Download Attachments
-
1
he
Date added: May 21, 2017 9:04 pm
Added by: admin
File size: 213 KB
Downloads: 298
SHA256: |
745e0a1c522ac9b91ea00198dc89373da7bdb032c56096ba5c3aebc13ad52ad7 |
File name: |
he.exe |
Detection ratio: |
60 / 61 |
Analysis date: |
2017-05-21 20:59:17 UTC ( 0 minutes ago ) |
Ad-Aware |
Gen:Variant.Zegost.2 |
20170521 |
AegisLab |
Troj.PSW32.W.Bjlog.kZLs |
20170521 |
AhnLab-V3 |
Trojan/Win32.Bjlog.R2244 |
20170521 |
ALYac |
Gen:Variant.Zegost.2 |
20170520 |
Antiy-AVL |
Trojan[PSW]/Win32.Bjlog.dtwr |
20170521 |
Arcabit |
Trojan.Zegost.2 |
20170521 |
Avast |
Win32:Zegost-C [Trj] |
20170521 |
AVG |
Agent_r.AIO |
20170521 |
Avira (no cloud) |
TR/PSW.Bjlog.lfzb |
20170521 |
AVware |
Trojan.Win32.Generic.pak!cobra |
20170521 |
Baidu |
Win32.Backdoor.Zegost.b |
20170503 |
BitDefender |
Gen:Variant.Zegost.2 |
20170521 |
Bkav |
W32.ZegostQKB.Trojan |
20170520 |
CAT-QuickHeal |
TrojanDropper.Zegost.C5 |
20170520 |
ClamAV |
Win.Spyware.78740-1 |
20170521 |
CMC |
Trojan-PSW.Win32.Bjlog!O |
20170521 |
Comodo |
Backdoor.Win32.Zegost.B |
20170521 |
2017-05-21 15:47:58.953388 IP 192.168.1.102.55351 > 192.168.1.100.55555: Flags [P.], seq 1:400, ack 1, win 2053, length 399
E…..@…m@…f…d.7….+..n..P….i..GET /he.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: 192.168.1.100:55555
Connection: Keep-Alive
2017-05-21 15:47:58.953406 IP 192.168.1.100.55555 > 192.168.1.102.55351: Flags [.], ack 400, win 237, length 0
E..(.X@.@..\…d…f…7.n….,.P….5..
2017-05-21 15:47:58.953674 IP 192.168.1.100.55555 > 192.168.1.102.55351: Flags [.], seq 1:2921, ack 400, win 237, length 2920
E….Y@.@……d…f…7.n….,.P…….HTTP/1.1 200 OK
Date: Sun, 21 May 2017 19:47:58 GMT
Server: Apache/2.4.18 (Debian)
Last-Modified: Sun, 21 May 2017 19:47:36 GMT
ETag: “331e8-5500e06c39ad1”
Accept-Ranges: bytes
Content-Length: 209384
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
2017-05-21 15:48:21.851176 IP 192.168.1.102.55771 > 75.75.75.75.53: 45666+ A? www.5173book.com. (34)
E..>”……p…fKKKK…5.*…b………..www.5173book.com…..
2017-05-21 15:48:21.912078 IP 192.168.1.102.55772 > 75.75.75.75.53: 14531+ A? conf.f.360.cn. (31)
E..;”……r…fKKKK…5.’..8…………conf.f.360.cn…..
2017-05-21 15:48:22.172662 IP 192.168.1.102.55352 > 43.252.163.135.8086: Flags [S], seq 3341920473, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4j.@….s…f+….8…1…….. .U……………
2017-05-21 15:48:22.941885 IP 192.168.1.102.55352 > 43.252.163.135.8086: Flags [S], seq 3341920473, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4j.@….r…f+….8…1…….. .U……………
2017-05-21 15:48:23.712863 IP 192.168.1.102.55352 > 43.252.163.135.8086: Flags [S], seq 3341920473, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0j.@….u…f+….8…1……p. .i………..
2017-05-21 15:48:24.462699 IP 192.168.1.102.55353 > 43.252.163.135.8086: Flags [S], seq 1743823324, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4j.@….p…f+….9..g……… ……………..
2017-05-21 15:48:25.232407 IP 192.168.1.102.55353 > 43.252.163.135.8086: Flags [S], seq 1743823324, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4j.@….o…f+….9..g……… ……………..
2017-05-21 15:48:26.018872 IP 192.168.1.102.55353 > 43.252.163.135.8086: Flags [S], seq 1743823324, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0j.@….r…f+….9..g…….p. ………….
2017-05-21 15:48:26.768121 IP 192.168.1.102.55354 > 43.252.163.135.8086: Flags [S], seq 2200689634, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4j.@….m…f+….:…+…….. .f……………
2017-05-21 15:48:27.522776 IP 192.168.1.102.55354 > 43.252.163.135.8086: Flags [S], seq 2200689634, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4j.@….l…f+….:…+…….. .f……………
2017-05-21 15:48:28.271503 IP 192.168.1.102.55354 > 43.252.163.135.8086: Flags [S], seq 2200689634, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0j.@….o…f+….:…+……p. .z………..
Please follow and like us: