Index of /publicDatasets/CTU-Malware-Capture-Botnet-65

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[   ]2014-04-07_capture-win11.biargus2017-01-16 20:27 656K 
[   ]2014-04-07_capture-win11.binetflow2017-01-16 20:27 321K 
[   ]2014-04-07_capture-win11.capinfos2015-08-29 16:10 760  
[   ]2014-04-07_capture-win11.dnstop2015-08-29 16:10 7.0K 
[TXT]2014-04-07_capture-win11.html2015-04-09 15:37 5.8M 
[   ]2014-04-07_capture-win11.json2015-04-09 15:37 8.2M 
[   ]2014-04-07_capture-win11.passivedns2015-08-29 16:10 31K 
[   ]2014-04-07_capture-win11.pcap2014-04-06 09:48 35M 
[   ]2014-04-07_capture-win11.rrd2014-04-07 11:02 8.0M 
[   ]2014-04-07_capture-win11.tcpdstat2017-01-16 20:27 1.7K 
[   ]2014-04-07_capture-win11.uniargus2017-01-16 20:27 6.9M 
[   ]2014-04-07_capture-win11.uninetflow2017-01-16 20:27 4.5M 
[   ]2014-04-07_capture-win11.weblogng2016-06-15 18:49 325K 
[   ]99513848a981463c0212b3021155c457.exe.zip2015-12-16 10:26 181K 
[TXT]README.html2017-01-16 20:27 797  
[TXT]README.md2015-04-09 15:39 581  
[DIR]bro/2017-08-31 09:45 -  
[TXT]fast-flux-dga-first-analysis.txt2017-01-16 20:27 17K 

Analysis Trojan/Adware/DownWare

VirusTotal Link

Timeline

Sun Feb 23 11:32:56 CET 2014

started win11

Sun Feb 23 11:35:22 CET 2014

infected with 99513848a981463c0212b3021155c457.exe: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

Tries to install PlusHD browser addon click on next click on next It is downloading stuff

Mon Apr 7 10:17:23 CEST 2014

Huge powerdown on Sun 06, at 10am... powering up now.