Mikey Trojan Downloader Dropper Pay-per-Install Malware PCAP file download traffic sample

Download Attachments

  • 1 pcap 75556
    Date added: October 28, 2016 12:38 am Added by: admin File size: 29 KB Downloads: 61
SHA256: e7e729e9d23aeac5ff826c5d3389f5c1cc2982d3d43168e2f5af705709db47da
File name: chaojibiajiqiv2.3@152_75556.exe
Detection ratio: 40 / 56
Analysis date: 2016-10-28 00:36:35 UTC ( 0 minutes ago )
AVG Generic37.CELZ 20161028
AVware Trojan.Win32.Generic!BT 20161027
Ad-Aware Gen:Variant.Application.Mikey.34859 20161027
AegisLab Adware.W32.Agent!c 20161027
AhnLab-V3 PUP/Win32.Installer.R185010 20161027
Antiy-AVL Trojan/Win32.PackedNsisMod.o 20161027
Arcabit Trojan.Application.Mikey.D882B 20161027
Avast Win32:Malware-gen 20161027
BitDefender Gen:Variant.Application.Mikey.34859 20161027
CAT-QuickHeal Heur.Downloader 20161027
ClamAV Win.Trojan.Agent-1726718 20161027
Comodo Application.Win32.NSISmod.~O 20161027
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Mikey.U.gen!Eldorado 20161028
DrWeb Trojan.Winlock.13291 20161028
ESET-NOD32 a variant of Win32/Packed.NSISmod.O suspicious 20161028
F-Prot W32/Mikey.U.gen!Eldorado 20161028
F-Secure Gen:Variant.Application.Mikey 20161027

2016-10-27 20:02:12.246829 IP 192.168.1.102.55908 > 58.218.211.172.80: Flags [P.], seq 0:331, ack 1, win 256, length 331: HTTP: GET /cx/160624/6/chaojibiajiqiv2.3@152_75556.exe HTTP/1.1
E..sJ.@……..f:….d.P……/.P…….GET /cx/160624/6/chaojibiajiqiv2.3@152_75556.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: 1476675136.xiazaidown.com
Connection: Keep-Alive

2016-10-27 20:02:12.520022 IP 192.168.1.102.55908 > 58.218.211.172.80: Flags [.], ack 2921, win 256, length 0
E..(J.@….#…f:….d.P…L..;JP…eS……..

.e.P..Mo{q#.P….s……..
2016-10-27 20:02:18.180458 IP 192.168.1.102.55909 > 23.211.124.10.80: Flags [P.], seq 0:180, ack 1, win 256, length 180: HTTP: GET /sfsca.crl HTTP/1.1
E…<.@…gh…f..|
.e.P..Mo{q#.P…%…GET /sfsca.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.startssl.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache

2016-10-27 20:02:23.775509 IP 192.168.1.102.55911 > 121.43.96.6.80: Flags [P.], seq 0:195, ack 1, win 256, length 195: HTTP: GET /api.php?id=75556[1]&qid=152&rand=52229065361&title=chaojibiajiqiv2.3&t=0 HTTP/1.1
E…6[@…(r…fy+`..g.PE.k…..P…….GET /api.php?id=75556[1]&qid=152&rand=52229065361&title=chaojibiajiqiv2.3&t=0 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: down.xiald.com
Connection: Keep-Alive
Cache-Control: no-cache

2016-10-27 20:02:24.024704 IP 192.168.1.102.65084 > 75.75.75.75.53: 10900+ A? dx.crsky.com. (30)
E..:(6………fKKKK.<.5.&.9*…………dx.crsky.com…..
2016-10-27 20:02:24.067741 IP 192.168.1.102.55911 > 121.43.96.6.80: Flags [.], ack 450, win 254, length 0
E..(6\@…)4…fy+`..g.PE.lI..!.P………….

E..(.6@…O….f}ZXV.h.P..\…k\P………….
2016-10-27 20:02:24.570285 IP 192.168.1.102.55912 > 125.90.88.86.80: Flags [P.], seq 0:154, ack 1, win 256, length 154: HTTP: GET /tools/yinsu_api.aspx?softid=75556 HTTP/1.1
E….7@…O@…f}ZXV.h.P..\…k\P….1..GET /tools/yinsu_api.aspx?softid=75556 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: dx.crsky.com
Connection: Keep-Alive
Cache-Control: no-cache

2016-10-27 20:02:24.827194 IP 192.168.1.102.55912 > 125.90.88.86.80: Flags [.], ack 1594, win 256, length 0
E..(.8@…O….f}ZXV.h.P..]j..q.P………….
2016-10-27 20:02:24.828263 IP 192.168.1.102.55912 > 125.90.88.86.80: Flags [F.], seq 154, ack 1594, win 256, length 0
E..(.9@…O….f}ZXV.h.P..]j..q.P………….
2016-10-27 20:02:24.844407 IP 192.168.1.102.55911 > 121.43.96.6.80: Flags [P.], seq 195:390, ack 450, win 254, length 195: HTTP: GET /api.php?id=75556[1]&qid=152&rand=52229065361&title=chaojibiajiqiv2.3&t=0 HTTP/1.1
E…6]@…(p…fy+`..g.PE.lI..!.P….:..GET /api.php?id=75556[1]&qid=152&rand=52229065361&title=chaojibiajiqiv2.3&t=0 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: down.xiald.com
Connection: Keep-Alive
Cache-Control: no-cache

 

2016-10-27 20:02:31.678975 IP 192.168.1.102.55916 > 125.90.88.86.80: Flags [P.], seq 0:154, ack 1, win 256, length 154: HTTP: GET /tools/yinsu_api.aspx?softid=75556 HTTP/1.1
E….R@…O%…f}ZXV.l.P…C.K..P…4k..GET /tools/yinsu_api.aspx?softid=75556 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: dx.crsky.com
Connection: Keep-Alive
Cache-Control: no-cache

2016-10-27 20:02:31.878776 IP 192.168.1.102.55916 > 125.90.88.86.80: Flags [P.], seq 0:154, ack 1, win 256, length 154: HTTP: GET /tools/yinsu_api.aspx?softid=75556 HTTP/1.1
E….S@…O$…f}ZXV.l.P…C.K..P…4k..GET /tools/yinsu_api.aspx?softid=75556 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: dx.crsky.com
Connection: Keep-Alive
Cache-Control: no-cache

Leave a Reply