| SHA256: | 3bdf2bac5602f1ba204ca4d40ca223a8f26c016b95c7f6bc840f60ec25a864f1 |
| File name: | 1224.exe |
| Detection ratio: | 45 / 57 |
| Analysis date: | 2017-01-16 07:02:05 UTC ( 0 minutes ago ) |
| AhnLab-V3 | Trojan/Win32.Cerber.R193005 | 20170116 |
| Arcabit | Trojan.Generic.D3EED17 | 20170116 |
| Avast | Win32:Malware-gen | 20170116 |
| Avira (no cloud) | TR/Injector.cktso | 20170115 |
| Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9997 | 20170113 |
| BitDefender | Trojan.GenericKD.4123927 | 20170116 |
| CAT-QuickHeal | Trojan.Inject | 20170116 |
| ClamAV | Win.Trojan.Agent-5485292-0 | 20170116 |
| Comodo | UnclassifiedMalware | 20170116 |
| CrowdStrike Falcon (ML) | malicious_confidence_83% (W) | 20161024 |
| Cyren | W32/Trojan.TCRK-3050 | 20170116 |
| DrWeb | Trojan.Encoder.7453 | 20170116 |
| ESET-NOD32 | a variant of Win32/Injector.DJKD | 20170116 |
| Emsisoft | Trojan.GenericKD.4123927 (B) | 20170116 |
| F-Secure | Trojan.Generic.20219229 | 20170116 |
| Fortinet | W32/Injector.DJKD!tr | 20170116 |
| GData | Trojan.GenericKD.4123927 | 20170116 |
2017-01-16 00:20:05.399538 IP 192.168.1.102.63361 > 216.250.121.64.80: Flags [P.], seq 0:290, ack 1, win 256, length 290: HTTP: GET /new/1224.exe HTTP/1.1
E..Jqr@…s….f..y@…P.W0!k$7`P…a…GET /new/1224.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: wiredpetals.com
Connection: Keep-Alive
2017-01-16 00:21:02.186427 IP 192.168.1.102.61992 > 15.44.20.0.6892: UDP, length 25
E..5u……….f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186490 IP 192.168.1.102.61992 > 15.44.20.1.6892: UDP, length 25
E..5:Q…..,…f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186499 IP 192.168.1.102.61992 > 15.44.20.2.6892: UDP, length 25
E..5Rw………f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186593 IP 192.168.1.102.61992 > 15.44.20.3.6892: UDP, length 25
E..5……8l…f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186603 IP 192.168.1.102.61992 > 15.44.20.4.6892: UDP, length 25
E..5&…../….f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186717 IP 192.168.1.102.61992 > 15.44.20.5.6892: UDP, length 25
E..5j……u…f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186725 IP 192.168.1.102.61992 > 15.44.20.6.6892: UDP, length 25
E..5……T….f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186775 IP 192.168.1.102.61992 > 15.44.20.7.6892: UDP, length 25
E..5N)…..N…f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186849 IP 192.168.1.102.61992 > 15.44.20.8.6892: UDP, length 25
E..5……9….f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186858 IP 192.168.1.102.61992 > 15.44.20.9.6892: UDP, length 25
E..5S……….f.,. .(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186907 IP 192.168.1.102.61992 > 15.44.20.10.6892: UDP, length 25
E..5;……….f.,.
.(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206140 IP 192.168.1.102.61992 > 91.239.25.241.6892: UDP, length 25
E..567………f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206190 IP 192.168.1.102.61992 > 91.239.25.242.6892: UDP, length 25
E..5N……….f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206248 IP 192.168.1.102.61992 > 91.239.25.243.6892: UDP, length 25
E..5…….:…f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206303 IP 192.168.1.102.61992 > 91.239.25.244.6892: UDP, length 25
E..5:……….f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206353 IP 192.168.1.102.61992 > 91.239.25.245.6892: UDP, length 25
E..5 ……(…f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206356 IP 192.168.1.102.61992 > 91.239.25.246.6892: UDP, length 25
E..5!……….f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206406 IP 192.168.1.102.61992 > 91.239.25.247.6892: UDP, length 25
E..5bk…..X…f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206477 IP 192.168.1.102.61992 > 91.239.25.248.6892: UDP, length 25
E..5………..f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206527 IP 192.168.1.102.61992 > 91.239.25.249.6892: UDP, length 25
E..5O……….f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206531 IP 192.168.1.102.61992 > 91.239.25.250.6892: UDP, length 25
E..57……….f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206603 IP 192.168.1.102.61992 > 91.239.25.251.6892: UDP, length 25
E..5lh…..W…f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206654 IP 192.168.1.102.61992 > 91.239.25.252.6892: UDP, length 25
E..5c……….f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206657 IP 192.168.1.102.61992 > 91.239.25.253.6892: UDP, length 25
E..5 \…..a…f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206721 IP 192.168.1.102.61992 > 91.239.25.254.6892: UDP, length 25
E..5.8………f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:04.198130 IP 192.168.1.102.61992 > 91.239.25.255.6892: UDP, length 25
E..5;……9…f[….(…!..9973e23bd78600889501000d0
Written By
2020-06-23 15:26:21.518710 IP 10.1.10.15.49742 > 217.8.117.45.80: Flags [P.], seq 1:502, ack 1, win 16425, length 501: HTTP: GET /zxcv.EXE HTTP/1.1 E....=@...wX . ...u-.N.P'&"i....P.@).Q..GET /zxcv.EXE HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-us User-Agent: Mozill...
AZORult/RacoonStealer can steal banking information including passwords and credit card details as well as cryptocurrency. This constantly updated information stealer malware should not be taken lightly, as it continues to be an active threat. Raccoon is an info...
Predator the Thief is an information stealer, meaning that it is a malware that steals data from infected systems. This virus can access the camera and spy on victims, steal passwords and login information as well as retrieve payment data from cryptocurrency wallet...
Hostile IPs: 172.217.164.131 172.217.9.206 172.253.63.132 188.127.249.210 195.201.225.248 217.8.117.45 34.107.4.68 91.193.75.172 96.6.6.64 Dynamic Analysis Report Classification:DownloaderSpyware Threat Names:AZORult v3Gen:Varian...
