Download Attachments
| SHA256: | 4ebc3b4d9517e19a2d47803cc5c68186a95019b63d8efb48d5b8a8c09e5dcd53 |
| File name: | Fraser.exe |
| Detection ratio: | 34 / 57 |
| Analysis date: | 2017-01-16 06:54:31 UTC ( 1 minute ago ) |
| Avast | Other:Malware-gen [Trj] | 20170116 |
| Avira (no cloud) | DR/Autoit.spflx | 20170115 |
| BitDefender | Trojan.GenericKD.4174671 | 20170116 |
| Comodo | TrojWare.Win32.UMal.xmuve | 20170116 |
| CrowdStrike Falcon (ML) | malicious_confidence_99% (W) | 20161024 |
| ESET-NOD32 | a variant of Win32/Packed.CAB.AE | 20170116 |
| Emsisoft | Trojan.GenericKD.4174671 (B) | 20170116 |
| F-Secure | Trojan.GenericKD.4174671 | 20170116 |
| Fortinet | W32/Generic!tr | 20170116 |
| GData | Trojan.GenericKD.4174671 | 20170116 |
| Invincea | trojan.win32.skeeyah.a!rfn | 20170111 |
| K7AntiVirus | Trojan ( 700000111 ) | 20170115 |
| K7GW | Trojan ( 700000111 ) | 20170116 |
| Kaspersky | Trojan.Win32.Autoit.abeza | 20170116 |
| Malwarebytes | Trojan.Dropper | 20170116 |
| McAfee | Artemis!E6B7BCB0D774 | 20170108 |
| McAfee-GW-Edition | Fareit-FGW!637507265597 | 20170116 |
| eScan | Trojan.GenericKD.4174671 | 20170116 |
| Microsoft | Backdoor:Win32/NetWiredRC.C |
2017-01-15 23:32:14.584440 IP 192.168.1.102.62766 > 192.0.77.17.80: Flags [P.], seq 0:306, ack 1, win 256, length 306: HTTP: GET /6yIk9wSjWP.exe?download=Fraser.exe HTTP/1.1
E..Zff@……..f..M….P..l…..P….o..GET /6yIk9wSjWP.exe?download=Fraser.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: cldup.com
Connection: Keep-Alive
2017-01-15 23:32:29.957578 IP 192.168.1.102.50135 > 75.75.75.75.53: 49661+ A? asril4646.hopto.org. (37)
E..A.!………fKKKK…5.-p…………. asril4646.hopto.org…..
2017-01-15 23:32:29.993815 IP 192.168.1.102.62782 > 185.84.181.73.3478: Flags [S], seq 318334479, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..40.@….2…f.T.I.>….f……. ……………..
2017-01-15 23:32:30.669691 IP 192.168.1.102.62782 > 185.84.181.73.3478: Flags [S], seq 318334479, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..40.@….1…f.T.I.>….f……. ……………..
2017-01-15 23:32:31.343371 IP 192.168.1.102.62782 > 185.84.181.73.3478: Flags [S], seq 318334479, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..00.@….4…f.T.I.>….f…..p. ………….
2017-01-15 23:32:31.945681 IP 192.168.1.102.62783 > 185.84.181.73.3478: Flags [S], seq 2125490187, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..40.@…./…f.T.I.?..~.h……. .4……………
2017-01-15 23:32:32.615504 IP 192.168.1.102.62783 > 185.84.181.73.3478: Flags [S], seq 2125490187, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..40.@……..f.T.I.?..~.h……. .4……………
2017-01-15 23:32:33.295177 IP 192.168.1.102.62783 > 185.84.181.73.3478: Flags [S], seq 2125490187, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..00.@….1…f.T.I.?..~.h…..p. .H………..
2017-01-15 23:32:33.919261 IP 192.168.1.102.62784 > 185.84.181.73.3478: Flags [S], seq 3001689288, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..40.@….,…f.T.I.@….$……. .C……………
2017-01-15 23:32:34.598590 IP 192.168.1.102.62784 > 185.84.181.73.3478: Flags [S], seq 3001689288, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..40.@….+…f.T.I.@….$……. .C……………
2017-01-15 23:32:35.269234 IP 192.168.1.102.62784 > 185.84.181.73.3478: Flags [S], seq 3001689288, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..00.@……..f.T.I.@….$…..p. .W………..
2017-01-15 23:32:45.448924 IP 192.168.1.102.50136 > 75.75.75.75.53: 38377+ A? asril4646.hopto.org. (37)
E..A.”………fKKKK…5.-.,………… asril4646.hopto.org…..