Download Attachments
| SHA256: | a15d9dd8f751b241d7171587719f50ed0f7ef57dd54b78e17bca4ee5a922c971 |
| File name: | raj.exe |
| Detection ratio: | 44 / 60 |
| Analysis date: | 2017-05-09 01:53:13 UTC ( 0 minutes ago ) |
| ALYac | Gen:Variant.Razy.169955 | 20170509 |
| Arcabit | Trojan.Generic.D4C215F | 20170509 |
| Avast | Win32:Malware-gen | 20170509 |
| AVG | Generic_r.SQM | 20170509 |
| Avira (no cloud) | TR/Crypt.ZPACK.lrzkx | 20170509 |
| AVware | Trojan.Win32.Injector.cdgy (v) | 20170508 |
| BitDefender | Trojan.GenericKD.4989279 | 20170509 |
| Bkav | HW32.Packed.9625 | 20170508 |
| CAT-QuickHeal | Trojan.Dynamer | 20170508 |
| ClamAV | Win.Trojan.Agent-6307522-0 | 20170508 |
| DrWeb | Trojan.Winlock.13915 | 20170508 |
| Emsisoft | Trojan.GenericKD.4989279 (B) | 20170508 |
| Endgame | malicious (high confidence) | 20170503 |
| ESET-NOD32 | Win32/TrojanDownloader.Agent.DGM | 20170509 |
| F-Secure | Trojan.GenericKD.4989279 | 20170508 |
| Fortinet | W32/Sennoma.ABK!tr | 20170508 |
| GData | Trojan.GenericKD.4989279 | 20170508 |
| Ikarus | Trojan-Downloader.Win32.Agent | 20170508 |
| Invincea | ransom.win32.crowti.a | 20170413 |
| K7AntiVirus | Riskware ( 0040eff71 ) | 20170508 |
| K7GW | Riskware ( 0040eff71 ) | 20170508 |
| Kaspersky | Trojan.Win32.Sennoma.abk | 20170508 |
| Malwarebytes | Backdoor.Bot | 20170509 |
| McAfee | Artemis!407B6C1AA288 | 20170509 |
| McAfee-GW-Edition | BehavesLike.Win32.Expiro.cc | 20170508 |
2017-05-08 19:49:29.759767 IP 192.168.1.102.54520 > 178.62.104.165.80: Flags [P.], seq 0:395, ack 1, win 256, length 395: HTTP: GET /raj.exe HTTP/1.1
E…<*@….(…f.>h….P…….|P…P[..GET /raj.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: 178.62.104.165
Connection: Keep-Alive
2017-05-08 19:49:35.480794 IP 192.168.1.102.54521 > 185.121.177.53.53: Flags [P.], seq 0:31, ack 1, win 256, length 3147940+ A? funchat.bit. (29)
E..G?&@……..f.y.5…5..I;.D..P….R…..D………..funchat.bit…..
2017-05-08 19:49:35.505692 IP 192.168.1.102.54521 > 185.121.177.53.53: Flags [F.], seq 31, ack 48, win 256, length 0
E..(?’@……..f.y.5…5..IZ.D.:P…#………
2017-05-08 19:49:40.776524 IP 192.168.1.102.54526 > 185.13.36.121.443: Flags [.], ack 1875535261, win 256, length 0
E..(>.@……..f..$y……..o.e.P…C………
2017-05-08 19:49:40.782055 IP 192.168.1.102.54526 > 185.13.36.121.443: Flags [P.], seq 0:104, ack 1, win 256, length 104
E…>.@……..f..$y……..o.e.P….|……c…_..Y………R….;…!.J2x..Wn..z…../.5…
….. .
.2.8…………………..
…………..
2017-05-08 19:49:40.935054 IP 192.168.1.102.54526 > 185.13.36.121.443: Flags [.], ack 1468, win 256, length 0
E..(>.@……..f..$y……..o.kXP…=………
2017-05-08 19:49:40.961149 IP 192.168.1.102.54526 > 185.13.36.121.443: Flags [P.], seq 104:238, ack 1468, win 256, length 134
E…>.@……..f..$y……..o.kXP….=……F…BA..m.D….;…n6.m……a S.J..)……..qC….K..Q..`.<(cl…?j..@……….0.)/..;U.J._…..f.l……L}o.`..fK..E..r.3.R. Y.
2017-05-08 19:49:41.113067 IP 192.168.1.102.54526 > 185.13.36.121.443: Flags [.], ack 1527, win 256, length 0
E..(>.@……..f..$y…….qo.k.P…<………
2017-05-08 19:49:41.117958 IP 192.168.1.102.54526 > 185.13.36.121.443: Flags [P.], seq 238:547, ack 1527, win 256, length 309
E..]>.@….J…f..$y…….qo.k.P………..0…`.D%.c.#%……..r;.:.W-..m..[~u…4….OE.r…..A..no1…..M..,c..)c/rq,…D…z..”_prp…`’……x..R…H6….)..v.4…..`…>.P/…t2……9g…..m…5.K…………]….O@zn.R……X..(3.y…A..S.L.-……3)..”;.[X1Qk…X:.5……..p…m..6..N&.+.,KU…s..(……:\i…G.u4…….-..y.(..2…,kV..
2017-05-08 19:49:41.419113 IP 192.168.1.102.54526 > 185.13.36.121.443: Flags [P.], seq 547:1608, ack 1527, win 256, length 1061
E..M>.@….Y…f..$y……..o.k.P….m…… …eZ…..4=..A..7C…V..Z1`xS….zO../k.UO…%._.k^.
.).fb.J…?..7….
.t ..S.).)…’).3.. …..B.-……..’.t.”…~..Q..T…..IC..X.o..\D..^….E.y……1Sab5..9….k\..]..qY.s….]..CH.3us.:HA`.l……|….#…D].u…F..d..”….^ ..)..f.x[.=…EvF…8.y.Yg..”.”Z’..K.k|u..SX……./n..(Tl.>5B..Q….J\D………K…U…=k/.5……oS..E.A
…m.ykj…-fg……wJ.[..& ..:..Z…..h.{e!G..z……Ny.==.u.0…….2.t…0.#-…..b.V.w……P5.EZ4I.!%..sVi.].r..n……XjP.,..a..[…..s….”..6H……..5+o .9…..>…. …E…(T1.0…l…..S…Y.”…a……\N…EjM2….ynN,…..*q………q{.
..(…Y.sHp…….kz………….a0.8.Mg…C,Di…..T…..`.~jS-…..W..l.Z….9.bF…..Py..n/….?..wy.1*.s.Vz$….6…..R…z.*..d.&T.|..b.%.T……..%.FB!a….^.
\_K..R….]A….\2Y…%.>.9 .T…MBR……#.rS.:……DJ.c….n……!….Ccl.3..YW….w… w.>.IP[…. B…_……..G6’BSF(…..gH.Q……..Id..).K..’w……..>1..:..?..)X……p..
:.j..p…..c.&….s.TA.~.3…*sa..2.&.”9..B..4.3……!….,..b..^*.U….VB…….
Bc….m_y..zt…T.”..?.e..g….V