DICVFL.exe Trojan Downloader Malware Traffic Analysis Sample PCAP file download

Download Attachments

  • 1 pcap dicvfl
    Date added: January 24, 2017 2:31 am Added by: admin File size: 15 KB Downloads: 83
SHA256: 2933b492fec30500750c3d5f598bf99fdf976e15dbc8895393b94a91233bd7fc
File name: DICVFL.exe
Detection ratio: 25 / 55
Analysis date: 2017-01-24 02:29:56 UTC ( 0 minutes ago )
Ad-Aware Trojan.GenericKD.4218289 20170124
AegisLab Ml.Attribute.Veryhighconfidence.[Heur.Advml!c 20170123
AhnLab-V3 Trojan/Win32.Autoit.C1702709 20170123
Arcabit Trojan.Generic.D405DB1 20170124
Avast Other:Malware-gen [Trj] 20170124
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9784 20170123
BitDefender Trojan.GenericKD.4218289 20170124
CMC Trojan.Win32.Generic!O 20170123
CrowdStrike Falcon (ML) malicious_confidence_75% (W) 20161024
DrWeb Trojan.DownLoader23.48840 20170124
Emsisoft Trojan.GenericKD.4218289 (B) 20170124
F-Secure Trojan.GenericKD.4218289 20170124
GData Trojan.GenericKD.4218289 20170124
Ikarus Trojan.Inject 20170123
Invincea worm.win32.moarider.a 20170111
K7AntiVirus Trojan ( 004b8bad1 ) 20170123
K7GW Trojan ( 004b8bad1 ) 20170124
Kaspersky Trojan-PSW.Win32.Autoit.et 20170124
Malwarebytes Backdoor.Bot 20170124
eScan Trojan.GenericKD.4218289 20170124

2017-01-23 20:49:50.377649 IP 192.168.1.102.50454 > 216.158.236.123.80: Flags [P.], seq 0:299, ack 1, win 256, length 299: HTTP: GET /888/micro/DICVFL.exe HTTP/1.1
E..S=.@…4….f…{…PuC3..9Z.P….$..GET /888/micro/DICVFL.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: lascofittings.cf
Connection: Keep-Alive

2017-01-23 20:49:58.172216 IP 192.168.1.102.50455 > 213.183.58.12.2082: Flags [S], seq 3473220687, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4,.@……..f..:….”..$O…… ……………..
2017-01-23 20:49:58.668336 IP 192.168.1.102.50454 > 216.158.236.123.80: Flags [F.], seq 299, ack 482841, win 891, length 0
E..(>H@…5_…f…{…PuC5
.@..P..{
|……..
2017-01-23 20:50:01.183928 IP 192.168.1.102.50455 > 213.183.58.12.2082: Flags [S], seq 3473220687, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4, @……..f..:….”..$O…… ……………..
2017-01-23 20:50:07.198638 IP 192.168.1.102.50455 > 213.183.58.12.2082: Flags [S], seq 3473220687, win 65535, options [mss 1460,nop,nop,sackOK], length 0
E..0,!@……..f..:….”..$O….p……………
2017-01-23 20:50:13.670429 IP 192.168.1.102.50445 > 104.146.164.25.443: Flags [F.], seq 1554793646, ack 1155943388, win 256, length 0
E..(5.@….R…fh…….\.D.D.K.P….3……..
2017-01-23 20:50:13.670663 IP 192.168.1.102.50442 > 104.146.164.25.443: Flags [F.], seq 814848555, ack 2286363549, win 256, length 0
E..(5.@….Q…fh….
..0..+.G#.P………….
2017-01-23 20:50:13.670780 IP 192.168.1.102.50446 > 104.146.164.25.443: Flags [F.], seq 883426129, ack 374204385, win 256, length 0
E..(5.@….P…fh…….4..Q.M..P….’……..
2017-01-23 20:50:13.670955 IP 192.168.1.102.50439 > 104.146.164.25.443: Flags [F.], seq 1363039211, ack 2644039456, win 256, length 0
E..(5.@….O…fh…….Q>S…. P….s……..
2017-01-23 20:50:13.964345 IP 192.168.1.102.50439 > 104.146.164.25.443: Flags [.], ack 2, win 256, length 0
E..(5.@….N…fh…….Q>S….!P….r……..
2017-01-23 20:50:13.965415 IP 192.168.1.102.50446 > 104.146.164.25.443: Flags [.], ack 2, win 256, length 0
E..(5.@….M…fh…….4..R.M..P….&……..
2017-01-23 20:50:13.966452 IP 192.168.1.102.50445 > 104.146.164.25.443: Flags [.], ack 2, win 256, length 0
E..(5.@….L…fh…….\.D.D.K.P….2……..
2017-01-23 20:50:13.970768 IP 192.168.1.102.50442 > 104.146.164.25.443: Flags [.], ack 2, win 256, length 0
E..(5.@….K…fh….
..0..,.G#.P………….
2017-01-23 20:50:19.120859 IP 192.168.1.102.50460 > 213.183.58.12.2082: Flags [S], seq 3964598830, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4,”@……..f..:….”.N…….. ……………..
2017-01-23 20:50:22.135768 IP 192.168.1.102.50460 > 213.183.58.12.2082: Flags [S], seq 3964598830, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4,#@……..f..:….”.N…….. ……………..
2017-01-23 20:50:28.137285 IP 192.168.1.102.50460 > 213.183.58.12.2082: Flags [S], seq 3964598830, win 65535, options [mss 1460,nop,nop,sackOK], length 0
E..0,$@……..f..:….”.N……p……………

Leave a Reply