Download Attachments
| SHA256: | 408e5e7d86d222882eab6a3f5cc71ccd9c2d98c74a6b321c761b7ef6f82c88ba |
| File name: | read.php?f=0.dat.1 |
| Detection ratio: | 22 / 55 |
| Analysis date: | 2017-01-21 23:05:38 UTC ( 0 minutes ago ) |
| aspersky | HEUR:Trojan.Win32.Generic | 20170120 |
| Malwarebytes | Trojan.MalPack.VB | 20170120 |
| McAfee | PWSZbot-FHN | 20170120 |
| McAfee-GW-Edition | BehavesLike.Win32.Worm.tt | 20170120 |
| eScan | Trojan.GenericKD.4185884 | 20170120 |
| Microsoft | Trojan:Win32/Dynamer!ac | 20170120 |
| Panda | Trj/GdSda.A | 20170120 |
| Qihoo-360 | HEUR/QVM03.0.A425.Malware.Gen | 20170121 |
| Sophos | Troj/Zbot-LPS | 20170120 |
| Symantec | ML.Relationship.HighConfidence [Infostealer.Limitail] | 20170120 |
| Tencent | Win32.Trojan.Generic.Swba | 20170121 |
| TrendMicro | TSPY_INFOSTEAL.RRG | 20170121 |
| TrendMicro-HouseCall | TSPY_INFOSTEAL.RRG | 20170121 |
| VIPRE | Trojan.Win32.Generic!BT | 20170121 |
| ViRobot | Trojan.Win32.Infostealer.1854296[h] | 20170121 |
| Yandex | Trojan.Injector!fxtPd0Ocb/U | 20170120 |
2017-01-21 01:34:57.576124 IP 192.168.1.102.50646 > 84.200.34.99.80: Flags [P.], seq 0:293, ack 1, win 256, length 293: HTTP: GET /read.php?f=0.dat HTTP/1.1
E..M3.@….U…fT.”c…Pa..F..3.P…….GET /read.php?f=0.dat HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: aloepolera.top
Connection: Keep-Alive
2017-01-21 01:35:24.493431 IP 192.168.1.102.61133 > 75.75.75.75.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..HG$………fKKKK…5.4
.3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:25.478850 IP 192.168.1.102.61134 > 75.75.75.75.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..HG%………fKKKK…5.4
.3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:26.479008 IP 192.168.1.102.61135 > 75.75.75.75.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..HG&………fKKKK…5.4
.3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:26.493504 IP 192.168.1.102.61133 > 75.75.76.76.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..H0……h…fKKLL…5.4 .3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:26.782549 IP 192.168.1.102.50647 > 54.146.39.22.80: Flags [S], seq 4173774261, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.D@……..f6.’….P………. ……………..
2017-01-21 01:35:26.811246 IP 192.168.1.102.50647 > 54.146.39.22.80: Flags [.], ack 3223055681, win 256, length 0
E..(.E@……..f6.’….P…….AP…e………
2017-01-21 01:35:26.812435 IP 192.168.1.102.50647 > 54.146.39.22.80: Flags [P.], seq 0:93, ack 1, win 256, length 93: HTTP: POST / HTTP/1.1
E….F@….v…f6.’….P…….AP…2…POST / HTTP/1.1
Host: mbfce24rgn65bx3g.er29sl.in
Content-Length: 167
Connection: close
2017-01-21 01:35:27.478619 IP 192.168.1.102.61134 > 75.75.76.76.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..H0……g…fKKLL…5.4 .3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:27.946618 IP 192.168.1.102.50647 > 54.146.39.22.80: Flags [.], ack 112, win 256, length 0
E..(.H@……..f6.’….P……..P…c………
2017-01-21 01:35:27.947809 IP 192.168.1.102.50647 > 54.146.39.22.80: Flags [F.], seq 260, ack 112, win 256, length 0
E..(.I@……..f6.’….P……..P…c………
2017-01-21 01:35:28.478763 IP 192.168.1.102.61135 > 75.75.76.76.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..H0……f…fKKLL…5.4 .3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:28.776237 IP 192.168.1.102.50646 > 84.200.34.99.80: Flags [F.], seq 293, ack 274776, win 1180, length 0
E..(3.@……..fT.”c…Pa..k..dbP… 8……..
2017-01-21 01:35:29.478828 IP 192.168.1.102.61134 > 75.75.75.75.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..HG*………fKKKK…5.4
.3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:31.479076 IP 192.168.1.102.61134 > 75.75.76.76.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..H0……d…fKKLL…5.4 .3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:32.245715 IP 192.168.1.102.61136 > 75.75.75.75.53: 60353+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..HG,………fKKKK…5.4Q…………..mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:32.265343 IP 192.168.1.102.50648 > 66.23.246.239.80: Flags [S], seq 1829708398, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4x.@……..fB……Pm.”n…… ..T…………..
2017-01-21 01:35:32.316926 IP 192.168.1.102.50648 > 66.23.246.239.80: Flags [.], ack 1944042060, win 256, length 0
E..(x.@…. …fB……Pm.”os..LP…/………
2017-01-21 01:35:32.317860 IP 192.168.1.102.50648 > 66.23.246.239.80: Flags [P.], seq 0:93, ack 1, win 256, length 93: HTTP: POST / HTTP/1.1
E…x.@……..fB……Pm.”os..LP…….POST / HTTP/1.1
Host: mbfce24rgn65bx3g.er29sl.in
Content-Length: 167
Connection: close