| SHA256: | 775c7bd9e820c4dfd0fabdfeade2de901414bd46d2691ea5020a818f6a42eb83 |
| File name: | QQ1.exe |
| Detection ratio: | 42 / 56 |
| Analysis date: | 2016-10-26 22:04:27 UTC ( 0 minutes ago ) |
| Antivirus | Result | Update |
|---|---|---|
| ALYac | Gen:Variant.Strictor.112384 | 20161026 |
| AVG | AdPlugin.UTN | 20161026 |
| AVware | Trojan.Win32.Generic!BT | 20161026 |
| Ad-Aware | Gen:Variant.Strictor.112384 | 20161026 |
| AegisLab | Gen.Variant.Strictor!c | 20161026 |
| AhnLab-V3 | PUP/Win32.Qjwmonkey.R187306 | 20161026 |
| Antiy-AVL | RiskWare[Downloader:not-a-virus]/Win32.Agent | 20161026 |
| Arcabit | Trojan.Strictor.D1B700 | 20161026 |
2016-10-26 00:13:19.381515 IP 192.168.1.102.61873 > 222.186.161.72.80: Flags [P.], seq 0:289, ack 1, win 256, length 289: HTTP: GET /down/QQ1.exe HTTP/1.1
E..I}.@…:….f…H…PuMz.XKi.P…….GET /down/QQ1.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: url.d9soft.com
Connection: Keep-Alive
2016-10-26 00:13:19.488419 IP 192.168.1.102.61664 > 75.75.76.76.53: 941+ A? url.d9soft.com. (32)
E..<
—
E..(.;@…Y….f…….P…{F.L/P….I……..
2016-10-26 00:13:39.775088 IP 192.168.1.102.61874 > 8.254.208.158.80: Flags [P.], seq 0:240, ack 1, win 256, length 240: HTTP: GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
E….<@…X….f…….P…{F.L/P….7..GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: www.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
2016-10-26 00:13:57.277804 IP 192.168.1.102.61879 > 120.26.109.229.80: Flags [P.], seq 0:212, ack 1, win 256, length 212: HTTP: POST /api/getdown HTTP/1.1
E…7.@……..fx.m….P…….FP….U..POST /api/getdown HTTP/1.1
Host: api.baizhu.cc
Content-Length: 22
Connection:close
Accept-Language: zh-cn
Cache-Conbtrol:no-cache
Content-Type:application/x-www-form-urlencoded
&appid=1&sid=360&ver=2
2016-10-26 00:13:57.677329 IP 192.168.1.102.65166 > 75.75.76.76.53: 64390+ A? api.baizhu.cc. (31)
—
E..(.o@…_….fh.l….PX.p..AN.P………….
2016-10-26 00:13:58.656691 IP 192.168.1.102.61880 > 104.192.108.18.80: Flags [P.], seq 0:290, ack 1, win 256, length 290: HTTP: GET /partner/Inst13__3112087__3f7372633d6c6d266c733d6e31343463316364383939__68616f2e3336302e636e__0c70.exe HTTP/1.1
E..J.p@…^]…fh.l….PX.p..AN.P…ux..GET /partner/Inst13__3112087__3f7372633d6c6d266c733d6e31343463316364383939__68616f2e3336302e636e__0c70.exe HTTP/1.1
Host: dl2.360safe.com
Accept:*/*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Connection:close
Cache-Control: no-cache
Cookie:
2016-10-26 00:13:58.765153 IP 192.168.1.102.61880 > 104.192.108.18.80: Flags [.], ack 1, win 256, options [nop,nop,sack 1 {293:1753}], length 0
E..4.q@…_r…fh.l….PX.q..AN…… …..
—
E..(Y.@…]….fy……PvGa…0&P………….
2016-10-26 00:14:00.071491 IP 192.168.1.102.61881 > 121.29.8.212.80: Flags [P.], seq 0:188, ack 1, win 256, length 188: HTTP: GET /baizhu.zip HTTP/1.1
E…Y @…]….fy……PvGa…0&P…a…GET /baizhu.zip HTTP/1.1
Host: cdn.baizhu.cc
Accept:*/*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Connection:close
Cache-Control: no-cache
2016-10-26 00:14:39.157576 IP 192.168.1.102.61886 > 125.76.247.199.80: Flags [P.], seq 861:1148, ack 3846, win 251, length 287: HTTP: GET /core.php?web_id=1259684198&t=z HTTP/1.1
E..GT.@…m….f}L…..P. ….e.P…u…GET /core.php?web_id=1259684198&t=z HTTP/1.1
Accept: */*
Referer: http://cdn.baizhu.cc/youxi/index_1_2.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)
Host: c.cnzz.com
Connection: Keep-Alive
2016-10-26 00:14:39.158505 IP 192.168.1.102.61894 > 42.156.140.84.80: Flags [S], seq 3498221479, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
—
E..(1.@…P….f*..T…P+.”8…aP..<……….
2016-10-26 00:14:39.174516 IP 192.168.1.102.61893 > 42.156.140.84.80: Flags [P.], seq 0:373, ack 1, win 65340, length 373: HTTP: GET /stat.htm?id=1259961501&r=&lg=en-us&ntime=none&cnzz_eid=1085063149-1477454399-
&showp=1920×1080&t=&h=1&rnd=1356346624 HTTP/1.1
E…1.@…N….f*..T…P+.”8…aP..<….GET /stat.htm?id=1259961501&r=&lg=en-us&ntime=none&cnzz_eid=1085063149-1477454399-&showp=1920×1080&t=&h=1&rnd=1356346624 HTTP/1.1
Accept: */*
Referer: http://cdn.baizhu.cc/youxi/index_1_2.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)
Host: z4.cnzz.com
Connection: Keep-Alive
Written By
SHA256: 478f86e31c4bd8bd6ccf86696375949029d20f6736c4e01c577e99adec0c112d File name: pingguo_21561000328.exe Detection ratio: 44 / 57 Analysis date: 2017-01-16 06:11:12 UTC ( 0 minutes ago ) AegisLab W32.Application.Guagua!c 20170114 AhnLab-V3 PUP/Win32.Downloader.C880528 20170115 Antiy-AVL Trojan/Win32.TSGeneric 20170116 Arcabit Adware.Generic....
SHA256: bf1cf754ad5f5f3560047b8eeb784c72bf79a042dec4d50d033e32912a7b19b6 File name: xunlei_118827.exe Detection ratio: 35 / 56 Analysis date: 2016-10-28 03:31:01 UTC ( 0 minutes ago ) AVware Trojan.Win32.Generic!BT 20161027 Ad...
SHA256: e7e729e9d23aeac5ff826c5d3389f5c1cc2982d3d43168e2f5af705709db47da File name: hplaserjetm1136@151_11446.exe Detection ratio: 39 / 54 Analysis date: 2016-10-28 01:48:35 UTC ( 1 minute ago ) AVG Generic37.CELZ 20161028 AVw...
SHA256: ab5da9478d76221b534e4847e6968b7977771916ce81ac2810c3917f6ce5a48c File name: PCTuneUpWiFiHotspotCreator_IS.exe Detection ratio: 23 / 55 Analysis date: 2016-10-28 01:34:21 UTC ( 1 minute ago ) AVware Trojan.Win32.Generic!BT 2...
