Download Attachments
-
1
0dat
Date added: January 21, 2017 11:14 pm
Added by: admin
File size: 11 KB
Downloads: 293
SHA256: |
408e5e7d86d222882eab6a3f5cc71ccd9c2d98c74a6b321c761b7ef6f82c88ba |
File name: |
read.php?f=0.dat.1 |
Detection ratio: |
22 / 55 |
Analysis date: |
2017-01-21 23:05:38 UTC ( 0 minutes ago ) |
aspersky |
HEUR:Trojan.Win32.Generic |
20170120 |
Malwarebytes |
Trojan.MalPack.VB |
20170120 |
McAfee |
PWSZbot-FHN |
20170120 |
McAfee-GW-Edition |
BehavesLike.Win32.Worm.tt |
20170120 |
eScan |
Trojan.GenericKD.4185884 |
20170120 |
Microsoft |
Trojan:Win32/Dynamer!ac |
20170120 |
Panda |
Trj/GdSda.A |
20170120 |
Qihoo-360 |
HEUR/QVM03.0.A425.Malware.Gen |
20170121 |
Sophos |
Troj/Zbot-LPS |
20170120 |
Symantec |
ML.Relationship.HighConfidence [Infostealer.Limitail] |
20170120 |
Tencent |
Win32.Trojan.Generic.Swba |
20170121 |
TrendMicro |
TSPY_INFOSTEAL.RRG |
20170121 |
TrendMicro-HouseCall |
TSPY_INFOSTEAL.RRG |
20170121 |
VIPRE |
Trojan.Win32.Generic!BT |
20170121 |
ViRobot |
Trojan.Win32.Infostealer.1854296[h] |
20170121 |
Yandex |
Trojan.Injector!fxtPd0Ocb/U |
20170120 |

2017-01-21 01:34:57.576124 IP 192.168.1.102.50646 > 84.200.34.99.80: Flags [P.], seq 0:293, ack 1, win 256, length 293: HTTP: GET /read.php?f=0.dat HTTP/1.1
E..M3.@….U…fT.”c…Pa..F..3.P…….GET /read.php?f=0.dat HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: aloepolera.top
Connection: Keep-Alive
2017-01-21 01:35:24.493431 IP 192.168.1.102.61133 > 75.75.75.75.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..HG$………fKKKK…5.4
.3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:25.478850 IP 192.168.1.102.61134 > 75.75.75.75.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..HG%………fKKKK…5.4
.3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:26.479008 IP 192.168.1.102.61135 > 75.75.75.75.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..HG&………fKKKK…5.4
.3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:26.493504 IP 192.168.1.102.61133 > 75.75.76.76.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..H0……h…fKKLL…5.4 .3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:26.782549 IP 192.168.1.102.50647 > 54.146.39.22.80: Flags [S], seq 4173774261, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.D@……..f6.’….P………. ……………..
2017-01-21 01:35:26.811246 IP 192.168.1.102.50647 > 54.146.39.22.80: Flags [.], ack 3223055681, win 256, length 0
E..(.E@……..f6.’….P…….AP…e………
2017-01-21 01:35:26.812435 IP 192.168.1.102.50647 > 54.146.39.22.80: Flags [P.], seq 0:93, ack 1, win 256, length 93: HTTP: POST / HTTP/1.1
E….F@….v…f6.’….P…….AP…2…POST / HTTP/1.1
Host: mbfce24rgn65bx3g.er29sl.in
Content-Length: 167
Connection: close
2017-01-21 01:35:27.478619 IP 192.168.1.102.61134 > 75.75.76.76.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..H0……g…fKKLL…5.4 .3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:27.946618 IP 192.168.1.102.50647 > 54.146.39.22.80: Flags [.], ack 112, win 256, length 0
E..(.H@……..f6.’….P……..P…c………
2017-01-21 01:35:27.947809 IP 192.168.1.102.50647 > 54.146.39.22.80: Flags [F.], seq 260, ack 112, win 256, length 0
E..(.I@……..f6.’….P……..P…c………
2017-01-21 01:35:28.478763 IP 192.168.1.102.61135 > 75.75.76.76.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..H0……f…fKKLL…5.4 .3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:28.776237 IP 192.168.1.102.50646 > 84.200.34.99.80: Flags [F.], seq 293, ack 274776, win 1180, length 0
E..(3.@……..fT.”c…Pa..k..dbP… 8……..
2017-01-21 01:35:29.478828 IP 192.168.1.102.61134 > 75.75.75.75.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..HG*………fKKKK…5.4
.3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:31.479076 IP 192.168.1.102.61134 > 75.75.76.76.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..H0……d…fKKLL…5.4 .3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:32.245715 IP 192.168.1.102.61136 > 75.75.75.75.53: 60353+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..HG,………fKKKK…5.4Q…………..mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:32.265343 IP 192.168.1.102.50648 > 66.23.246.239.80: Flags [S], seq 1829708398, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4x.@……..fB……Pm.”n…… ..T…………..
2017-01-21 01:35:32.316926 IP 192.168.1.102.50648 > 66.23.246.239.80: Flags [.], ack 1944042060, win 256, length 0
E..(x.@…. …fB……Pm.”os..LP…/………
2017-01-21 01:35:32.317860 IP 192.168.1.102.50648 > 66.23.246.239.80: Flags [P.], seq 0:93, ack 1, win 256, length 93: HTTP: POST / HTTP/1.1
E…x.@……..fB……Pm.”os..LP…….POST / HTTP/1.1
Host: mbfce24rgn65bx3g.er29sl.in
Content-Length: 167
Connection: close
Please follow and like us: