| SHA256: | aaba7017a475552902d747b430c8c3effb23dd9713976fe279485bcfc4d357ec |
| File name: | 2015020704.exe |
| Detection ratio: | 24 / 56 |
| Analysis date: | 2016-10-28 00:28:11 UTC ( 0 minutes ago ) |
| AVware | Trojan.Win32.Generic!BT | 20161027 |
| AegisLab | Troj.Dropper.W32.Dapato.exbc!c | 20161027 |
| AhnLab-V3 | ASD.Reputation.N1432989411 | 20161027 |
| Avira (no cloud) | TR/Agent.2337663 | 20161027 |
| Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9747 | 20161027 |
| CrowdStrike Falcon (ML) | malicious_confidence_68% (D) | 20161024 |
| Cyren | W32/Trojan.UQPX-5961 | 20161028 |
| DrWeb | Trojan.Click3.8961 | 20161028 |
| GData | Win32.Trojan.Agent.YLNA6J | 20161027 |
| K7AntiVirus | Riskware ( 0040eff71 ) | 20161025 |
| K7GW | Riskware ( 0040eff71 ) | 20161027 |
| Kaspersky | Trojan-Dropper.Win32.Dapato.exbc | 20161028 |
| McAfee | Artemis!A6BA7BE5D243 | 20161028 |
| McAfee-GW-Edition | BehavesLike.Win32.Downloader.vc | 20161028 |
| NANO-Antivirus | Trojan.Win32.Click3.dgkmxz | 20161028 |
2016-10-27 18:32:14.653178 IP 192.168.1.102.55182 > 162.159.210.98.80: Flags [P.], seq 0:315, ack 1, win 256, length 315: HTTP: GET /soft/UploadFile/201502/win7/2015020704.exe HTTP/1.1
E..c0.@……..f…b…Pz.Ep^…P….?..GET /soft/UploadFile/201502/win7/2015020704.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: pic.pp3.cn
Connection: Keep-Alive
2016-10-27 18:32:14.727264 IP 192.168.1.102.55161 > 104.211.224.23.80: Flags [.], ack 2, win 255, length 0
E..(Vc@….s…fh….y.PA.j\'[e.P………….
—
E..(Kc@……..f4……P….7.a!P…o………
2016-10-27 18:32:45.485148 IP 192.168.1.102.55191 > 52.203.206.16.80: Flags [P.], seq 0:704, ack 1, win 256, length 704: HTTP: GET /?product=firefox-48.0.2-complete&os=win&lang=en-US HTTP/1.1
E…Kd@……..f4……P….7.a!P….I..GET /?product=firefox-48.0.2-complete&os=win&lang=en-US HTTP/1.1
Host: download.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Range: bytes=1200000-1499999
Cookie: optimizelyEndUserId=oeu1467151488014r0.33409587144074915; optimizelySegments=%7B%22245875585%22%3A%22direct%22%2C%222427280098%22%3A%22true%22%2C%22245617832%22%3A%22none%22%2C%22246048108%22%3A%22false%22%2C%22245677587%22%3A%22ff%22%2C%22869421433%22%3A%22true%22%2C%221867940538%22%3A%22true%22%7D; optimizelyBuckets=%7B%7D; _ga=GA1.2.1371564214.1467151489
Connection: keep-alive
2016-10-27 18:32:45.558251 IP 192.168.1.102.55191 > 52.203.206.16.80: Flags [.], ack 419, win 255, length 0
—
E..(U.@….~…fh..B…P.(.k:…P…&………
2016-10-27 18:32:49.817217 IP 192.168.1.102.55194 > 104.31.221.66.80: Flags [P.], seq 0:293, ack 1, win 256, length 293: HTTP: GET /xp/index.htm HTTP/1.1
E..MU.@….X…fh..B…P.(.k:…P…$…GET /xp/index.htm HTTP/1.1
Host: www.51ztzj.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
2016-10-27 18:32:49.845524 IP 192.168.1.102.53306 > 75.75.75.75.53: 65354+ AAAA? www.51ztzj.com.cname.yunjiasu-cdn.net. (55)
E..S&……l…fKKKK.:.5.?n,.J………..www.51ztzj.com.cname.yunjiasu-cdn.net…..
—
E..(d.@…1a…fH.[….P..}.m.y.P………….
2016-10-27 18:32:50.337334 IP 192.168.1.102.55196 > 72.21.91.29.80: Flags [P.], seq 0:428, ack 1, win 256, length 428: HTTP: POST / HTTP/1.1
E…d/@…/….fH.[….P..}.m.y.P….(..POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 83
Content-Type: application/ocsp-request
Connection: keep-alive
2016-10-27 18:35:22.174529 IP 192.168.1.102.55287 > 58.251.139.142.80: Flags [P.], seq 0:395, ack 1, win 261, length 395: HTTP: GET /index.php?c=follow&a=quick&name=ztzj51&style=5&t=1363834801736&f=1 HTTP/1.1
E…4.@…;….f:……PG.W..#.2P….y..GET /index.php?c=follow&a=quick&name=ztzj51&style=5&t=1363834801736&f=1 HTTP/1.1
Host: follow.v.t.qq.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.51ztzj.com/xp/index.htm
Connection: keep-alive
2016-10-27 18:35:26.741122 IP 192.168.1.102.55288 > 58.251.139.142.80: Flags [F.], seq 0, ack 1, win 261, length 0
E..(4.@…=N…f:……P.’.6..3.P………….
2016-10-27 18:35:28.559727 IP 192.168.1.102.55287 > 58.251.139.142.80: Flags [P.], seq 0:395, ack 1, win 261, length 395: HTTP: GET /index.php?c=follow&a=quick&name=ztzj51&style=5&t=1363834801736&f=1 HTTP/1.1
E…4.@…;….f:……PG.W..#.2P….y..GET /index.php?c=follow&a=quick&name=ztzj51&style=5&t=1363834801736&f=1 HTTP/1.1
Host: follow.v.t.qq.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.51ztzj.com/xp/index.htm
Connection: keep-alive
2016-10-27 18:35:39.413757 IP 192.168.1.102.55288 > 58.251.139.142.80: Flags [F.], seq 0, ack 1, win 261, length 0
E..(4.@…=L…f:……P.’.6..3.P………….
2016-10-27 18:35:41.328020 IP 192.168.1.102.55287 > 58.251.139.142.80: Flags [P.], seq 0:395, ack 1, win 261, length 395: HTTP: GET /index.php?c=follow&a=quick&name=ztzj51&style=5&t=1363834801736&f=1 HTTP/1.1
E…4.@…;….f:……PG.W..#.2P….y..GET /index.php?c=follow&a=quick&name=ztzj51&style=5&t=1363834801736&f=1 HTTP/1.1
Host: follow.v.t.qq.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.51ztzj.com/xp/index.htm
Connection: keep-alive
Written By
2020-06-23 15:26:21.518710 IP 10.1.10.15.49742 > 217.8.117.45.80: Flags [P.], seq 1:502, ack 1, win 16425, length 501: HTTP: GET /zxcv.EXE HTTP/1.1 E....=@...wX . ...u-.N.P'&"i....P.@).Q..GET /zxcv.EXE HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-us User-Agent: Mozill...
AZORult/RacoonStealer can steal banking information including passwords and credit card details as well as cryptocurrency. This constantly updated information stealer malware should not be taken lightly, as it continues to be an active threat. Raccoon is an info...
Predator the Thief is an information stealer, meaning that it is a malware that steals data from infected systems. This virus can access the camera and spy on victims, steal passwords and login information as well as retrieve payment data from cryptocurrency wallet...
Hostile IPs: 172.217.164.131 172.217.9.206 172.253.63.132 188.127.249.210 195.201.225.248 217.8.117.45 34.107.4.68 91.193.75.172 96.6.6.64 Dynamic Analysis Report Classification:DownloaderSpyware Threat Names:AZORult v3Gen:Varian...
