| SHA256: | 439f3181ca4d64c15041b0e011e5b1769f79e414b9ad78e26c42b39c2253b005 |
| File name: | shouhu.exe |
| Detection ratio: | 31 / 56 |
| Analysis date: | 2016-11-03 00:43:25 UTC ( 0 minutes ago ) |
| AegisLab | Troj.W32.Sasfis.lqzi | 20161102 |
| AhnLab-V3 | Malware/Win32.Generic.N2142312657 | 20161102 |
| Antiy-AVL | Trojan/Win32.TSGeneric | 20161103 |
| Arcabit | Trojan.Zusy.D313F0 | 20161103 |
| Avast | Win32:Malware-gen | 20161103 |
| Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9557 | 20161101 |
| BitDefender | Gen:Variant.Zusy.201712 | 20161103 |
| Bkav | W32.Clod32a.Trojan.2bca | 20161102 |
| Comodo | Worm.Win32.Dropper.RA | 20161102 |
| CrowdStrike Falcon (ML) | malicious_confidence_100% (W) | 20161024 |
| Cyren | W32/Agent.EW.gen!Eldorado | 20161102 |
| Emsisoft | Gen:Variant.Zusy.201712 (B) | 20161102 |
| F-Prot | W32/Agent.EW.gen!Eldorado | 20161102 |
| F-Secure | Trojan:W32/DelfInject.R | 20161102 |
| Fortinet | Riskware/Qhost | 20161102 |
| GData | Gen:Variant.Zusy.201712 | 20161102 |
| Invincea | trojan.win32.startpage.agm | 20161018 |
2016-11-02 19:27:46.918199 IP 192.168.1.102.53070 > 42.51.155.153.80: Flags [P.], seq 0:313, ack 1, win 256, length 313: HTTP: GET /yehuo/shouhu.exe?id=0.671988278308449 HTTP/1.1
E..a.6@…T….f*3…N.P.a.j..b.P…….GET /yehuo/shouhu.exe?id=0.671988278308449 HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: 42.51.155.153
Connection: Keep-Alive
2016-11-02 19:27:47.170302 IP 192.168.1.102.53070 > 42.51.155.153.80: Flags [.], ack 2921, win 256, length 0
E..(.7@…U….f*3…N.P.a….n/P…@p……..
—
E..(.m@…T….f*3…O.P…1….P…J………
2016-11-02 19:28:21.110880 IP 192.168.1.102.53071 > 42.51.155.153.80: Flags [P.], seq 0:434, ack 1, win 256, length 434: HTTP: GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.744495382322232 HTTP/1.1
E….n@…R….f*3…O.P…1….P…….GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.744495382322232 HTTP/1.1
Accept: */*
Referer: http://42.51.155.153/yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.744495382322232
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 42.51.155.153
Cache-Control: no-cache
2016-11-02 19:28:21.419292 IP 192.168.1.102.53071 > 42.51.155.153.80: Flags [.], ack 406, win 255, length 0
—
E..(.p@…T….f*3…N.P.a……P..,.P……..
2016-11-02 19:28:26.762109 IP 192.168.1.102.53071 > 42.51.155.153.80: Flags [P.], seq 434:868, ack 406, win 255, length 434: HTTP: GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662 HTTP/1.1
E….q@…R….f*3…O.P…….bP…….GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662 HTTP/1.1
Accept: */*
Referer: http://42.51.155.153/yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 42.51.155.153
Cache-Control: no-cache
2016-11-02 19:28:26.886586 IP 192.168.1.102.53071 > 42.51.155.153.80: Flags [.], ack 407, win 255, length 0
—
E..(.u@…T….f*3…P.P.Z.I….P………….
2016-11-02 19:28:27.159415 IP 192.168.1.102.53072 > 42.51.155.153.80: Flags [P.], seq 0:434, ack 1, win 256, length 434: HTTP: GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662 HTTP/1.1
E….v@…R….f*3…P.P.Z.I….P…`)..GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662 HTTP/1.1
Accept: */*
Referer: http://42.51.155.153/yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 42.51.155.153
Written By
2020-06-23 15:26:21.518710 IP 10.1.10.15.49742 > 217.8.117.45.80: Flags [P.], seq 1:502, ack 1, win 16425, length 501: HTTP: GET /zxcv.EXE HTTP/1.1 E....=@...wX . ...u-.N.P'&"i....P.@).Q..GET /zxcv.EXE HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-us User-Agent: Mozill...
AZORult/RacoonStealer can steal banking information including passwords and credit card details as well as cryptocurrency. This constantly updated information stealer malware should not be taken lightly, as it continues to be an active threat. Raccoon is an info...
Predator the Thief is an information stealer, meaning that it is a malware that steals data from infected systems. This virus can access the camera and spy on victims, steal passwords and login information as well as retrieve payment data from cryptocurrency wallet...
Hostile IPs: 172.217.164.131 172.217.9.206 172.253.63.132 188.127.249.210 195.201.225.248 217.8.117.45 34.107.4.68 91.193.75.172 96.6.6.64 Dynamic Analysis Report Classification:DownloaderSpyware Threat Names:AZORult v3Gen:Varian...
