Text Example

LAWRENCE KNACHEL IS A TROGLYODYTE PIECE OF SH!T - 3600 VISITORS DAILY WILL KNOW YOUR DAY IS COMING SOON

Zegost/Bjlog 43.252.163.135.8086 www.5173book.com Malware Crimeware PCAP file download Traffic Sample Analysis

Download Attachments

  • 1 pcap he
    Date added: May 21, 2017 9:04 pm Added by: admin File size: 213 KB Downloads: 66
SHA256: 745e0a1c522ac9b91ea00198dc89373da7bdb032c56096ba5c3aebc13ad52ad7
File name: he.exe
Detection ratio: 60 / 61
Analysis date: 2017-05-21 20:59:17 UTC ( 0 minutes ago )
Ad-Aware Gen:Variant.Zegost.2 20170521
AegisLab Troj.PSW32.W.Bjlog.kZLs 20170521
AhnLab-V3 Trojan/Win32.Bjlog.R2244 20170521
ALYac Gen:Variant.Zegost.2 20170520
Antiy-AVL Trojan[PSW]/Win32.Bjlog.dtwr 20170521
Arcabit Trojan.Zegost.2 20170521
Avast Win32:Zegost-C [Trj] 20170521
AVG Agent_r.AIO 20170521
Avira (no cloud) TR/PSW.Bjlog.lfzb 20170521
AVware Trojan.Win32.Generic.pak!cobra 20170521
Baidu Win32.Backdoor.Zegost.b 20170503
BitDefender Gen:Variant.Zegost.2 20170521
Bkav W32.ZegostQKB.Trojan 20170520
CAT-QuickHeal TrojanDropper.Zegost.C5 20170520
ClamAV Win.Spyware.78740-1 20170521
CMC Trojan-PSW.Win32.Bjlog!O 20170521
Comodo Backdoor.Win32.Zegost.B 20170521

 

2017-05-21 15:47:58.953388 IP 192.168.1.102.55351 > 192.168.1.100.55555: Flags [P.], seq 1:400, ack 1, win 2053, length 399
E…..@…m@…f…d.7….+..n..P….i..GET /he.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: 192.168.1.100:55555
Connection: Keep-Alive

2017-05-21 15:47:58.953406 IP 192.168.1.100.55555 > 192.168.1.102.55351: Flags [.], ack 400, win 237, length 0
E..(.X@.@..\…d…f…7.n….,.P….5..
2017-05-21 15:47:58.953674 IP 192.168.1.100.55555 > 192.168.1.102.55351: Flags [.], seq 1:2921, ack 400, win 237, length 2920
E….Y@.@……d…f…7.n….,.P…….HTTP/1.1 200 OK
Date: Sun, 21 May 2017 19:47:58 GMT
Server: Apache/2.4.18 (Debian)
Last-Modified: Sun, 21 May 2017 19:47:36 GMT
ETag: “331e8-5500e06c39ad1”
Accept-Ranges: bytes
Content-Length: 209384
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program

2017-05-21 15:48:21.851176 IP 192.168.1.102.55771 > 75.75.75.75.53: 45666+ A? www.5173book.com. (34)
E..>”……p…fKKKK…5.*…b………..www.5173book.com…..
2017-05-21 15:48:21.912078 IP 192.168.1.102.55772 > 75.75.75.75.53: 14531+ A? conf.f.360.cn. (31)
E..;”……r…fKKKK…5.’..8…………conf.f.360.cn…..
2017-05-21 15:48:22.172662 IP 192.168.1.102.55352 > 43.252.163.135.8086: Flags [S], seq 3341920473, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4j.@….s…f+….8…1…….. .U……………
2017-05-21 15:48:22.941885 IP 192.168.1.102.55352 > 43.252.163.135.8086: Flags [S], seq 3341920473, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4j.@….r…f+….8…1…….. .U……………
2017-05-21 15:48:23.712863 IP 192.168.1.102.55352 > 43.252.163.135.8086: Flags [S], seq 3341920473, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0j.@….u…f+….8…1……p. .i………..
2017-05-21 15:48:24.462699 IP 192.168.1.102.55353 > 43.252.163.135.8086: Flags [S], seq 1743823324, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4j.@….p…f+….9..g……… ……………..
2017-05-21 15:48:25.232407 IP 192.168.1.102.55353 > 43.252.163.135.8086: Flags [S], seq 1743823324, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4j.@….o…f+….9..g……… ……………..
2017-05-21 15:48:26.018872 IP 192.168.1.102.55353 > 43.252.163.135.8086: Flags [S], seq 1743823324, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0j.@….r…f+….9..g…….p. ………….
2017-05-21 15:48:26.768121 IP 192.168.1.102.55354 > 43.252.163.135.8086: Flags [S], seq 2200689634, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4j.@….m…f+….:…+…….. .f……………
2017-05-21 15:48:27.522776 IP 192.168.1.102.55354 > 43.252.163.135.8086: Flags [S], seq 2200689634, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4j.@….l…f+….:…+…….. .f……………
2017-05-21 15:48:28.271503 IP 192.168.1.102.55354 > 43.252.163.135.8086: Flags [S], seq 2200689634, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0j.@….o…f+….:…+……p. .z………..

Leave a Reply