UpdateCheckerSetup.exe FileBulldog Somoto PUP Trojan Bundler Traffic Sample PCAP file download

SHA256: 2fe31207fa8084ecbfc453d068a69c51b8de54b89425cdca061eb71d9b5d82b8
File name: UpdateCheckerSetup.exe
Detection ratio: 35 / 55
Analysis date: 2016-10-26 23:00:53 UTC ( 0 minutes ago )

Antivirus Result Update
AVG Skodna.Generic_c.NY 20161026
AVware BetterInstaller (fs) 20161026
Ad-Aware Application.Bundler.Somoto.AI 20161026
AegisLab Troj.Downloader.W32!c 20161026
AhnLab-V3 Win-PUP/Somoto 20161026
Antiy-AVL Trojan/Generic.ASMalwNS.3575 20161026
Arcabit Application.Bundler.Somoto.AI 20161026
Avast Win32:Somoto-J [PUP] 20161026
BitDefender Application.Bundler.Somoto.AI 20161026
Bkav W32.HfsAdware.71E9 20161026
CAT-QuickHeal PUA.Somotoltd.Gen 20161026
Comodo Application.Win32.Somoto.~GF 20161026

 

016-10-25 22:58:23.409041 IP 192.168.1.102.60978 > 52.85.101.218.80: Flags [P.], seq 0:331, ack 1, win 256, length 331: HTTP: GET /mirror/filesfrog/UpdateCheckerSetup.exe HTTP/1.1
E..sR*@…K….f4Ue..2.Pv….j$.P…….GET /mirror/filesfrog/UpdateCheckerSetup.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: d3co60ldp5uwaw.cloudfront.net
Connection: Keep-Alive

2016-10-25 22:58:30.889308 IP 192.168.1.102.60981 > 104.16.93.188.80: Flags [.], ack 2921, win 256, length 0
E..(..@…]….fh.]..5.P.v..).l.P….$……..

E..(..@….5…f6H      3.8.P9.g1-..<P…9………
2016-10-25 22:58:50.885743 IP 192.168.1.102.60984 > 54.72.9.51.80: Flags [P.], seq 0:524, ack 1, win 64240, length 524: HTTP: GET /get_list?uid=b8a6f1be0e2df54799fee2996770f94e&muid=a86ddfa509f7815ce19ed4491d864bcd&user_interval=24&v=4.4.0&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgYzggZjIgNjYgM2YgMzUgNDYtM2MgMTQgODIgNDQgNTYgMTggNGEgOTEgIElOVEVMICAtIDYwNDAwMDA&c=0&affid=filesfrogvisible&manual=1&t=0 HTTP/1.1
E..4..@….(…f6H      3.8.P9.g1-..<P…FQ..GET /get_list?uid=b8a6f1be0e2df54799fee2996770f94e&muid=a86ddfa509f7815ce19ed4491d864bcd&user_interval=24&v=4.4.0&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgYzggZjIgNjYgM2YgMzUgNDYtM2MgMTQgODIgNDQgNTYgMTggNGEgOTEgIElOVEVMICAtIDYwNDAwMDA&c=0&affid=filesfrogvisible&manual=1&t=0 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: FileBulldog 4.0
Host: check.frogupdate.com
Connection: Keep-Alive
Cache-Control: no-cache