Fareit Symmi Malware Trojan Download Document PDF.exe PCAP file download traffic sample nwheilcopters.com

 

SHA256: f32608f94f3701e153e769645ff6525e241cedbc5e27f6d1553d386dde0a048c
File name: DUCUMENT-3839274322-pdf.exe
Detection ratio: 45 / 58
Analysis date: 2017-06-06 01:11:22 UTC ( 1 minute ago )
Ad-Aware Gen:Variant.Symmi.68723 20170605
AegisLab Troj.Psw.W32.Fareit!c 20170605
AhnLab-V3 Win-Trojan/VBKrypt.RP 20170605
ALYac Gen:Variant.Symmi.68723 20170605
Antiy-AVL Trojan[PSW]/Win32.Fareit 20170605
Arcabit Trojan.Symmi.D10C73 20170605
Avast Win32:Malware-gen 20170606
AVG Generic_vb.PMG 20170605
Avira (no cloud) TR/Dropper.VB.spuhf 20170605
AVware Trojan.Win32.Generic!BT 20170606
BitDefender Gen:Variant.Symmi.68723 20170606
CAT-QuickHeal Trojan.Dynamer 20170605
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170420
Cyren W32/VBInject.JS.gen!Eldorado 20170606
Emsisoft Gen:Variant.Symmi.68723 (B) 20170606
Endgame malicious (high confidence) 20170515
ESET-NOD32 a variant of Win32/Injector.DOVE 20170606
F-Prot W32/VBInject.JS.gen!Eldorado 20170606
F-Secure Gen:Variant.Symmi.68723 20170606

2017-06-05 17:47:35.334150 IP 192.168.1.102.63867 > 108.170.51.58.80: Flags [P.], seq 0:423, ack 1, win 256, length 423: HTTP: GET /pdff/DUCUMENT-3839274322-pdf.exe HTTP/1.1
E…={@…Y….fl.3:.{.P.._P.   wfP…D…GET /pdff/DUCUMENT-3839274322-pdf.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: nwheilcopters.com
Connection: Keep-Alive

2017-06-05 17:49:01.682221 IP 192.168.1.102.54601 > 40.77.229.75.443: Flags [P.], seq 1854863488:1854863605, ack 1794521671, win 257, length 117
E…..@……..f(M.K.I..n…j.:GP….Q……p….%q..*..e.]..(…..J…….j.g$……0:[..y9.\{0.@9…..T..QQY.%…:p%..a5
(8.e.4{.tV…g.;……n….cW>\.).
2017-06-05 17:49:01.836809 IP 192.168.1.102.54601 > 40.77.229.75.443: Flags [.], ack 150, win 256, length 0
E..(..@….(…f(M.K.I..n…j.:.P………….