HTTP malware

DNS QueriesDNS Query Text
www.agriturismoraggiodisole.com IN A +
www.agit.com.br IN A +
www.ameagaru.fr IN A +

HTTP QueriesHTTP Query Text
www.agriturismoraggiodisole.com POST /files/filtect.php HTTP/1.0
www.agit.com.br POST /apuracao/filtect.php HTTP/1.0
www.ameagaru.fr POST /memo/filtect.php HTTP/1.0

DNS QueriesDNS Query Text
www.allahskanan.net IN A +
www.groupe-cogit.com IN A +
fercon.ro IN A +
demo.ckentgroup.com IN A +

HTTP QueriesHTTP Query Text
www.allahskanan.net GET /komzou/pladenn2/filesaved.exe HTTP/1.1
www.groupe-cogit.com GET /gosier/images/fr/filesaved.exe HTTP/1.1
fercon.ro GET /en/filesaved.exe HTTP/1.1
www.groupe-cogit.com GET /gosier/images/fr/filesaved.exe HTTP/1.1
demo.ckentgroup.com GET /kenchan//international/rm/filesaved.exe HTTP/1.1
fercon.ro GET /en/filesaved.exe HTTP/1.1
www.groupe-cogit.com GET /gosier/images/fr/filesaved.exe HTTP/1.1
demo.ckentgroup.com GET /kenchan//international/rm/filesaved.exe HTTP/1.1
demo.ckentgroup.com GET /kenchan//international/rm/filesaved.exe HTTP/1.1
fercon.ro GET /en/filesaved.exe HTTP/1.1
demo.ckentgroup.com GET /kenchan//international/rm/filesaved.exe HTTP/1.1
demo.ckentgroup.com GET /kenchan//international/rm/filesaved.exe HTTP/1.1
demo.ckentgroup.com GET /kenchan//international/rm/filesaved.exe HTTP/1.1
www.groupe-cogit.com GET /gosier/images/fr/filesaved.exe HTTP/1.1
fercon.ro GET /en/filesaved.exe HTTP/1.1

Sample:
http://www.multiupload.com/R12DMELVM7