsisoft Trojan.GenericKD.4218289 (B) 20170124 F-Secure Trojan.GenericKD.4218289 20170124 GData Trojan.GenericKD.4218289 20170124 Ikarus Trojan.Inject 20170123 Invincea worm.win32.moarider.a 20170111 K7AntiVirus Trojan ( 004b8bad1 ) 20170123 K7GW Trojan ( 004b8bad1 ) 20170124 Kaspersky Trojan-PSW.Win32.Autoit.et 20170124 Malwarebytes Backdoor.Bot 20170124 eScan Trojan.GenericKD.4218289 20170124 2017-01-23 20:49:50.377649 IP 192.168.1.102.50454 > 216.158.236.123.80: Flags [P.], seq […]

Symmi Slingup Dapato Malware Trojan Traffic Analysis PCAP file download sample

SHA256: 965756c5a1d67fca84a92b49fa346627a72327ebee621fd4f81f3296ddc39c74 File name: beta.exe Detection ratio: 43 / 55 Analysis date: 2017-01-24 02:26:16 UTC ( 0 minutes ago ) AVware Trojan.Win32.Generic!BT 20170124 Ad-Aware Gen:Variant.Symmi.69617 20170124 AegisLab W32.W.Otwycal.l6ei 20170123 AhnLab-V3 Trojan/Win32.Fareit.R193567 20170123 Antiy-AVL Trojan[Dropper]/Win32.Dapato 20170124 Arcabit Trojan.Symmi.D10FF1 20170124 Avast Win32:Malware-gen 20170124 Avira (no cloud) BDS/Slingup.aptxz 20170123 BitDefender Gen:Variant.Symmi.69617 20170124 CAT-QuickHeal Backdoor.Slingup 20170123 Comodo TrojWare.Win32.UMal.zhzcf 20170124 CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20161024 DrWeb Trojan.DownLoader14.15241 20170124 ESET-NOD32 a variant of Win32/Injector.DJPB 20170124 Emsisoft Gen:Variant.Symmi.69617 (B) 20170124 F-Secure Gen:Variant.Symmi.69617 20170124 Fortinet W32/Injector.DJPB!tr 20170124 2017-01-23 21:10:34.244238 IP 192.168.1.102.50519 > 46.173.219.26.80: Flags [P.], seq 0:288, ack 1, win 259, length 288: HTTP: GET /utu/beta.exe HTTP/1.1 […]