https://www.microsoft.com/en-us/security/portal/threat/encyclopedia/Entry.aspx?Name=PUA%3AWin32%2FBindex&bc7d4b87-6a70-4399-aa61-382cf282dd03=True https://www.hybrid-analysis.com/sample/61833b3ff749d8582a6b23c7b40cc7129d1fd934223527a0dd29ff2964b796d3?environmentId=4 2016-10-23 01:06:22.123126 IP 192.168.1.102.58823 > 61.160.210.226.80: Flags [P.], seq 0:314, ack 1, win 256, length 314: HTTP: GET /cx/160624/6/@19_424481.exe HTTP/1.1 E..bb.@….`…f=……P……..P…G…GET /cx/160624/6/@19_424481.exe HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Encoding: gzip, deflate Host: 1476976839.xiazaidown.com Connection: Keep-Alive 2016-10-23 01:06:34.242727 IP 192.168.1.102.58826 > 121.41.10.159.80: Flags [P.], seq 0:178, ack 1, win 256, length 178: HTTP: GET /api.php?id=424481[1]&qid=19&rand=52229065361&title=&t=0 HTTP/1.1 E…E.@…n….fy) ….P(..B..{.P…l…GET /api.php?id=424481[1]&qid=19&rand=52229065361&title=&t=0 HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: down.xiald.com Connection: Keep-Alive Cache-Control: no-cache 2016-10-23 01:06:34.572935 IP 192.168.1.102.58826 > 121.41.10.159.80: Flags [.], ack 456, win 254, length 0 E..(E.@…o4…fy) — E..(]#@…&….f{g9B…P.&9.d.7.P….5…….. 2016-10-23 […]