rdvideo8.2at81_327255.exe Adware/PUP/Riskware Strictor PCAP file download Traffic Analysis

Download Attachments

  • 1 pcap rdvideo
    Date added: October 26, 2016 10:16 pm Added by: admin File size: 4 MB Downloads: 90
SHA256: 775c7bd9e820c4dfd0fabdfeade2de901414bd46d2691ea5020a818f6a42eb83
File name: rdvideo8.2at81_327255.exe
Detection ratio: 42 / 56
Analysis date: 2016-10-26 22:11:02 UTC ( 0 minutes ago )
Antivirus Result Update
ALYac Gen:Variant.Strictor.112384 20161026
AVG AdPlugin.UTN 20161026
AVware Trojan.Win32.Generic!BT 20161026
Ad-Aware Gen:Variant.Strictor.112384 20161026
AegisLab Gen.Variant.Strictor!c 20161026
AhnLab-V3 PUP/Win32.Qjwmonkey.R187306 20161026
Antiy-AVL RiskWare[Downloader:not-a-virus]/Win32.Agent 20161026
Arcabit Trojan.Strictor.D1B700 20161026
Avast Win32:Adware-gen [Adw] 20161026

2016-10-25 22:43:33.891405 IP 192.168.1.102.60717 > 222.163.80.69.80: Flags [P.], seq 0:318, ack 1, win 256, length 318: HTTP: GET /zoldownload/rdvideo8.2at81_327255.exe HTTP/1.1
E..fcl@……..f..PE.-.PN.
….@P…….GET /zoldownload/rdvideo8.2at81_327255.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: down10b.zol.com.cn
Connection: Keep-Alive

 

2016-10-25 22:47:41.871731 IP 192.168.1.102.60825 > 61.135.186.213.80: Flags [P.], seq 21195:21666, ack 11791, win 255, length 471: HTTP: POST / HTTP/1.1
E….`@…=….f=……P[)!Qm.,.P…I…POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

…j…….E” 918be6ad8063355ef9c490f659b541d5(………2.8..@.H.P.X….` ….. 918be6ad8063355ef9c490f659b541d5…..1.Qb.
…F.Ut…1L..
Y:..l..’.j’..b3…qhC..Oa=…G…..v{.@.go…x….’].b…..V8..<……..5…05O<..g.<…=…..TV.-
|..O…….e;.. ..z…^.kKs.p.|…u..=-…..=r…2…..8ZnH0s…;.      $.Mi&.

E..(T.@….B…fh.l….P3..|..0.P………….
2016-10-25 22:47:42.142400 IP 192.168.1.102.60825 > 61.135.186.213.80: Flags [P.], seq 21666:22137, ack 12053, win 254, length 471: HTTP: POST / HTTP/1.1
E….a@…=-…f=……P[)#(m.-.P…….POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

…j…….F” 918be6ad8063355ef9c490f659b541d5(………2.8..@.H.P.X….` ….. 918be6ad8063355ef9c490f659b541d5…..1.|.k#.r.,……0k…*P..K../V{~3py.<=..^.u.[.O….O._.>….h…).`%.nr..y_….)R…H.r.z`*.@+
……g….j…..+..i6…..8………..c…AF..jZ…..J…..A…..@.-.:j.X………Z.5*0..\@..C8…
2016-10-25 22:47:42.142508 IP 192.168.1.102.60844 > 104.192.108.18.80: Flags [.], ack 10201348, win 4562, length 0
E..(T.@….A…fh.l….P3..|..6DP….0……..
2016-10-25 22:47:42.143351 IP 192.168.1.102.60844 > 104.192.108.18.80: Flags [.], ack 10204268, win 4562, length 0

E..(U.@…._…fh.l….P3..|..v.P..$}………
2016-10-25 22:47:42.428104 IP 192.168.1.102.60825 > 61.135.186.213.80: Flags [P.], seq 22137:22608, ack 12315, win 253, length 471: HTTP: POST / HTTP/1.1
E….b@…=,…f=……P[)$.m…P…….POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 310
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000

…j…….G” 918be6ad8063355ef9c490f659b541d5(………2.8..@.H.P.X….` ….. 918be6ad8063355ef9c490f659b541d5…..1…7._    ..$.OI..)r.F..

Share

Leave a Reply