PUP Trojan/Adware Borderline Porn Application Downloader Pay-per-Download Malware PCAP file download

Download Attachments

  • 1 pcap pingo
    Date added: January 16, 2017 6:13 am Added by: admin File size: 697 KB Downloads: 68
SHA256: 478f86e31c4bd8bd6ccf86696375949029d20f6736c4e01c577e99adec0c112d
File name: pingguo_21561000328.exe
Detection ratio: 44 / 57
Analysis date: 2017-01-16 06:11:12 UTC ( 0 minutes ago )
AegisLab W32.Application.Guagua!c 20170114
AhnLab-V3 PUP/Win32.Downloader.C880528 20170115
Antiy-AVL Trojan/Win32.TSGeneric 20170116
Arcabit Adware.Generic.D1A3B8D 20170116
Avast Win32:Adware-gen [Adw] 20170116
BitDefender Adware.Generic.1719181 20170116
Bkav W32.Clod07d.Trojan.ffdb 20170114
CAT-QuickHeal Program.Hadsruda 20170116
ClamAV Win.Trojan.Generic-5415795-0 20170116
Comodo ApplicUnwnt.Win32.PornTool.GuaGua.A 20170116
CrowdStrike Falcon (ML) malicious_confidence_64% (D) 20161024
Cyren W32/S-94c424df!Eldorado 20170116
DrWeb Adware.Downware.10691 20170116
ESET-NOD32 a variant of Win32/PornTool.GuaGua.A potentially unsafe 20170116
F-Prot W32/S-94c424df!Eldorado 20170116
F-Secure Adware.Generic.1719181 20170116
Fortinet Riskware/PornTool_GuaGua 20170116
GData Adware.Generic.1719181 20170116
Ikarus PUA.Agent 20170115

2017-01-15 23:06:09.615300 IP 192.168.1.102.62519 > 14.215.74.85.80: Flags [P.], seq 2253497686:2253497989, ack 3986861207, win 256, length 303: HTTP: GET /re58/pingguo_21561000328.exe HTTP/1.1
E..Wm.@…p….f..JU.7.P.Q.V….P…m…GET /re58/pingguo_21561000328.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: c.img001.com
Connection: Keep-Alive

2017-01-15 23:06:16.677816 IP 192.168.1.102.62520 > 66.61.160.250.80: Flags [P.], seq 1637321297:1637321477, ack 1159308532, win 256, length 180: HTTP: GET /sfsca.crl HTTP/1.1
E…Y.@……..fB=…8.Pa..QE…P….D..GET /sfsca.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.startssl.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache

2017-01-15 23:06:17.308817 IP 192.168.1.102.62521 > 222.73.144.174.80: Flags [P.], seq 281322195:281322373, ack 2294700839, win 260, length 178: HTTP: GET /ca1.crl HTTP/1.1
E…..@….=…f.I…9.P……[‘P…….GET /ca1.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crls1.wosign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache

2017-01-15 23:06:17.601080 IP 192.168.1.102.62521 > 222.73.144.174.80: Flags [P.], seq 178:363, ack 1075, win 256, length 185: HTTP: GET /ca1-code-3.crl HTTP/1.1
E…..@….5…f.I…9.P……_YP…c:..GET /ca1-code-3.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crls1.wosign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache

2017-01-15 23:06:23.023581 IP 192.168.1.102.62522 > 117.27.228.84.80: Flags [P.], seq 3283022524:3283022767, ack 1419530151, win 256, length 243: HTTP: GET /downloader/start?dlver=G1.0.0&pname=pingguo55&pver=1.0.0&cmdtype=0&cmdid=1&ad=0&oemid=0&fromurl=&webid= HTTP/1.1
E…;.@……..fu..T.:.P….T.O.P…….GET /downloader/start?dlver=G1.0.0&pname=pingguo55&pver=1.0.0&cmdtype=0&cmdid=1&ad=0&oemid=0&fromurl=&webid= HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)
Host: cj.pingguo55.com
Cache-Control: no-cache

2017-01-15 23:07:14.841174 IP 192.168.1.102.62522 > 117.27.228.84.80: Flags [P.], seq 243:547, ack 245, win 255, length 304: HTTP: GET /downloader/startdown?dlver=G1.0.0&pname=pingguo55&pver=1.0.0&cmdtype=0&cmdid=1&ad=0&oemid=0&fromurl=&webid= HTTP/1.1
E..X;.@….k…fu..T.:.P….T.P.P…….GET /downloader/startdown?dlver=G1.0.0&pname=pingguo55&pver=1.0.0&cmdtype=0&cmdid=1&ad=0&oemid=0&fromurl=&webid= HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)
Host: cj.pingguo55.com
Cache-Control: no-cache
Cookie: GUAGUAACOUNTID=9d58da31cb70431fa57b0dd19171c119

2017-01-15 23:07:15.462551 IP 192.168.1.102.62523 > 117.27.228.83.80: Flags [P.], seq 52355107:52355286, ack 1485008876, win 256, length 179: HTTP: HEAD /business/5/pingguo.exe HTTP/1.1
E….A@….^…fu..S.;.P…#X.o.P…….HEAD /business/5/pingguo.exe HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)
Host: tg.img001.com
Content-Length: 0
Cache-Control: no-cache

2017-01-15 23:07:16.161211 IP 192.168.1.102.62524 > 117.27.228.83.80: Flags [P.], seq 3252730637:3252730820, ack 1975907044, win 256, length 183: HTTP: GET /business/5/pingguo.exe HTTP/1.1
E….G@….T…fu..S.<.P….u…P….>..GET /business/5/pingguo.exe HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)
Range: bytes=0-3686399
Host: tg.img001.com
Accept: */*
Cache-Control: no-cache

2017-01-15 23:07:16.186591 IP 192.168.1.102.62525 > 117.27.228.83.80: Flags [P.], seq 1631289889:1631290079, ack 4275762285, win 256, length 190: HTTP: GET /business/5/pingguo.exe HTTP/1.1
E….I@….K…fu..S.=.Pa;.!…mP…z…GET /business/5/pingguo.exe HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)
Range: bytes=3686400-18386360
Host: tg.img001.com
Accept: */*
Cache-Control: no-cache

Leave a Reply