Text Example

35.exe post-us.com Unknown Malware Malspam Traffic Analysis PCAP file download

Download Attachments

  • 1 pcap 35
    Date added: October 26, 2016 5:31 am Added by: admin File size: 43 KB Downloads: 106

2016-10-26 01:05:13.532667 IP 192.168.1.102.62284 > 162.213.3.5.80: Flags [P.], seq 0:297, ack 1, win 256, length 297: HTTP: GET /testcsb/35.exe HTTP/1.1
E..Q].@…3….f…..L.P:!……P…….GET /testcsb/35.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: www.packetkeeper.com
Connection: Keep-Alive

2016-10-26 01:05:13.626172 IP 192.168.1.102.62284 > 162.213.3.5.80: Flags [.], ack 2921, win 256, length 0
E..(].@…5….f…..L.P:!…..wP………….

E..(P.@……..f..M..M.P….HV6.P….l……..
2016-10-26 01:05:35.924711 IP 192.168.1.102.62285 > 146.0.77.17.80: Flags [P.], seq 0:278, ack 1, win 256, length 278: HTTP: GET /2/32 HTTP/1.1
E..>P.@……..f..M..M.P….HV6.P…q!..GET /2/32 HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: post-us.com
Connection: Keep-Alive

2016-10-26 01:05:36.030461 IP 192.168.1.102.62285 > 146.0.77.17.80: Flags [.], ack 2921, win 256, length 0
E..(P.@……..f..M..M.P….HVBXP………….

E..(QS@….]…f..M..N.P/…….P………….
2016-10-26 01:05:42.295783 IP 192.168.1.102.62286 > 146.0.77.17.80: Flags [P.], seq 0:194, ack 1, win 256, length 194: HTTP: GET /favicon.ico HTTP/1.1
E…QT@……..f..M..N.P/…….P…kp..GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Host: post-us.com
Connection: Keep-Alive

Leave a Reply