Report - www.sidiary.org/download/driver/GlucoTalk-USB-Driver.zip

Report Overview

Submitted URL
www.sidiary.org/download/driver/GlucoTalk-USB-Driver.zip
IP
52.169.206.2
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2024-04-16 16:39:22
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
status.geotrust.com	3662	1999-04-04	2017-12-01	2024-04-16	662 B	1.5 kB	192.229.221.95
www.sidiary.org	unknown	2004-01-05	2012-07-22	2024-04-16	1.1 kB	794 kB	52.169.206.2
diabetes.sinovo.net	unknown	2002-06-06	2012-12-19	2024-04-15	588 B	608 B	52.169.206.2

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.sidiary.org/DownloadM/driver/GlucoTalk-USB-Driver.zip
IP
52.169.206.2
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
792 kB (792469 bytes)
Hash
0240f02d993e6256ef70e5900f5e498c
a103a7006d8483800b8c16374808ba8a066f26fe
f67888a0fa796929194f460b448ac7fe1bd6e7439230975d68fe3cd11103c6dc

Archive (37)

Filename

Md5

File type

Ftccomms.vxd

319834c9a5d0a8f636de8944cb4d5c15

MS-DOS executable, LE executable for MS Windows (VxD)

FTCOMMS.VXD

b33b59eb0f6485a71fefa2c6aead3197

MS-DOS executable, LE executable for MS Windows (VxD)

FTCSENUM.SYS

212da82d724467cbca060e4316f5f2ea

PE32 executable (native) Intel 80386, for MS Windows, 6 sections

FTCSENUM.VXD

c7085059951f5881124df7e265b5749e

MS-DOS executable, LE executable for MS Windows (VxD)

FTCSER.INF

86de50c08395aac5e4cf5fe47d5efbe8

Windows setup INFormation

FTCSER2K.SYS

0a1feb66d4e7d70bd8a62629c15ad86c

PE32 executable (native) Intel 80386, for MS Windows, 9 sections

FTCSER98.SYS

f200bb0913d4dfab9f80e34b485218a1

PE32 executable (DLL) (native) Intel 80386, for MS Windows, 10 sections

FTCSERCO.DLL

b0aadd20a023e6339e01f11018d46667

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

FTCSMOU.INF

9951d6f3250592981650f899fa438ba8

Windows setup INFormation

FTCSMOU.VXD

78a51ffaba56aa03d54d8e24f5843be0

MS-DOS executable, LE executable for MS Windows (VxD)

FTCSUI.DLL

884ce0aa62ceab1bdcddce5f62249f2e

MS-DOS executable, NE for MS Windows 3.x (4.0) (DLL or font)

FTCSUI2.DLL

0cae241457ac6300355980bcb7edfa6c

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

FTCUN2K.INI

b457812f759cf100baf708ae91ac72e8

ASCII text, with CRLF line terminators

FTCUN98.INI

70115f95562d19ce9dd3354f18844d76

ASCII text, with CRLF line terminators

FTCUNIN.EXE

ed30d604db2a6bdccd691e98ba87402b

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections

FTCUSB.INF

af93a9507e51f5066e0d4b51aae06237

Windows setup INFormation

FTCUSB.SYS

857673d06440ddb52f5fe9f5ac18a6cc

PE32 executable (native) Intel 80386, for MS Windows, 6 sections

FTD2XX.DLL

84656a7aaf165462a52d3af1c058ac55

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ftdibus.cat

490b7c69b9812222ceda342ceb50e40a

DER Encoded PKCS#7 Signed Data

ftdibus.inf

a55fa99a9ab3a90ccb6240aaee5f573f

Windows setup INFormation

FTDIBUS.SYS

bb5107ca0569c95f2a850722c34d20c9

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

ftdiport.cat

d958ef12c71c453de57156d6322a14a7

DER Encoded PKCS#7 Signed Data

FTDIPORT.INF

25e36019beaa70fe7c06633dc20c2afe

Windows setup INFormation

ftdiun2k.ini

87d7eef88da1a0fb7e9e5657f6382b59

ASCII text, with CRLF line terminators

Ftdiunin.exe

5bb5eece611cf5877dad35b6251feea8

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections

FTDIUNIN.INI

5cbe3f45234ec34b917a6c5a5bfedae7

ASCII text, with CRLF line terminators

FTLang.dll

99ea7ec13e39e15a4333f16d06d3ae3f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

FTSENUM.SYS

01857b48eaac8bfb5f38cca1bde6c968

PE32 executable (native) Intel 80386, for MS Windows, 6 sections

FTSENUM.VXD

acd51a7e80fcb2597da610aaef00e547

MS-DOS executable, LE executable for MS Windows (VxD)

FTSER2K.SYS

296be0a1d7c96a7abbede6b97baf96b3

PE32 executable (native) Intel 80386, for MS Windows, 9 sections

FTSERIAL.SYS

ca18439f3264c3b1c7b5b63282ed2b40

PE32 executable (DLL) (native) Intel 80386, for MS Windows, 10 sections

ftsermou.cat

38787bdae50c71c252bb0dbebf172845

DER Encoded PKCS#7 Signed Data

FTSERMOU.INF

a2db9d30a03944897bd214bcf13fecc7

Windows setup INFormation

FTSERMOU.VXD

b750ca5db6bc08bfc01059725578b137

MS-DOS executable, LE executable for MS Windows (VxD)

FTSERUI.DLL

3a171daad501009f2de4dbbc681ce570

MS-DOS executable, NE for MS Windows 3.x (4.0) (DLL or font)

ftserui2.dll

e44c15e1ed550a55cd7853a4897094bb

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

Setup.EXE

de4c2859e3d4e3d6bc975a078a968bfa

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	suspicious	VirusTotal - Scan result 1/65

JavaScript (0)

HTTP Transactions (5)

URL IP Response Size

status.geotrust.com/

192.229.221.95

471 B

URL
status.geotrust.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
2465654677465fd0c603951675b04d5b
cd53cd533e2c8346632e56c880f69daf84f48d16
95e2d146d654cfb9ad902067ee4e55883b640004c83c231e6e33b432322b7095

HTTP Headers

POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 20
Cache-Control: max-age=7200
Content-Type: application/ocsp-response
Date: Tue, 16 Apr 2024 16:38:55 GMT
Last-Modified: Tue, 16 Apr 2024 16:38:35 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 471

www.sidiary.org/download/driver/GlucoTalk-USB-Driver.zip

52.169.206.2

302 Object moved

271 B

URL User Request GET HTTP/1.1
www.sidiary.org/download/driver/GlucoTalk-USB-Driver.zip
IP
52.169.206.2:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerDigiCert Inc
Subjectsidiary.org
Fingerprint44:98:77:34:FE:AD:BA:26:A4:90:FF:44:97:CE:2F:E5:D9:21:D8:A8
ValidityMon, 06 Nov 2023 00:00:00 GMT - Fri, 22 Nov 2024 23:59:59 GMT

File type
HTML document, ASCII text
Size
271 B (271 bytes)
Hash
d472fbdb062f420aafc6e1d5bf4fbeda
0a997a5f7ccc33f16747f64631ef858b7d4f8a83
4dae64308a99d35f65830878bec994b2c72e1b2dd166eac4c9fec1520dff7515

HTTP Headers

GET /download/driver/GlucoTalk-USB-Driver.zip HTTP/1.1
Host: www.sidiary.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Object moved
Cache-Control: private
Content-Type: text/html
Location: https://diabetes.sinovo.net/dlc.aspx?s=https://www.sidiary.org/DownloadM/driver/GlucoTalk-USB-Driver.zip&dk=driver/GlucoTalk-USB-Driver.zip&r=
Server: Microsoft-IIS/8.5
Set-Cookie: ASPSESSIONIDSCUCRCTD=GPFBHGADCJEEMEFGFAKJAKOH; secure; path=/
X-Powered-By: Hello World
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Tue, 16 Apr 2024 16:38:55 GMT
Content-Length: 271

status.geotrust.com/

192.229.221.95

471 B

URL
status.geotrust.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4905fc61fd9c17e4630b12158736bdf6
dd4b6c835c400c0c42f90bdd0a69533144e03510
9b6c14ec7cfbeffe006f67a200f6fd6dcf946592de157aec00a1931fa27764c8

HTTP Headers

POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 20
Cache-Control: max-age=7200
Content-Type: application/ocsp-response
Date: Tue, 16 Apr 2024 16:38:55 GMT
Last-Modified: Tue, 16 Apr 2024 16:38:36 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 471

diabetes.sinovo.net/dlc.aspx?s=https://www.sidiary.org/DownloadM/driver/GlucoTalk-USB-Driver.zip&dk=driver/GlucoTalk-USB-Driver.zip&r=

52.169.206.2

302 Found

182 B

URL User Request GET HTTP/1.1
diabetes.sinovo.net/dlc.aspx?s=https://www.sidiary.org/DownloadM/driver/GlucoTalk-USB-Driver.zip&dk=driver/GlucoTalk-USB-Driver.zip&r=
IP
52.169.206.2:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerDigiCert Inc
Subjectsinovo.net
FingerprintE1:C2:BB:68:0C:00:13:C4:10:52:BA:74:50:80:49:63:1B:06:C4:DE
ValidityMon, 13 Nov 2023 00:00:00 GMT - Tue, 26 Nov 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
182 B (182 bytes)
Hash
fd8ed0d550b076da1c6f1d6ccdfa5625
ead929a40adcc8d73a909334fdf93e579bba9d4c
e606543b4d5716e34a12d8520ad10d4ff458a3c337ff5f6b540928bcd1afb22d

HTTP Headers

GET /dlc.aspx?s=https://www.sidiary.org/DownloadM/driver/GlucoTalk-USB-Driver.zip&dk=driver/GlucoTalk-USB-Driver.zip&r= HTTP/1.1
Host: diabetes.sinovo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://www.sidiary.org/DownloadM/driver/GlucoTalk-USB-Driver.zip
Server: Microsoft-IIS/8.5
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Tue, 16 Apr 2024 16:38:55 GMT
Content-Length: 182

www.sidiary.org/DownloadM/driver/GlucoTalk-USB-Driver.zip

52.169.206.2

200 OK

792 kB

URL User Request GET HTTP/1.1
www.sidiary.org/DownloadM/driver/GlucoTalk-USB-Driver.zip
IP
52.169.206.2:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerDigiCert Inc
Subjectsidiary.org
Fingerprint44:98:77:34:FE:AD:BA:26:A4:90:FF:44:97:CE:2F:E5:D9:21:D8:A8
ValidityMon, 06 Nov 2023 00:00:00 GMT - Fri, 22 Nov 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
792 kB (792469 bytes)
Hash
0240f02d993e6256ef70e5900f5e498c
a103a7006d8483800b8c16374808ba8a066f26fe
f67888a0fa796929194f460b448ac7fe1bd6e7439230975d68fe3cd11103c6dc

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/65

HTTP Headers

GET /DownloadM/driver/GlucoTalk-USB-Driver.zip HTTP/1.1
Host: www.sidiary.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDSCUCRCTD=GPFBHGADCJEEMEFGFAKJAKOH
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/x-zip-compressed
Last-Modified: Mon, 28 Jan 2013 14:14:48 GMT
Accept-Ranges: bytes
ETag: "99238ad461fdcd1:0"
Server: Microsoft-IIS/8.5
X-Powered-By: Hello World
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Tue, 16 Apr 2024 16:38:55 GMT
Content-Length: 792469

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (37)

Detections

JavaScript (0)

HTTP Transactions (5)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers