Download Attachments
-
1
qq
Date added: October 26, 2016 5:32 am
Added by: admin
File size: 1 MB
Downloads: 314
SHA256: |
775c7bd9e820c4dfd0fabdfeade2de901414bd46d2691ea5020a818f6a42eb83 |
File name: |
QQ1.exe |
Detection ratio: |
42 / 56 |
Analysis date: |
2016-10-26 22:04:27 UTC ( 0 minutes ago ) |
ALYac |
Gen:Variant.Strictor.112384 |
20161026 |
AVG |
AdPlugin.UTN |
20161026 |
AVware |
Trojan.Win32.Generic!BT |
20161026 |
Ad-Aware |
Gen:Variant.Strictor.112384 |
20161026 |
AegisLab |
Gen.Variant.Strictor!c |
20161026 |
AhnLab-V3 |
PUP/Win32.Qjwmonkey.R187306 |
20161026 |
Antiy-AVL |
RiskWare[Downloader:not-a-virus]/Win32.Agent |
20161026 |
Arcabit |
Trojan.Strictor.D1B700 |
20161026 |
2016-10-26 00:13:19.381515 IP 192.168.1.102.61873 > 222.186.161.72.80: Flags [P.], seq 0:289, ack 1, win 256, length 289: HTTP: GET /down/QQ1.exe HTTP/1.1
E..I}.@…:….f…H…PuMz.XKi.P…….GET /down/QQ1.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: url.d9soft.com
Connection: Keep-Alive
2016-10-26 00:13:19.488419 IP 192.168.1.102.61664 > 75.75.76.76.53: 941+ A? url.d9soft.com. (32)
E..<
—
E..(.;@…Y….f…….P…{F.L/P….I……..
2016-10-26 00:13:39.775088 IP 192.168.1.102.61874 > 8.254.208.158.80: Flags [P.], seq 0:240, ack 1, win 256, length 240: HTTP: GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
E….<@…X….f…….P…{F.L/P….7..GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: www.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
2016-10-26 00:13:57.277804 IP 192.168.1.102.61879 > 120.26.109.229.80: Flags [P.], seq 0:212, ack 1, win 256, length 212: HTTP: POST /api/getdown HTTP/1.1
E…7.@……..fx.m….P…….FP….U..POST /api/getdown HTTP/1.1
Host: api.baizhu.cc
Content-Length: 22
Connection:close
Accept-Language: zh-cn
Cache-Conbtrol:no-cache
Content-Type:application/x-www-form-urlencoded
&appid=1&sid=360&ver=2
2016-10-26 00:13:57.677329 IP 192.168.1.102.65166 > 75.75.76.76.53: 64390+ A? api.baizhu.cc. (31)
—
E..(.o@…_….fh.l….PX.p..AN.P………….
2016-10-26 00:13:58.656691 IP 192.168.1.102.61880 > 104.192.108.18.80: Flags [P.], seq 0:290, ack 1, win 256, length 290: HTTP: GET /partner/Inst13__3112087__3f7372633d6c6d266c733d6e31343463316364383939__68616f2e3336302e636e__0c70.exe HTTP/1.1
E..J.p@…^]…fh.l….PX.p..AN.P…ux..GET /partner/Inst13__3112087__3f7372633d6c6d266c733d6e31343463316364383939__68616f2e3336302e636e__0c70.exe HTTP/1.1
Host: dl2.360safe.com
Accept:*/*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Connection:close
Cache-Control: no-cache
Cookie:
2016-10-26 00:13:58.765153 IP 192.168.1.102.61880 > 104.192.108.18.80: Flags [.], ack 1, win 256, options [nop,nop,sack 1 {293:1753}], length 0
E..4.q@…_r…fh.l….PX.q..AN…… …..
—
E..(Y.@…]….fy……PvGa…0&P………….
2016-10-26 00:14:00.071491 IP 192.168.1.102.61881 > 121.29.8.212.80: Flags [P.], seq 0:188, ack 1, win 256, length 188: HTTP: GET /baizhu.zip HTTP/1.1
E…Y @…]….fy……PvGa…0&P…a…GET /baizhu.zip HTTP/1.1
Host: cdn.baizhu.cc
Accept:*/*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Connection:close
Cache-Control: no-cache
2016-10-26 00:14:39.157576 IP 192.168.1.102.61886 > 125.76.247.199.80: Flags [P.], seq 861:1148, ack 3846, win 251, length 287: HTTP: GET /core.php?web_id=1259684198&t=z HTTP/1.1
E..GT.@…m….f}L…..P. ….e.P…u…GET /core.php?web_id=1259684198&t=z HTTP/1.1
Accept: */*
Referer: http://cdn.baizhu.cc/youxi/index_1_2.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)
Host: c.cnzz.com
Connection: Keep-Alive
2016-10-26 00:14:39.158505 IP 192.168.1.102.61894 > 42.156.140.84.80: Flags [S], seq 3498221479, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
—
E..(1.@…P….f*..T…P+.”8…aP..<……….
2016-10-26 00:14:39.174516 IP 192.168.1.102.61893 > 42.156.140.84.80: Flags [P.], seq 0:373, ack 1, win 65340, length 373: HTTP: GET /stat.htm?id=1259961501&r=&lg=en-us&ntime=none&cnzz_eid=1085063149-1477454399-
&showp=1920×1080&t=&h=1&rnd=1356346624 HTTP/1.1
E…1.@…N….f*..T…P+.”8…aP..<….GET /stat.htm?id=1259961501&r=&lg=en-us&ntime=none&cnzz_eid=1085063149-1477454399-&showp=1920×1080&t=&h=1&rnd=1356346624 HTTP/1.1
Accept: */*
Referer: http://cdn.baizhu.cc/youxi/index_1_2.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)
Host: z4.cnzz.com
Connection: Keep-Alive
Please follow and like us: