Clickfraud Browswer Hijacker fcssq.exe STARTPAGE Malware Trojan PCAP file download sample

Download Attachments

  • 1 pcap fcssq
    Date added: October 31, 2016 2:15 am Added by: admin File size: 66 KB Downloads: 123
SHA256: 5bfb7c23c0000a681f4c5d259754fd45b740128956a8eba0c0f18f68e73c0b8f
File name: fcssq.exe
Detection ratio: 27 / 56
Analysis date: 2016-10-31 02:08:15 UTC ( 0 minutes ago )
AVG Startpage.XMP 20161031
AVware Trojan.Win32.Generic!BT 20161031
AegisLab Troj.Startpage.Gen!c 20161031
Avast Win32:Malware-gen 20161031
Avira (no cloud) TR/StartPage.663918 20161030
Comodo UnclassifiedMalware 20161031
DrWeb Trojan.DownLoader13.14385 20161031
ESET-NOD32 a variant of Win32/StartPage.NQH 20161030
Fortinet W32/StartPage.NQH!tr 20161031
GData Win32.Trojan.Agent.O9KH9R 20161031
Ikarus Trojan.Win32.StartPage 20161030
K7AntiVirus Trojan ( 004b9d361 ) 20161030
K7GW Trojan ( 004b9d361 ) 20161031
Kaspersky not-a-virus:AdWare.Win32.Amonetize.emdm 20161031
McAfee RDN/Generic.bfr 20161031
McAfee-GW-Edition RDN/Generic.bfr 20161031
NANO-Antivirus Trojan.Win32.DownLoader13.dujqej 20161031
Qihoo-360 Win32/Trojan.e26 20161031
Sophos Generic PUA AJ (PUA) 20161030
Tencent Win32.Trojan.Startpage.Eddi 20161031
TrendMicro TROJ_GEN.R02LC0FHN16 20161031

2016-10-30 21:59:34.586083 IP 192.168.1.102.61485 > 47.88.28.26.80: Flags [P.], seq 0:297, ack 1, win 256, length 297: HTTP: GET /soft/fcssq.exe HTTP/1.1
E..Q{.@…p….f/X…-.P…?…OP…}…GET /soft/fcssq.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: down3.feiyang163.com
Connection: Keep-Alive

2016-10-30 21:59:34.689591 IP 192.168.1.102.61485 > 47.88.28.26.80: Flags [.], ack 2921, win 256, length 0
E..({.@…q….f/X…-.P…h….P…D………

E..(|.@…p….f/X…..P6.-..L..P………….
2016-10-30 21:59:46.257998 IP 192.168.1.102.61486 > 47.88.28.26.80: Flags [P.], seq 0:236, ack 1, win 256, length 236: HTTP: GET /ad/softad/popup.htm HTTP/1.1
E…|.@…o….f/X…..P6.-..L..P….O..GET /ad/softad/popup.htm HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)
Host: adsvc1.unadnet.com.cn
Connection: Keep-Alive

2016-10-30 21:59:46.266779 IP 192.168.1.102.61487 > 47.88.28.26.80: Flags [.], ack 2994073208, win 256, length 0
E..(|.@…p….f/X…/.P…..u.xP…^………
2016-10-30 21:59:46.267231 IP 192.168.1.102.61487 > 47.88.28.26.80: Flags [P.], seq 0:237, ack 1, win 256, length 237: HTTP: GET /count/softcount/?pwc HTTP/1.1
E…|.@…o….f/X…/.P…..u.xP…….GET /count/softcount/?pwc HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)
Host: adsvc1.unadnet.com.cn
Connection: Keep-Alive

2016-10-30 21:59:46.353528 IP 192.168.1.102.61486 > 47.88.28.26.80: Flags [P.], seq 236:474, ack 876, win 253, length 238: HTTP: GET /ad/softad/tuijian.htm HTTP/1.1
E…|.@…o….f/X…..P6….L..P…h…GET /ad/softad/tuijian.htm HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)
Host: adsvc1.unadnet.com.cn
Connection: Keep-Alive

Share

Leave a Reply