cojun15cart.com 23.22.255.164
Description :
Contains anti-debugging code
It makes use of some deprecated flags in the Characteristics field of FileHeader
PE section has SizeOfRawData set to zero
Behaviours :
Automatically unpack its own code
Deletes itself
Deletes itself after reboot
Drops .EXE file
Manipulates Internet Explorer settings
Runs existing executable
Suspicious delay
TCP Connections
Type Send :
C:cicaafbwww.exe (v. 1.0.0.0) 50.97.234.3:80 hxxp://cojun15cart.com/download.php?kHmEcWk=
Hosting Infos :
http://whois.domaintools.com/23.22.255.164