Text Example

helpconfig.exe Coinminer Bitcoin CryptoCurrency Miner Malware Trojan PCAP file download Traffic Sample

Download Attachments

  • 1 pcap helpconfig
    Date added: December 16, 2016 8:31 am Added by: admin File size: 599 KB Downloads: 133
SHA256: 0774ee18a57ee8a20d7f355f23a6b7f049dd93c251e2cc9af0100e92a3526547
File name: helpconfig.exe
Detection ratio: 4 / 56
Analysis date: 2016-12-16 07:19:26 UTC ( 1 minute ago )
Antivirus Result Update
Bkav HW32.Packed.F166 20161215
Invincea trojan.win32.coinminer.aq 20161202
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161216
Symantec Heur.AdvML.B 20161216

2016-12-16 00:26:57.767028 IP 192.168.1.102.49829 > 122.155.18.63.80: Flags [P.], seq 0:288, ack 1, win 256, length 288: HTTP: GET /helpconfig.exe HTTP/1.1
E..H{3@…/….fz..?…P…A….P….M..GET /helpconfig.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: wasulab.com
Connection: Keep-Alive

2016-12-16 00:27:40.556464 IP 192.168.1.102.49831 > 86.59.21.38.443: Flags [P.], seq 0:200, ack 1, win 256, length 200
E…_V@…mB…fV;.&…..\’.`…P…3…………………..<.Ed~.7<A….,…….89….+./.
.       …..3.9./.5……………www.nbtrnbj26k4r.com………
.4.2………….       .
……………………………..#……………………………
2016-12-16 00:27:40.683140 IP 192.168.1.102.49831 > 86.59.21.38.443: Flags [P.], seq 200:326, ack 752, win 253, length 126
E…_W@…m….fV;.&…..\(I`…P………..F…BA.. ..Z^p6..m]~w….
…..jlTGO%.$..
….J.>S’`Yu….u.T..E…u………….(…..2o\.._..’..3..S…&@..`T.:V0I..`…
2016-12-16 00:27:40.807121 IP 192.168.1.102.49831 > 86.59.21.38.443: Flags [P.], seq 326:364, ack 803, win 253, length 38
E..N_X@…m….fV;.&…..\(.`…P….o……!…..2o]C……!8D%O .     .t.X…..W
2016-12-16 00:27:40.926620 IP 192.168.1.102.49831 > 86.59.21.38.443: Flags [.], ack 2313, win 256, length 0
E..(_Y@…n….fV;.&…..\(.`…P….$……..
2016-12-16 00:27:40.927568 IP 192.168.1.102.49831 > 86.59.21.38.443: Flags [P.], seq 364:907, ack 2313, win 256, length 543
E..G_Z@…k….fV;.&…..\(.`…P……………..2o^…….D..$.5l..8.7,.\Wv/ )….y..F…r…0.G….P|…..)…w.Y.7…….D…….5..j……#.=/,    .’.1..43..N…….,…….y……TgV…”…D0….@…..P.[.
iX.”*        .|…e……}…….}….R…I.5.6…J6..D.J..7.b.U….6…………..H……..l%..#.K…Ym….y….E….D..>..~..      l..P…..G..n..:..coR……..y….4m..k….2…..b.*T.o…p…(..;….D.h…”Z
r.x……..>.(N…w.-……+…*MV{e…SV.
^.v..0..!.f….o.Ij….b…     ..2WR…T………R.{0.2….GF^….u…….
.G../3….r….q….~;…D.m…~AE.W9.b.$….2…_>…*.CR..
2016-12-16 00:27:41.084577 IP 192.168.1.102.49831 > 86.59.21.38.443: Flags [P.], seq 907:1450, ack 2313, win 256, length 543
E..G_[@…k….fV;.&…..\+.`…P……………..2o_o?M>.&..Q..^e..x.3P~K……E..}…KN….s…B….@.8<…5w..h^.(t.%7=b….Md,.y….w9.2….t…\41l.|……../v..n|.R5…..\._8…u…c.*.ti.W…t ….w.J@..H
v.nh^….=..p..zZ….4…q….C…%…N[f.r.i…a.K…….#.v…Wo.d..jf.n…..q.`..{..0……8.W`…..-y…..dC….F>……..E..iY,..;..L..N../…..wR..r.DG…zw…5..3:6..        ^yG…s.(.%1..B…Q{*K..o…..
4…      ………).%………..s4V_……+8.C………..N….<9…..}..y.d..{……DMn…….”.K………D6.*.9.I04.
.^…<.<.,…..<oR..`.-..e..’N.ETl.Wf:…L.!…M7…$w
2016-12-16 00:27:41.204831 IP 192.168.1.102.49831 > 86.59.21.38.443: Flags [P.], seq 1450:1993, ack 2856, win 254, length 543
E..G_\@…k….fV;.&…..\-+`…P……………..2o`YJ…..P.Z…..hZ….l’.C………k.h.tGc..,pB..[…x…..h.M….{…..d*H…c..v..C…..q..,.;|…P…..gL…H]……..S…*….U.i_….49..C.e.QF}..G..W.U.r
UKv…7.(Ah.I.}…:g..t”{.c…u………L..a…h..CP.q..l’.f…..    (n.9.V..C.5…..P.,..m..3….%…       ~.”yV95..u.7…….v*.-*0.1YD.)k6…n.-)……Q…
.uE<ew…I..8…/Nfx..S….Y…..?..p!…+.j.\…….=/..+..I..V..s..<..`..y…..Ap…._Z..CC,….%”Y.R…….P\5…..<t.!b…<….x..q&… I].@…..Q..;u.._…..<.-..#j..1.f..G.)k.*.’…&..5……[(..t….TM..C
.lu.}q….
2016-12-16 00:27:41.323658 IP 192.168.1.102.49831 > 86.59.21.38.443: Flags [P.], seq 1993:2536, ack 3399, win 252, length 543
E..G_]@…k….fV;.&…..\/J`…P…[………….2oaH0 .{.HP_V..1.;)Ie..?.=’.. @….{..0…9%w..
..*.6.\[..J..E…4l…rD…..S..hPW……O….ue…..8..Cw ..   .).~./..T ..,eE…F…[.]……………….A.Ff…XU..Ds}….k….-.~…..b6|u.#~.

 

2016-12-16 00:27:43.143605 IP 192.168.1.102.49833 > 91.121.230.214.443: Flags [.], ack 3390104830, win 256, length 0
E..(o5@….<…f[y………`….P…J………
2016-12-16 00:27:43.153909 IP 192.168.1.102.49833 > 91.121.230.214.443: Flags [P.], seq 0:204, ack 1, win 256, length 204
E…o6@….o…f[y………`….P….:…………….=.o.[…M…I…z`J…..0.X……+./.
.       …..3.9./.5……………www.fpfacyvtuvluftwc.com………
.4.2………….       .
……………………………..#……………………………
2016-12-16 00:27:43.184885 IP 192.168.1.102.49834 > 104.244.74.13.443: Flags [.], ack 2260762625, win 257, length 0
E..(v.@……..fh.J…..^.VH….P….H……..
2016-12-16 00:27:43.195260 IP 192.168.1.102.49832 > 5.19.162.103.9071: Flags [.], ack 1101091672, win 256, length 0
E..(R.@…??…f…g..#oOA.oA.SXP………….
2016-12-16 00:27:43.195796 IP 192.168.1.102.49834 > 104.244.74.13.443: Flags [P.], seq 0:213, ack 1, win 257, length 213
E…v.@……..fh.J…..^.VH….P…^……………i.p…mD.-……..9…..Vn..i……+./.
.       …..3.9./.5………&.$..!www.kaeclwdu2uoztjx5hfmm3gzqn.com………
.4.2………….       .
……………………………..#……………………………
2016-12-16 00:27:43.196084 IP 192.168.1.102.49832 > 5.19.162.103.9071: Flags [P.], seq 0:194, ack 1, win 256, length 194
E…R   @…>|…f…g..#oOA.oA.SXP….U…………….B…….:.\.(.Lb.!.e…;d……..+./.
.       …..3.9./.5…..z………www.tmitox.com………
.4.2………….       .
……………………………..#……………………………
2016-12-16 00:27:43.260991 IP 192.168.1.102.49833 > 91.121.230.214.443: Flags [P.], seq 204:330, ack 748, win 253, length 126
E…o7@……..f[y………,….P………..F…BA.3.sR.X..J.!>..B….F ..b[.2.X4..Y.._….Y.I. A4….I.b./………………(b…]……Azmy.j.P….U4..+………m.W
2016-12-16 00:27:43.320317 IP 192.168.1.102.49834 > 104.244.74.13.443: Flags [P.], seq 213:339, ack 758, win 254, length 126
E…v.@….$…fh.J…..^.W…..P………..F…BA……s.$……..S……P..xza.E…]~k….q…m&..l……u…..i………..(|…….o.,.9q.E.N..BS/l……ul……O.
2016-12-16 00:27:43.338503 IP 192.168.1.102.49832 > 5.19.162.103.9071: Flags [P.], seq 194:320, ack 756, win 253, length 126
E…R
@…>….f…g..#oOA.1A.VKP…C…….F…BA..6cS…#*…….]…….FH.p…G,JY
K…V…2h..N.]@Q(……Xl………..(.;J….5.V.+v.(..c…#…….x..W….A..
2016-12-16 00:27:43.359445 IP 192.168.1.102.49833 > 91.121.230.214.443: Flags [P.], seq 330:368, ack 799, win 253, length 38
E..No8@……..f[y…………..P…%…….!b…]………./’R….I..7….u..
2016-12-16 00:27:43.448572 IP 192.168.1.102.49833 > 91.121.230.214.443: Flags [.], ack 2308, win 256, length 0
E..(o9@….8…f[y…………..P…@)……..
2016-12-16 00:27:43.463570 IP 192.168.1.102.49833 > 91.121.230.214.443: Flags [P.], seq 368:911, ack 2308, win 256, length 543
E..Go:@……..f[y…………..P….k…….b…]….!..LIM(….c…M…….3.4p.{..(.D.W…..m…..wb….$4[….]..hC2.a..m.P…. ….@,ybK..]……r.1%>……..VC..F`H….};%.TW`..8….{“V….I…+=I..o…..L(…….d.5…..9……..<}…M.%..>.F…j…!.:..T……..GLJ’^…..o.V…
……..Y.>:J…1…..Q&…..X^….\…}x.=E0l  …1….+……..H..;cG.?..{..!+. {.79.s).-.+]…A,w.B….p)..[.<….g..X:……@.a…&..(……O..2V,.Tb…1:.%.+[.5|…………….1.S……h?…2…b.m..^.a8.(~…….@..n.z…G.9….W…T……..;..E…………2..F…>.aE….ei^A.s__.$.M..S=..
2016-12-16 00:27:43.464563 IP 192.168.1.102.49834 > 104.244.74.13.443: Flags [P.], seq 339:377, ack 809, win 253, length 38
E..Nv.@….{…fh.J…..^.W….)P…Cq……!|…….*….v. 7.X|6IJ.x.7.R,q..
2016-12-16 00:27:43.473172 IP 192.168.1.102.49832 > 5.19.162.103.9071: Flags [P.], seq 320:358, ack 807, win 253, length 38
E..NR.@…?….f…g..#oOA..A.V~P………..!.;J….6…….O………&.^f..b.
2016-12-16 00:27:43.586398 IP 192.168.1.102.49834 > 104.244.74.13.443: Flags [.], ack 2331, win 257, length 0
E..(v @……..fh.J…..^.W…..P………….

 

 

Leave a Reply