New Chinese Clickfraud Malware Sample uninstall_20160329.exe Baidu Traffic Analysis PCAP Download

Download Attachments

  • 1 pcap uninstall
    New Chinese Clickfraud Malware Sample uninstall_20160329.exe Baidu Traffic Analysis PCAP Download
    Date added: October 23, 2016 6:11 am Added by: admin File size: 457 KB Downloads: 88

Chinese Clickfraud Malware Sample

 

2016-10-23 01:01:43.503345 IP 192.168.1.102.58777 > 203.130.54.225.80: Flags [P.], seq 0:313, ack 1, win 256, length 313: HTTP: GET /xunyou2014/uninstall_20160329.exe HTTP/1.1
E..a|.@….$…f..6….P…….KP…0…GET /xunyou2014/uninstall_20160329.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: update.xunyou.com
Connection: Keep-Alive

2016-10-23 01:03:18.297533 IP 192.168.1.102.58788 > 203.130.54.225.80: Flags [P.], seq 0:98, ack 1, win 256, length 98: HTTP: GET /xunyouclient/xunyou_2014.exe HTTP/1.1
E…|.@……..f..6….P.HQD….P….F..GET /xunyouclient/xunyou_2014.exe HTTP/1.1
Host: download.xunyou.com
Cache-Control: no-cache

2016-10-23 01:03:18.773535 IP 192.168.1.102.58788 > 203.130.54.225.80: Flags [.], ack 1183, win 252, length 0
E..(|.@….u…f..6….P.HQ….[P…:………
2016-10-23 01:03:18.812841 IP 192.168.1.102.58788 > 203.130.54.225.80: Flags [.], ack 3327, win 256, length 0
E..(|.@….t…f..6….P.HQ…..P…2:……..

E..(.T@…y….f}Z:….P…W.eT0P………….
2016-10-23 01:03:56.883908 IP 192.168.1.102.58792 > 125.90.58.132.80: Flags [P.], seq 0:296, ack 1, win 256, length 296: HTTP: GET /client/2013/0.shtml HTTP/1.1
E..P.U@…xf…f}Z:….P…W.eT0P…….GET /client/2013/0.shtml HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)
Host: www.xunyou.com
Connection: Keep-Alive

2016-10-23 01:05:11.169475 IP 192.168.1.102.58796 > 220.181.7.190.80: Flags [P.], seq 8722:9202, ack 23351, win 253, length 480: HTTP: GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1920×1080&ep=%7Bid%3Acar2%2CeventType%3Aclick%7D&et=1&fl=11.3&ja=1&ln=en-us&lo=0&nv=1&rnd=476161363&si=5ff93f4cdf094cff65ecefcce99b28b8&st=1&v=1.1.29&lv=1 HTTP/1.1
E…P.@……..f…….P5kJ.t..eP….R..GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1920×1080&ep=%7Bid%3Acar2%2CeventType%3Aclick%7D&et=1&fl=11.3&ja=1&ln=en-us&lo=0&nv=1&rnd=476161363&si=5ff93f4cdf094cff65ecefcce99b28b8&st=1&v=1.1.29&lv=1 HTTP/1.1
Accept: */*
Referer: http://www.xunyou.com/client/2013/0.shtml
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=12C1DAF132D9823A

E..(P.@……..f…….P5kL.t..eP………….
2016-10-23 01:05:15.167400 IP 192.168.1.102.58796 > 220.181.7.190.80: Flags [P.], seq 9202:9683, ack 23607, win 258, length 481: HTTP: GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1920×1080&ep=%7Bid%3Acar2%2CeventType%3Aclick%7D&et=1&fl=11.3&ja=1&ln=en-us&lo=0&nv=1&rnd=2063441508&si=5ff93f4cdf094cff65ecefcce99b28b8&st=1&v=1.1.29&lv=1 HTTP/1.1
E..     P.@……..f…….P5kL.t..eP…=…GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1920×1080&ep=%7Bid%3Acar2%2CeventType%3Aclick%7D&et=1&fl=11.3&ja=1&ln=en-us&lo=0&nv=1&rnd=2063441508&si=5ff93f4cdf094cff65ecefcce99b28b8&st=1&v=1.1.29&lv=1 HTTP/1.1
Accept: */*
Referer: http://www.xunyou.com/client/2013/0.shtml
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=12C1DAF132D9823A

Leave a Reply