speedupmypc.exe Speed Up My PC PUP Adware Riskware Bundler PCAP File Download Traffic Sample

SHA256: fd399751ceb5ed4c25d690f2f10aabeb4dfad6341714029c24748df0481963f0
File name: speedupmypc.exe
Detection ratio: 15 / 56
Analysis date: 2016-11-16 04:24:21 UTC ( 0 minutes ago )
AVG PCSB.C 20161116
AVware Trojan.Win32.Generic!BT 20161116
AegisLab W32.Application.Uniblue!c 20161116
DrWeb Program.Unwanted.1514 20161116
ESET-NOD32 Win32/SpeedUpMyPC.A potentially unwanted 20161116
Fortinet Riskware/SpeedUpMyPC 20161116
GData Win32.Application.Uniblue.A 20161116
Ikarus PUA.Uniblue 20161115
Invincea virus.win32.sality.at 20161018
K7AntiVirus Adware ( 004bb0441 ) 20161115
K7GW Adware ( 004bb0441 ) 20161116
Malwarebytes PUP.Optional.Uniblue 20161116
McAfee-GW-Edition BehavesLike.Win32.Obfuscated.tc 20161116
SUPERAntiSpyware PUP.SpeedUpMyPC/Variant 20161116
VIPRE Trojan.Win32.Generic!BT 20161116

2016-11-15 18:43:07.173960 IP 192.168.1.102.52775 > 107.20.189.243.80: Flags [P.], seq 0:342, ack 1, win 256, length 342: HTTP: GET /cm/afterdownload/speedupmypc/uk-mpu-1/setup/speedupmypc.exe HTTP/1.1
E..~I.@….r…fk….’.P ….R..P…v…GET /cm/afterdownload/speedupmypc/uk-mpu-1/setup/speedupmypc.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: download.uniblue.com
Connection: Keep-Alive

2016-11-15 18:43:07.211074 IP 192.168.1.102.63208 > 75.75.75.75.53: 51033+ A? files.uniblue.com. (35)
E..?p…..qw…fKKKK…5.+P..Y………..files.uniblue.com…..

E..(s.@….p…f4….(.P’..X)].$P………….
2016-11-15 18:43:07.268182 IP 192.168.1.102.52776 > 52.216.1.203.80: Flags [P.], seq 0:461, ack 1, win 257, length 461: HTTP: GET /cm/afterdownload/speedupmypc/uk-mpu-1/setup/speedupmypc.exe HTTP/1.1
E…s.@……..f4….(.P’..X)].$P…1…GET /cm/afterdownload/speedupmypc/uk-mpu-1/setup/speedupmypc.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: files.uniblue.com
Connection: Keep-Alive
Range: bytes=451813-
Unless-Modified-Since: Tue, 19 Jul 2016 16:26:19 GMT
If-Range: “3f2ec3ba48632a2368c774747fb9ad58”


E..(j.@…`….f.4U..).P.t._I…P………….
2016-11-15 18:43:10.845116 IP 192.168.1.102.52777 > 23.52.85.163.80: Flags [P.], seq 0:173, ack 1, win 256, length 173: HTTP: GET /sf.crl HTTP/1.1
E…j.@…`F…f.4U..).P.t._I…P…….GET /sf.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: sf.symcb.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache

2016-11-15 18:43:10.868334 IP 192.168.1.102.52777 > 23.52.85.163.80: Flags [.], ack 2921, win 256, length 0
E..(j.@…`….f.4U..).P.t..I..sP…t………

E..(.4@……..f6.Q..*.P…..;.{P…6o……..
2016-11-15 18:43:15.554941 IP 192.168.1.102.52778 > 54.247.81.186.80: Flags [P.], seq 0:410, ack 1, win 256, length 410: HTTP: POST /v1/collect HTTP/1.1
E….5@….A…f6.Q..*.P…..;.{P…I…POST /v1/collect HTTP/1.1
Content-Type: application/json
Content-Length: 192
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: tracking.uniblue.com
Connection: Keep-Alive

{“recipient”:”uniblue.sp-6_0_15_0.web”,”client_id”:””,”event”:”prod.sp.mypcbackup_offer_included.cm/afterdownload/speedupmypc/uk-mpu-1/setup/speedupmypc.exe”,”buildtest_id”:””,”unit_id”:”740″}
2016-11-15 18:43:15.593326 IP 192.168.1.102.52780 > 54.247.81.186.80: Flags [S], seq 1602288928, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0

2016-11-15 18:43:42.475266 IP 192.168.1.102.52780 > 54.247.81.186.80: Flags [P.], seq 1208:1630, ack 526, win 254, length 422: HTTP: POST /v1/collect HTTP/1.1
E….E@….%…f6.Q..,.P_…..6.P…….POST /v1/collect HTTP/1.1
Content-Type: application/json
Content-Length: 204
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: tracking.uniblue.com
Connection: Keep-Alive

{“recipient”:”uniblue.sp-6_0_15_0.web”,”client_id”:””,”event”:”prod.sp.install_standalone_download_completed.cm/afterdownload/speedupmypc/uk-mpu-1/setup/speedupmypc.exe”,”buildtest_id”:””,”unit_id”:”740″}
2016-11-15 18:43:42.672871 IP 192.168.1.102.52780 > 54.247.81.186.80: Flags [.], ack 701, win 253, length 0
E..(.F@……..f6.Q..,.P_…..7MP………….

E..(p.@…1Y…f.”…3.P..:^..Q.P…o………
2016-11-15 18:43:48.292481 IP 192.168.1.102.52787 > 176.34.230.166.80: Flags [P.], seq 0:408, ack 1, win 256, length 408: HTTP: POST /v1/collect HTTP/1.1
E…p.@…/….f.”…3.P..:^..Q.P…….POST /v1/collect HTTP/1.1
Content-Type: application/json
Content-Length: 190
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: tracking.uniblue.com
Connection: Keep-Alive

{“recipient”:”uniblue.sp-6_0_15_0.standalone”,”client_id”:””,”event”:”prod.sp.install_launched.cm/afterdownload/speedupmypc/uk-mpu-1/setup/speedupmypc.exe”,”buildtest_id”:””,”unit_id”:”740″}
2016-11-15 18:43:48.509108 IP 192.168.1.102.52787 > 176.34.230.166.80: Flags [.], ack 176, win 255, length 0
E..(p.@…1W…f.”…3.P..;…R\P…m………

E..(p.@…1V…f.”…2.P!qP.u.v_P…)………
2016-11-15 18:43:49.461154 IP 192.168.1.102.52786 > 176.34.230.166.80: Flags [P.], seq 0:419, ack 1, win 256, length 419: HTTP: POST /v1/collect HTTP/1.1
E…p.@…/….f.”…2.P!qP.u.v_P….X..POST /v1/collect HTTP/1.1
Content-Type: application/json
Content-Length: 201
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: tracking.uniblue.com
Connection: Keep-Alive