Text Example

SevenZip_downloader-Qa9LCS6Xp.exe Adware/PUP Downloader Traffic Analysis PCAP file download sample

Download Attachments

  • 1 pcap sevenzip
    Date added: October 26, 2016 5:33 am Added by: admin File size: 27 KB Downloads: 94
SHA256: 2fa10d45265327f9e2ff94df11e8c0aabaed1cb640fcec052d9ff185da70c053
File name: SevenZip_downloader-Qa9LCS6Xp.exe
Detection ratio: 39 / 55
Analysis date: 2016-10-26 22:28:08 UTC ( 1 minute ago )
Antivirus Result Update
AVG AdLoad.R 20161026
AVware Trojan.Win32.Generic!BT 20161026
Ad-Aware Application.Bundler.Somoto.AH 20161026
AegisLab Troj.Downloader.W32!c 20161026
AhnLab-V3 PUP/Win32.Somoto.R139181 20161026
Antiy-AVL Trojan/Generic.ASMalwNS.28CD 20161026
Arcabit Application.Bundler.Somoto.AH 20161026
Avast NSIS:Adloader-F [PUP] 20161026
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9979 20161026
BitDefender Application.Bundler.Somoto.AH 20161026

2016-10-25 23:15:13.780794 IP 192.168.1.102.61043 > 52.85.101.144.80: Flags [P.], seq 0:348, ack 1, win 256, length 348: HTTP: GET /installers/cli/1428490938673/SevenZip_downloader-QeF2UtwuO.exe HTTP/1.1
E…..@……..f4Ue..s.P…3g…P…c…GET /installers/cli/1428490938673/SevenZip_downloader-QeF2UtwuO.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: sub.reasoninghollow.com
Connection: Keep-Alive
2016-10-25 23:15:14.056911 IP 192.168.1.102.61043 > 52.85.101.144.80: Flags [.], ack 2921, win 256, length 0
E..(..@……..f4Ue..s.P….g…P………….

E..(Dv@….t…f.4U..t.P..j..G.7P………….
2016-10-25 23:15:18.122867 IP 192.168.1.102.61044 > 23.52.85.163.80: Flags [P.], seq 0:130, ack 1, win 256, length 130: HTTP: GET /tl.crt HTTP/1.1
E…Dw@……..f.4U..t.P..j..G.7P…….GET /tl.crt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: tl.symcb.com
Connection: Keep-Alive

 

2016-10-25 23:15:48.421979 IP 192.168.1.102.61046 > 52.85.101.79.80: Flags [P.], seq 0:348, ack 1, win 256, length 348: HTTP: GET /installers/cli/1426489332638/SevenZip_downloader-Qa9LCS6Xp.exe HTTP/1.1
E…..@……..f4UeO.v.P……b.P….G..GET /installers/cli/1426489332638/SevenZip_downloader-Qa9LCS6Xp.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: sub.wallawallwombit.com
Connection: Keep-Alive

Leave a Reply