uninstall_20161023.exe Game Adware/PUP/Riskware Traffic Analysis PCAP file download sample

SHA256: 3b9ca6e423df2d8e57ceb74d7ef8b09fde239fbcb04c753254980b3c3d0a27a6
File name: uninstall_20161023.exe
Detection ratio: 23 / 56
Analysis date: 2016-10-26 22:34:40 UTC ( 0 minutes ago )
Antivirus Result Update
ALYac Trojan.Generic.16842506 20161026
AVG Win32/DH{JAMTCg?} 20161026
AVware Trojan.Win32.Generic!BT 20161026
Ad-Aware Trojan.Generic.16842506 20161026
AegisLab Virus.W32.Gen!c 20161026
AhnLab-V3 PUP/Win32.Generic.C1589978 20161026
Arcabit Trojan.Generic.D100FF0A 20161026
BitDefender Trojan.Generic.16842506 20161026
Bkav W32.Clod2fa.Trojan.dc95 20161026
CAT-QuickHeal AdWare.Agent 20161026
ClamAV Win.Trojan.Agent-1394427 20161026

2016-10-26 00:10:54.248311 IP 192.168.1.102.61842 > 203.130.54.225.80: Flags [P.], seq 0:313, ack 1, win 256, length 313: HTTP: GET /xunyou2014/uninstall_20161023.exe HTTP/1.1
E..a..@…!(…f..6….P~.t     #..jP…….GET /xunyou2014/uninstall_20161023.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: update.xunyou.com
Connection: Keep-Alive

2016-10-26 00:10:54.346017 IP 192.168.1.102.61842 > 203.130.54.225.80: Flags [.], ack 2921, win 256, length 0
E..(..@…”`…f..6….P~.uB#…P………….

E..(4e@……..f{}…..P.=fD5^D.P….(……..
2016-10-26 00:10:58.254798 IP 192.168.1.102.61843 > 123.125.161.216.80: Flags [P.], seq 0:144, ack 1, win 260, length 144: HTTP: GET /class3.code.ca.cer HTTP/1.1
E…4f@….u…f{}…..P.=fD5^D.P…?…GET /class3.code.ca.cer HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: aia.wosign.com
Connection: Keep-Alive

2016-10-26 00:11:14.657315 IP 192.168.1.102.61846 > 203.130.54.225.80: Flags [P.], seq 0:98, ack 1, win 256, length 98: HTTP: GET /xunyouclient/xunyou_2014.exe HTTP/1.1
E…..@…!….f..6….P…g.Ww.P…….GET /xunyouclient/xunyou_2014.exe HTTP/1.1
Host: download.xunyou.com
Cache-Control: no-cache

 

2016-10-26 00:12:37.477769 IP 192.168.1.102.61870 > 203.130.54.225.80: Flags [P.], seq 498:747, ack 659360, win 1870, length 249: HTTP: GET /xunyou2014/gameconfig.txt HTTP/1.1
E..!’.@….7…f..6….Pt….74.P..N….GET /xunyou2014/gameconfig.txt HTTP/1.1
Accept: Accept:*/*
Host: update.xunyou.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: Hm_lvt_97262a2af2a6d8e28d19da388fb2c24b=1477455043; Hm_lvt_5ff93f4cdf094cff65ecefcce99b28b8=1477455044

2016-10-26 00:12:37.924438 IP 192.168.1.102.61869 > 183.2.219.200.80: Flags [P.], seq 477:592, ack 24079, win 256, length 115: HTTP: GET /images/games/600.jpg HTTP/1.1
E…, @…yc…f…….P.Aw.’.&oP…R<..GET /images/games/600.jpg HTTP/1.1
User-Agent: WinHttpPostSample
Host: www.xunyou.com
Connection: Keep-Alive