Text Example

jewel-quest-iiSetup.exe Adware PUP Malware PCAP file download analysis

Download Attachments

  • 1 pcap jewelquest
    Malware PUP Adware
    Date added: September 27, 2016 12:54 am Added by: admin File size: 1 MB Downloads: 116

2016-09-26 20:10:17.674122 IP 192.168.1.102.58009 > 54.175.220.46.80: Flags [P.], seq 0:351, ack 1, win 256, length 351: HTTP: GET /games/v2/1733781543247264245/6899126784130858863/13/0/
jewel-quest-iiSetup.exe HTTP/1.1
E…3.@……..f6……PZE……P…….GET /games/v2/1733781543247264245/6899126784130858863/13/0/jewel-quest-iiSetup.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: dl.iwin.com
Connection: Keep-Alive

2016-09-26 20:10:27.800342 IP 192.168.1.102.58012 > 54.175.220.46.80: Flags [P.], seq 0:115, ack 1, win 256, length 115: HTTP: GET /games/GamesManagerInstaller.exe HTTP/1.0
E…4.@….n…f6……P.\..`…P…….GET /games/GamesManagerInstaller.exe HTTP/1.0
Host: dl.iwin.com
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*

2016-09-26 20:10:28.003154 IP 192.168.1.102.58012 > 54.175.220.46.80: Flags [.], ack 1, win 256, options [nop,nop,sack 1 {1461:2921}], length 0
E..44.@……..f6……P.\..`…………..
`…`..p
2016-09-26 20:10:28.003392 IP 192.168.1.102.58012 > 54.175.220.46.80: Flags [.], ack 1, win 256, options [nop,nop,sack 1 {1461:4381}], length 0
E..44.@……..f6……P.\..`……..z…..

2016-09-26 20:11:01.036675 IP 192.168.1.102.58013 > 93.184.216.54.80: Flags [.], ack 2497355276, win 256, length 0
E..(NI@……..f]..6…P…l….P…P………
2016-09-26 20:11:01.037289 IP 192.168.1.102.58013 > 93.184.216.54.80: Flags [P.], seq 0:215, ack 1, win 256, length 215: HTTP: GET /gm/2.13.5.801/00000000.dat HTTP/1.1
E…NJ@……..f]..6…P…l….P…i…GET /gm/2.13.5.801/00000000.dat HTTP/1.1
User-Agent: NextDM/2.13.5.801  AppleWebKit/535.19 (KHTML, like Gecko) GamesManager/2.13.5.801 00000000 WinVer/5.1 [x86]
Host: static.iwincdn.com
Connection: Keep-Alive

 

2016-09-26 20:11:47.647355 IP 192.168.1.102.58035 > 52.1.103.205.80: Flags [P.], seq 0:116, ack 1, win 256, length 116: HTTP: GET /dl/preinstall-options.exe HTTP/1.1
E…v.@…%….f4.g….P.#.V….P…….GET /dl/preinstall-options.exe HTTP/1.1
User-Agent: NextDM/installer
Host: gm.iwin.com
Connection: Keep-Alive

2016-09-26 20:11:47.850258 IP 192.168.1.102.58035 > 52.1.103.205.80: Flags [.], ack 1, win 256, options [nop,nop,sack 1 {1461:2921}], length 0
E..4v.@…&6…f4.g….P.#………._……
…….D
2016-09-26 20:11:47.850465 IP 192.168.1.102.58035 > 52.1.103.205.80: Flags [.], ack 1, win 256, options [nop,nop,sack 1 {1461:4345}], length 0
E..4v.@…&5…f4.g….P.#……….Z……

2016-09-26 20:11:48.501951 IP 192.168.1.102.58036 > 52.6.77.26.80: Flags [.], ack 2921222657, win 256, length 0
E..(d.@…R….f4.M….P…6..R.P…Ff……..
2016-09-26 20:11:48.507855 IP 192.168.1.102.58036 > 52.6.77.26.80: Flags [P.], seq 0:113, ack 1, win 256, length 113: HTTP: GET /iwin_offers_installer.exe HTTP/1.0
E…d.@…Rz…f4.M….P…6..R.P….:..GET /iwin_offers_installer.exe HTTP/1.0
Host: fusion.iwin.com
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*

Leave a Reply