Download Attachments
| SHA256: | 439f3181ca4d64c15041b0e011e5b1769f79e414b9ad78e26c42b39c2253b005 |
| File name: | shouhu.exe |
| Detection ratio: | 31 / 56 |
| Analysis date: | 2016-11-03 00:43:25 UTC ( 0 minutes ago ) |
| AegisLab | Troj.W32.Sasfis.lqzi | 20161102 |
| AhnLab-V3 | Malware/Win32.Generic.N2142312657 | 20161102 |
| Antiy-AVL | Trojan/Win32.TSGeneric | 20161103 |
| Arcabit | Trojan.Zusy.D313F0 | 20161103 |
| Avast | Win32:Malware-gen | 20161103 |
| Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9557 | 20161101 |
| BitDefender | Gen:Variant.Zusy.201712 | 20161103 |
| Bkav | W32.Clod32a.Trojan.2bca | 20161102 |
| Comodo | Worm.Win32.Dropper.RA | 20161102 |
| CrowdStrike Falcon (ML) | malicious_confidence_100% (W) | 20161024 |
| Cyren | W32/Agent.EW.gen!Eldorado | 20161102 |
| Emsisoft | Gen:Variant.Zusy.201712 (B) | 20161102 |
| F-Prot | W32/Agent.EW.gen!Eldorado | 20161102 |
| F-Secure | Trojan:W32/DelfInject.R | 20161102 |
| Fortinet | Riskware/Qhost | 20161102 |
| GData | Gen:Variant.Zusy.201712 | 20161102 |
| Invincea | trojan.win32.startpage.agm | 20161018 |
2016-11-02 19:27:46.918199 IP 192.168.1.102.53070 > 42.51.155.153.80: Flags [P.], seq 0:313, ack 1, win 256, length 313: HTTP: GET /yehuo/shouhu.exe?id=0.671988278308449 HTTP/1.1
E..a.6@…T….f*3…N.P.a.j..b.P…….GET /yehuo/shouhu.exe?id=0.671988278308449 HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: 42.51.155.153
Connection: Keep-Alive
2016-11-02 19:27:47.170302 IP 192.168.1.102.53070 > 42.51.155.153.80: Flags [.], ack 2921, win 256, length 0
E..(.7@…U….f*3…N.P.a….n/P…@p……..
—
E..(.m@…T….f*3…O.P…1….P…J………
2016-11-02 19:28:21.110880 IP 192.168.1.102.53071 > 42.51.155.153.80: Flags [P.], seq 0:434, ack 1, win 256, length 434: HTTP: GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.744495382322232 HTTP/1.1
E….n@…R….f*3…O.P…1….P…….GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.744495382322232 HTTP/1.1
Accept: */*
Referer: http://42.51.155.153/yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.744495382322232
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 42.51.155.153
Cache-Control: no-cache
2016-11-02 19:28:21.419292 IP 192.168.1.102.53071 > 42.51.155.153.80: Flags [.], ack 406, win 255, length 0
—
E..(.p@…T….f*3…N.P.a……P..,.P……..
2016-11-02 19:28:26.762109 IP 192.168.1.102.53071 > 42.51.155.153.80: Flags [P.], seq 434:868, ack 406, win 255, length 434: HTTP: GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662 HTTP/1.1
E….q@…R….f*3…O.P…….bP…….GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662 HTTP/1.1
Accept: */*
Referer: http://42.51.155.153/yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 42.51.155.153
Cache-Control: no-cache
2016-11-02 19:28:26.886586 IP 192.168.1.102.53071 > 42.51.155.153.80: Flags [.], ack 407, win 255, length 0
—
E..(.u@…T….f*3…P.P.Z.I….P………….
2016-11-02 19:28:27.159415 IP 192.168.1.102.53072 > 42.51.155.153.80: Flags [P.], seq 0:434, ack 1, win 256, length 434: HTTP: GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662 HTTP/1.1
E….v@…R….f*3…P.P.Z.I….P…`)..GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662 HTTP/1.1
Accept: */*
Referer: http://42.51.155.153/yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 42.51.155.153