× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 23d89befb363b4966b05ed69f08c582a555de22e7352a0a9273039ff11789fbf
File name: doublepulsar-backdoor-connect-win7.pcap
Detection ratio: 0 / 59
Analysis date: 2017-11-29 14:51:09 UTC ( 7 months, 3 weeks ago )
Intrusion Detection System Result
Snort 3 alerts
Suricata 7 alerts
Antivirus Result Update
Ad-Aware 20171129
AegisLab 20171129
AhnLab-V3 20171129
Alibaba 20171129
ALYac 20171129
Antiy-AVL 20171129
Arcabit 20171129
Avast 20171129
Avast-Mobile 20171129
AVG 20171129
Avira (no cloud) 20171129
AVware 20171129
Baidu 20171129
BitDefender 20171129
Bkav 20171129
CAT-QuickHeal 20171129
ClamAV 20171129
CMC 20171126
Comodo 20171129
CrowdStrike Falcon (ML) 20171016
Cybereason None
Cylance 20171129
Cyren 20171129
DrWeb 20171129
eGambit 20171129
Emsisoft 20171129
Endgame 20171024
ESET-NOD32 20171129
F-Prot 20171129
F-Secure 20171129
Fortinet 20171129
GData 20171129
Ikarus 20171129
Sophos ML 20170914
Jiangmin 20171129
K7AntiVirus 20171129
K7GW 20171129
Kaspersky 20171129
Kingsoft 20171129
Malwarebytes 20171129
MAX 20171129
McAfee 20171129
McAfee-GW-Edition 20171129
Microsoft 20171129
eScan 20171129
NANO-Antivirus 20171129
nProtect 20171129
Palo Alto Networks (Known Signatures) 20171129
Panda 20171129
Qihoo-360 20171129
Rising 20171129
SentinelOne (Static ML) 20171113
Sophos AV 20171129
SUPERAntiSpyware 20171129
Symantec 20171129
Symantec Mobile Insight 20171129
Tencent 20171129
TheHacker 20171126
TrendMicro 20171129
TrendMicro-HouseCall 20171129
Trustlook 20171129
VBA32 20171129
VIPRE 20171129
ViRobot 20171129
Webroot 20171129
WhiteArmor 20171104
Yandex 20171120
Zillya 20171129
ZoneAlarm by Check Point 20171129
Zoner 20171129
PCAP file! The file being studied is a network traffic capture, when studying it with intrusion detection systems Snort triggered 3 alerts and Suricata triggered 7 alerts.
Wireshark file metadata
File encapsulation Ethernet
Number of packets 94
Data size 13 kB
Start time 2017-04-16 18:09:32
File type pcap
End time 2017-04-16 18:09:52
Capture duration 20.247860 seconds
DNS requests
Snort alerts Sourcefire VRT ruleset
Suricata alerts Emerging Threats ETPro ruleset
File identification
MD5 748156d8323c263720c7f6854dafdf45
SHA1 7d279fbc47e463577c3d7017c6ecafec42f8ff44
SHA256 23d89befb363b4966b05ed69f08c582a555de22e7352a0a9273039ff11789fbf
ssdeep
192:iAgsbt442ZfTMTCi37zzM/RTuO/M536vOvbrTtQ6YORg6eeJ5xONsPg:JbKIIk33Nb9/ge5x4s4

File size 14.4 KB ( 14724 bytes )
File type Network capture
Magic literal
tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 262144)

TrID TCPDUMP's style capture (little-endian) (100.0%)
Tags
cap shellcode

VirusTotal metadata
First submission 2017-04-16 20:30:57 UTC ( 1 year, 3 months ago )
Last submission 2017-09-19 18:33:45 UTC ( 10 months ago )
File names doublepulsar-backdoor-connect-win7.pcap
eternalblue-backdoor-connect-win7.pcap
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!