SHA256: 849aa2e275d84c05213f95f764331df0dd743b17b32f61174ac45946544f67eb File name: sub.exe Detection ratio: 16 / 55 Analysis date: 2017-01-24 02:42:52 UTC ( 0 minutes ago ) Avast Win32:Malware-gen 20170124 Avira (no cloud) TR/Crypt.Xpack.gsrsm 20170123 CrowdStrike Falcon (ML) malicious_confidence_76% (W) 20161024 DrWeb Trojan.Encoder.5994 20170124 ESET-NOD32 NSIS/Injector.SH 20170124 GData Win32.Trojan.Agent.XY7YM7 20170124 Invincea ransom.win32.critroni.b 20170111 Kaspersky Trojan-Ransom.Win32.Zerber.bghv 20170124 Malwarebytes Ransom.Cerber 20170124 McAfee Artemis!130678330541 20170124 McAfee-GW-Edition BehavesLike.Win32.ObfusRansom.fc 20170124 Rising Trojan.Injector!8.C4-pKe2N6RHzqF (cloud) 20170124 Sophos Mal/Generic-S 20170124 Symantec ML.Attribute.VeryHighConfidence [Heur.AdvML.B] 20170123 2017-01-23 20:55:04.860000 IP 192.168.1.102.50480 > 162.214.17.204.80: Flags [P.], seq 0:314, ack 1, win 256, length 314: HTTP: GET /wp-includes/images/wlw/sub.exe HTTP/1.1 E..b5.@…L….f…..0.P.M.`\.j\P….|..GET /wp-includes/images/wlw/sub.exe HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us […]