DICVFL.exe Trojan Downloader Malware Traffic Analysis Sample PCAP file download

2017-01-23 20:49:50.377649 IP 192.168.1.102.50454 > 216.158.236.123.80: Flags [P.], seq 0:299, ack 1, win 256, length 299: HTTP: GET /888/micro/DICVFL.exe HTTP/1.1
E..S=.@…4….f…{…PuC3..9Z.P….$..GET /888/micro/DICVFL.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: lascofittings.cf
Connection: Keep-Alive

2017-01-23 20:49:58.172216 IP 192.168.1.102.50455 > 213.183.58.12.2082: Flags [S], seq 3473220687, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4,.@……..f..:….”..$O…… ……………..
2017-01-23 20:49:58.668336 IP 192.168.1.102.50454 > 216.158.236.123.80: Flags [F.], seq 299, ack 482841, win 891, length 0
E..(>H@…5_…f…{…PuC5
.@..P..{
|……..
2017-01-23 20:50:01.183928 IP 192.168.1.102.50455 > 213.183.58.12.2082: Flags [S], seq 3473220687, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4, @……..f..:….”..$O…… ……………..
2017-01-23 20:50:07.198638 IP 192.168.1.102.50455 > 213.183.58.12.2082: Flags [S], seq 3473220687, win 65535, options [mss 1460,nop,nop,sackOK], length 0
E..0,!@……..f..:….”..$O….p……………
2017-01-23 20:50:13.670429 IP 192.168.1.102.50445 > 104.146.164.25.443: Flags [F.], seq 1554793646, ack 1155943388, win 256, length 0
E..(5.@….R…fh…….\.D.D.K.P….3……..
2017-01-23 20:50:13.670663 IP 192.168.1.102.50442 > 104.146.164.25.443: Flags [F.], seq 814848555, ack 2286363549, win 256, length 0
E..(5.@….Q…fh….
..0..+.G#.P………….
2017-01-23 20:50:13.670780 IP 192.168.1.102.50446 > 104.146.164.25.443: Flags [F.], seq 883426129, ack 374204385, win 256, length 0
E..(5.@….P…fh…….4..Q.M..P….’……..
2017-01-23 20:50:13.670955 IP 192.168.1.102.50439 > 104.146.164.25.443: Flags [F.], seq 1363039211, ack 2644039456, win 256, length 0
E..(5.@….O…fh…….Q>S…. P….s……..
2017-01-23 20:50:13.964345 IP 192.168.1.102.50439 > 104.146.164.25.443: Flags [.], ack 2, win 256, length 0
E..(5.@….N…fh…….Q>S….!P….r……..
2017-01-23 20:50:13.965415 IP 192.168.1.102.50446 > 104.146.164.25.443: Flags [.], ack 2, win 256, length 0
E..(5.@….M…fh…….4..R.M..P….&……..
2017-01-23 20:50:13.966452 IP 192.168.1.102.50445 > 104.146.164.25.443: Flags [.], ack 2, win 256, length 0
E..(5.@….L…fh…….\.D.D.K.P….2……..
2017-01-23 20:50:13.970768 IP 192.168.1.102.50442 > 104.146.164.25.443: Flags [.], ack 2, win 256, length 0
E..(5.@….K…fh….
..0..,.G#.P………….
2017-01-23 20:50:19.120859 IP 192.168.1.102.50460 > 213.183.58.12.2082: Flags [S], seq 3964598830, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4,”@……..f..:….”.N…….. ……………..
2017-01-23 20:50:22.135768 IP 192.168.1.102.50460 > 213.183.58.12.2082: Flags [S], seq 3964598830, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4,#@……..f..:….”.N…….. ……………..
2017-01-23 20:50:28.137285 IP 192.168.1.102.50460 > 213.183.58.12.2082: Flags [S], seq 3964598830, win 65535, options [mss 1460,nop,nop,sackOK], length 0
E..0,$@……..f..:….”.N……p……………