Text Example

LAWRENCE KNACHEL IS A TROGLYODYTE PIECE OF SH!T - 3600 VISITORS DAILY WILL KNOW YOUR DAY IS COMING SOON

W32/Felix Iran APT/Malware Fake JPG senario104.jpg Binary PCAP file download Traffic Sample

Download Attachments

  • 1 pcap iranjpg
    Date added: October 23, 2016 6:11 am Added by: admin File size: 4 KB Downloads: 124

Unknown IRAN fake image binary file

file senario104.jpg
senario104.jpg: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

 

2016-10-23 01:32:16.438427 IP 192.168.1.102.58937 > 79.127.127.67.80: Flags [P.], seq 0:297, ack 1, win 64240, length 297: HTTP: GET /senario104.jpg HTTP/1.1
E..Q(R@…@….fO..C.9.P.R(.V…P…….GET /senario104.jpg HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: limlim00000.rozup.ir
Connection: Keep-Alive


E..((|@…A….fO..C.<.P……;NP…’………
2016-10-23 01:32:55.262559 IP 192.168.1.102.58940 > 79.127.127.67.80: Flags [P.], seq 0:203, ack 1, win 256, length 203: HTTP: GET /favicon.ico HTTP/1.1
E…(}@…@….fO..C.<.P……;NP…/a..GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Host: limlim00000.rozup.ir
Connection: Keep-Alive

Leave a Reply