Trojan.DownLoader37.28038

Technical Information

Network activity

Connects to

'ma##ham.ir':80
'microsoft.com':80
'bs#.ir':443
'cd#.#sriran.com':443
'es###hdami.org':80
'bm#.ir':443
's8.##cofile.com':443
'vi##a.ir':443
'bs#.ir':80
'go#####agmanager.com':443
'cd#.#sriran.com':80
'vi##a.ir':80
'bm#.ir':80
'ka####-behzisti.ir':80
's8.##cofile.com':80
'cd#.##ktanet.com':443
'cd#.###ine.4dsply.com':443
'we##ozar.ir':80
'r3.#.lencr.org':80
'oc##.#ectigo.com':80

TCP

HTTP GET requests

http://ro##log.com/include/rozblog_ads_js.php
http://ro##p.ir/view/2149657/fish-hoghoogh_363421.jpg
http://ro##p.ir/view/2149616/ncr-ir.jpg
http://ro##p.ir/view/2149656/fish-hoghoogh_663219.jpg
http://ro##p.ir/view/2144727/246715.jpg
http://ro##p.ir/view/2149653/fish-hoghoogh.jpg
http://ro##p.ir/view/2149621/yaraneh-naghdi.jpg
http://ro##p.ir/view/2284587/bsi.jpg
http://ro##p.ir/view/2191491/sheikhol%20raees.png
http://ro##p.ir/view/151413/itemtracking.post.ir.GIF.gif
http://ro##p.ir/view/2270511/emamreza.JPG.jpg
http://ro##p.ir/view/2132467/Pic[1]_68407_790016.jpg
http://ro##p.ir/view/2283108/biglogo.gif
http://ro##p.ir/view/2270699/banksepah.jpg
http://ro##p.ir/view/2298026/BMILogo.png
http://ro##p.ir/view/2716325/97-09-c23-914.jpg
http://ro##p.ir/view/2697577/amriye-sarbazi.jpeg
http://ro##p.ir/view/2744331/samet.JPG.jpg
http://ro##p.ir/view/2667349/bimeiran.JPG.jpg
http://ro##p.ir/view/2156636/hesabe-sheba-sahame-edalat.jpg
http://ro##p.ir/view/2130274/5939669_904_430032.jpg
http://ro##p.ir/view/2635447/marmisho_237247.jpeg
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
http://ro##p.ir/view/2710902/538617_131_51751.jpg
http://ro##p.ir/view/2169583/940601-1.jpg
http://ro##p.ir/view/2551739/864822_504.jpg
http://ro##p.ir/view/2616526/1455972793840_ISNA2217%20copy-th3.jpg
http://ro##p.ir/view/2881641/news_18392_1404275306_799751.jpg
http://ro##p.ir/view/2880064/992304_156_890922.jpg
http://ro##p.ir/view/2880948/990426_490.jpg
http://ro##p.ir/view/2880088/725732_285_573828.jpeg
http://ro##p.ir/view/2890149/998421_968_570682.jpg
http://ma##ham.ir/code/popup
http://ma##ham.ir/user/nationalcode.jpg
http://ro##log.com/temp/rang/like.png
http://ro##p.ir/view/2744534/photo_2019-01-06_18-27-16.jpg
http://s8.##cofile.com/file/8303158618/images.jpg
http://ro##log.com/images/refresh.gif
http://ro##p.ir/view/2320143/cheque.jpg
http://ro##p.ir/view/3200157/stockholdercode021.jpg
http://ro##p.ir/view/3307579/1191969_492.jpg
http://ro##p.ir/view/3307576/1191578_952.jpg
http://ro##p.ir/view/3303503/8772160_734.png
http://ro##p.ir/view/3303391/1189676_933.jpg
http://ro##p.ir/view/3303046/1189200_397_526645.jpg
http://ro##p.ir/view/3303044/1189202_211.jpg
http://ro##p.ir/view/3299585/1186579_505.png
http://ro##p.ir/view/3297188/corona.jpg
http://ro##p.ir/view/3296916/1185410_859.jpg
http://ro##p.ir/view/3296913/1185790_646.jpg
http://ro##p.ir/view/3243517/1158231_347_480978.jpg
http://ro##p.ir/view/3130479/samanese.ir_498523.png
http://ro##p.ir/view/3123469/192013.jpg
http://ro##p.ir/view/3122327/shad.app.jpg
http://ro##p.ir/view/2903436/1004438_599.jpg
http://ro##p.ir/view/2900140/1002699_360.jpg
http://ro##p.ir/view/2900082/1003014_116_410363.jpg
http://ro##p.ir/view/2900043/1003181_592.jpg
http://ro##p.ir/view/2891028/999029_180_207664.jpg
http://ro##p.ir/view/2882365/132950.jpg
http://oc##.#ectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEA4XQ00je0h9hnmjUyA%2F95g%3D