Report - vintage.nektra.com/files/SpyStudio/SpyStudio-v2.zip

Report Overview

Submitted URL
vintage.nektra.com/files/SpyStudio/SpyStudio-v2.zip
IP
54.230.111.73
ASN
#16509 AMAZON-02
Submitted
2024-04-16 11:08:19
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
17

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-04-16	338 B	863 B	143.204.53.97
vintage.nektra.com	unknown	unknown	No data	No data	505 B	14 MB	54.230.111.122

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
vintage.nektra.com/files/SpyStudio/SpyStudio-v2.zip
IP
54.230.111.122
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
14 MB (14356795 bytes)
Hash
d4c72a9f83fd7a8dae76fc706c252652
8314992b090bba6cb53e94de8957f98e0e150f3a
e81251ef9f114ec4f4fe9888a12e5776c164ae5e35463237b856aae983ec7361

Archive (20)

Filename

Md5

File type

Aga.Controls.dll

5118056c51ca5ca4c06dc90b77ab3960

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Deviare32.db

0261ac5f4e74e0a24465daab2a41e060

data

DeviareCOM.dll

301647a389af301434507ef92ddf45c9

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

DeviareLiteCOM.dll

666df25243a7fd6b66ddf8a310bb232f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

DeviareLiteInterop.dll

9e2d03061c1032c78328c9fa6dee7160

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

DvAgent.dll

65a9e8cafe30e92eeb23ffe83cd32193

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Interop.IWshRuntimeLibrary.dll

2163472887c8cf253895c60dc32fcee6

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Interop.Shell32.dll

a022d6f788e31124dc7864497e03a454

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Ionic.Zip.dll

afa4a8f1e3ca63d973a0ae86cb246547

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Nektra.Deviare2.dll

7eab1c6bd3a4a9123ebeb2c836c41da9

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

offreg.dll

b964a23cb23163ed2dbb9c3d992a6017

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

protobuf-net.dll

ec87aeadda7b617844d01617b7afa197

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SpyStudio.exe

b08ca7bed84b8fab2ee0a02523f1a6be

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SpyStudio.exe.config

7edc22d4119d046e40486c66d144054f

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

SpyStudio.exe.manifest

1c0c621ac8da3eeaeeb9037f04ce957b

XML 1.0 document, ASCII text, with CRLF line terminators

SpyStudioHelperPlugin.dll

6cd3abcb4be0728f47d3e774c652bc6f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

SQLite.Interop.dll

4014c306e0fad088e902331d50aa6914

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections

System.Data.SQLite.dll

6c6fccb16972bd5f484a153c73dff25b

PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 5 sections

Wizard.Controls.dll

1514de197125e28a0616458438710a5f

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Wizard.UI.dll

3ffada2d7a89ef10eb0836b0bc52e32c

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	ocsp.r2m03.amazontrust.com/	143.204.53.97		471 B
URL ocsp.r2m03.amazontrust.com/ IP 143.204.53.97:0 ASN #16509 AMAZON-02 File type data Size 471 B (471 bytes) Hash ef6016cbcdcf9226d91802334b2f196c 1f413ab8efd176efff841a4b7a7f566b88bee2eb 67357801cb36c70ecbb8eae7cbd9d278530526bf4790a5e201312b1b204ba6bc HTTP Headers `POST / HTTP/1.1 Host: ocsp.r2m03.amazontrust.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 471 Connection: keep-alive Cache-Control: max-age=7200 Date: Tue, 16 Apr 2024 11:07:48 GMT Server: ECAcc (amb/6BCA) X-Cache: Miss from cloudfront Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: j8FOlp8-Dt2lfNid-zmEZhQbD9SMp_q5t6nvKxVpc1FEgpHLlyVK8w==`

	vintage.nektra.com/files/SpyStudio/SpyStudio-v2.zip	54.230.111.122	200 OK	14 MB
URL User Request GET HTTP/2 vintage.nektra.com/files/SpyStudio/SpyStudio-v2.zip IP 54.230.111.122:443 ASN #16509 AMAZON-02 Certificate IssuerAmazon Subject.nektra.com Fingerprint8E:6F:65:CD:9E:2C:09:03:6D:02:E2:11:50:4A:8C:E7:06:61:64:80 ValidityTue, 12 Mar 2024 00:00:00 GMT - Thu, 10 Apr 2025 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 14 MB (14356795 bytes) Hash d4c72a9f83fd7a8dae76fc706c252652 8314992b090bba6cb53e94de8957f98e0e150f3a e81251ef9f114ec4f4fe9888a12e5776c164ae5e35463237b856aae983ec7361 HTTP Headers `GET /files/SpyStudio/SpyStudio-v2.zip HTTP/1.1 Host: vintage.nektra.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK content-type: application/zip content-length: 14356795 date: Mon, 15 Apr 2024 11:48:12 GMT last-modified: Tue, 12 Mar 2024 20:29:55 GMT etag: "d4c72a9f83fd7a8dae76fc706c252652" server: AmazonS3 x-cache: Hit from cloudfront via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: QSUpMOPuAcrEYhadoHfC1Lg6kgXqisA5XFKGDqIAvuZ1SCe-u7079g== age: 83977 X-Firefox-Spdy: h2`

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (20)

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers