PUP Trojan/Adware Borderline Porn Application Downloader Pay-per-Download Malware PCAP file download

SHA256: 478f86e31c4bd8bd6ccf86696375949029d20f6736c4e01c577e99adec0c112d File name: pingguo_21561000328.exe Detection ratio: 44 / 57 Analysis date: 2017-01-16 06:11:12 UTC ( 0 minutes ago ) AegisLab W32.Application.Guagua!c 20170114 AhnLab-V3 PUP/Win32.Downloader.C880528 20170115 Antiy-AVL Trojan/Win32.TSGeneric 20170116 Arcabit Adware.Generic.D1A3B8D 20170116 Avast Win32:Adware-gen [Adw] 20170116 BitDefender Adware.Generic.1719181 20170116 Bkav W32.Clod07d.Trojan.ffdb 20170114 CAT-QuickHeal Program.Hadsruda 20170116 ClamAV Win.Trojan.Generic-5415795-0 20170116 Comodo ApplicUnwnt.Win32.PornTool.GuaGua.A 20170116 CrowdStrike Falcon (ML) malicious_confidence_64% (D) 20161024 Cyren W32/S-94c424df!Eldorado 20170116 DrWeb Adware.Downware.10691 20170116 ESET-NOD32 a variant of Win32/PornTool.GuaGua.A potentially unsafe 20170116 F-Prot W32/S-94c424df!Eldorado 20170116 F-Secure Adware.Generic.1719181 20170116 Fortinet Riskware/PornTool_GuaGua 20170116 GData Adware.Generic.1719181 20170116 Ikarus PUA.Agent 20170115 2017-01-15 23:06:09.615300 IP 192.168.1.102.62519 > 14.215.74.85.80: Flags [P.], seq 2253497686:2253497989, ack 3986861207, win 256, […]

Thunder Adware PUP PCAP File Download Traffic Analysis Sample xunlei_118827.exe

SHA256: bf1cf754ad5f5f3560047b8eeb784c72bf79a042dec4d50d033e32912a7b19b6 File name: xunlei_118827.exe Detection ratio: 35 / 56 Analysis date: 2016-10-28 03:31:01 UTC ( 0 minutes ago ) AVware Trojan.Win32.Generic!BT 20161027 Ad-Aware Adware.Thunder.E 20161028 AegisLab Troj.Gen!c 20161028 AhnLab-V3 PUP/Win32.Helper.R188024 20161027 Arcabit Adware.Thunder.E 20161028 BitDefender Adware.Thunder.E 20161028 Comodo UnclassifiedMalware 20161028 CrowdStrike Falcon (ML) malicious_confidence_76% (W) 20161024 Cyren W32/Adware.AOGL-3044 20161028 DrWeb Adware.Downware.2436 20161028 ESET-NOD32 a variant of Win32/RiskWare.ThunderHelper.A 20161028 Emsisoft Adware.Thunder.E (B) 20161028 F-Prot W32/Adware.ALLT 20161028 F-Secure Adware.Thunder.E 20161028 Fortinet Bfr.FJ!tr 20161028 GData Adware.Thunder.E 20161028 Invincea backdoor.win32.dunsenr.b 20161018 K7AntiVirus Riskware ( 0040eff71 ) 20161025   2016-10-27 20:13:00.327418 IP 192.168.1.102.56001 > 61.147.75.43.80: Flags [P.], seq 0:292, ack 1, win 256, length […]

Mikey PUP Trojan Adware Downloader CNC PCAP file download Traffic Sample hplaserjetm1136@151_11446.exe

SHA256: e7e729e9d23aeac5ff826c5d3389f5c1cc2982d3d43168e2f5af705709db47da File name: hplaserjetm1136@151_11446.exe Detection ratio: 39 / 54 Analysis date: 2016-10-28 01:48:35 UTC ( 1 minute ago ) AVG Generic37.CELZ 20161028 AVware Trojan.Win32.Generic!BT 20161027 Ad-Aware Gen:Variant.Application.Mikey.34859 20161028 AegisLab Adware.W32.Agent!c 20161027 AhnLab-V3 PUP/Win32.Installer.R185010 20161027 Antiy-AVL Trojan/Win32.PackedNsisMod.o 20161027 Arcabit Trojan.Application.Mikey.D882B 20161028 Avast Win32:Malware-gen 20161027 BitDefender Gen:Variant.Application.Mikey.34859 20161028 CAT-QuickHeal Heur.Downloader 20161027 ClamAV Win.Trojan.Agent-1726718 20161027 Comodo Application.Win32.NSISmod.~O 20161028 CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024 Cyren W32/Mikey.U.gen!Eldorado 20161028 DrWeb Trojan.Winlock.13291 20161028 ESET-NOD32 a variant of Win32/Packed.NSISmod.O suspicious 20161028 F-Prot W32/Mikey.U.gen!Eldorado 20161028 F-Secure Gen:Variant.Application.Mikey 20161028 Fortinet Adware/Agent 20161028     2016-10-27 19:13:52.690393 IP 192.168.1.102.55661 > 61.172.246.236.80: Flags [P.], seq 0:329, ack 1, win 256, […]

FusionCore Trojan/Malware/PUP Downloader Bundled SecureStudies.com Adware PCAP file download traffic sample

SHA256: ab5da9478d76221b534e4847e6968b7977771916ce81ac2810c3917f6ce5a48c File name: PCTuneUpWiFiHotspotCreator_IS.exe Detection ratio: 23 / 55 Analysis date: 2016-10-28 01:34:21 UTC ( 1 minute ago ) AVware Trojan.Win32.Generic!BT 20161027 AegisLab Script.Application.Gen!c 20161027 AhnLab-V3 Malware/Gen.Generic.N2102538991 20161027 CAT-QuickHeal PUA.Techevolve.Gen 20161027 ClamAV Win.Trojan.Generic-2682 20161027 Comodo Application.Win32.FusionCore.~J 20161028 Cyren W32/Trojan.IFZA-1289 20161028 DrWeb Trojan.InstallCore.2673 20161028 ESET-NOD32 a variant of Win32/FusionCore.J potentially unwanted 20161028 Fortinet Riskware/FusionCore 20161028 GData Script.Application.FusionCore.B 20161028 Invincea trojan.win32.dorv.b!rfn 20161018 K7AntiVirus Trojan ( 004fb4121 ) 20161025 K7GW Trojan ( 004fb4121 ) 20161027 McAfee Artemis!FC4E7C56C226 20161028 McAfee-GW-Edition BehavesLike.Win32.Dropper.vc 20161028 NANO-Antivirus Trojan.Win32.InstallCore.egpdia 20161028 Symantec Trojan.Gen.2 20161028 TrendMicro TROJ_GEN.F0CBC0UJJ16 20161028 TrendMicro-HouseCall TROJ_GEN.F0CBC0UJJ16 20161028 VIPRE Trojan.Win32.Generic!BT 20161027 d 2016-10-27 19:39:26.628074 IP 192.168.1.102.55768 > […]

xigua.exe Plorexie Startpage Browser Hijacker Adware Traffic Analysis PCAP file download sample

SHA256: 9e44c764a9d3681f64f2dfc0bf62454ff463313e193d70614b0d7505204f9170 File name: xigua.exe Detection ratio: 34 / 56 Analysis date: 2016-10-26 23:29:08 UTC ( 0 minutes ago ) Antivirus Result Update ALYac Adware.GenericKD.3388535 20161026 AVG Generic_c.ERT 20161026 AVware Trojan.Win32.Generic!BT 20161027 Ad-Aware Adware.GenericKD.3388535 20161026 AegisLab Adware.Generickd!c 20161026 Antiy-AVL Trojan/Generic.ASMalwNS.54D8 20161026 Arcabit Adware.Generic.D33B477 20161026 Avira (no cloud) TR/AD.Plorexie.sourk 20161026 BitDefender Adware.GenericKD.3388535 20161027 CAT-QuickHeal Browsermodifier.Plorexie 20161026 Cyren W32/Plorexie.A.gen!Eldorado 20161027 DrWeb Trojan.Click3.22642 20161027 ESET-NOD32 Win32/StartPage.OVK 20161026 2016-10-25 22:56:18.223887 IP 192.168.1.102.60948 > 58.215.177.195.80: Flags [P.], seq 0:295, ack 1, win 256, length 295: HTTP: GET /618171115/xigua.exe HTTP/1.1 E..Op.@….”…f:……P…h..”.P…….GET /618171115/xigua.exe HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; […]