Report - github.com/elbereth/DragonUnPACKer/releases/download/release-56240-exedrachac/dup562exedrachac.7z

Report Overview

Submitted URL
github.com/elbereth/DragonUnPACKer/releases/download/release-56240-exedrachac/dup562exedrachac.7z
IP
140.82.121.4
ASN
#36459 GITHUB
Submitted
2024-04-16 18:48:35
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2024-03-24	551 B	3.9 kB	140.82.121.3
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2024-04-16	996 B	2.7 MB	185.199.111.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
objects.githubusercontent.com/github-production-release-asset-2e65be/49774582/4c56f255-e498-44b3-ad36-76ed80cf44b3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240416%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240416T184807Z&X-Amz-Expires=300&X-Amz-Signature=f3497b210b3a80094221c815c7ecc9fa0f044f63bb00c31f970101dfb59ad60e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=49774582&response-content-disposition=attachment%3B%20filename%3Ddup562exedrachac.7z&response-content-type=application%2Foctet-stream
IP
185.199.111.133
ASN
#54113 FASTLY

File type
7-zip archive data, version 0.3
Size
2.7 MB (2672206 bytes)
Hash
6d86f3698b97c43e77e032930a8852ab
ca3e7951c5b1c5226c7f9a6c596faca7d18dc38d
e651a072953cf6d439ee88bbc7cff74555adc6d1bed4c24bebb8f13b079e3be5

Archive (67)

Filename

Md5

File type

ex-homepage.zip

684941ac64f0645e9864ab4a3050674d

Zip archive data, at least v2.0 to extract, compression method=deflate

ex-text-list.zip

bb292bf11542b4817e5d1d9bae89aaf3

Zip archive data, at least v2.0 to extract, compression method=deflate

ex-text.zip

347155000854a8461636fb9d8d79a056

Zip archive data, at least v2.0 to extract, compression method=deflate

ex-xml.zip

22f4581d9e816d6df259ccfb8aead3c3

Zip archive data, at least v2.0 to extract, compression method=deflate

flag_fr.bmp

035aba0676b764f134d3c05725c0e4cd

PC bitmap, Windows 3.x format, 16 x 16 x 32, image size 1024, cbSize 1078, bits offset 54

flag_sp.bmp

8eb48a4e555672beada61c691920f066

PC bitmap, Windows 3.x format, 16 x 16 x 4, image size 128, resolution 2835 x 2835 px/m, 16 important colors, cbSize 246, bits offset 118

flag_us.bmp

2abf69bc742af8078a953b0caf91b540

PC bitmap, Windows 3.x format, 16 x 16 x 4, 2 compression, image size 100, resolution 2835 x 2835 px/m, 16 important colors, cbSize 218, bits offset 118

dlngc.txt

88f4388933578f4a64a330049a239afa

ASCII text, with CRLF line terminators

duhtcomp.txt

185ec59fbe4a83a3c04ecd26dbb0954f

ASCII text

english-500beta2-changes.txt

c779916ce374268521a2aeb9a18e5575

ASCII text, with CRLF line terminators

english-500beta3-changes.txt

f29ce533185445acc00bb5fcf508aa98

ASCII text, with CRLF line terminators

english-500rc1-changes.txt

b40828307231211744ce854d31382ef3

ASCII text, with CRLF line terminators

english-500rc2-changes.txt

d5e9303e4f58f2832738c59cbb0e37af

ASCII text, with CRLF line terminators

english-500rc3-changes.txt

6e4b93949741eea9b3097c48f7359d81

ASCII text, with CRLF line terminators

english-520-changes.txt

e8d2776c3173af23f46a1457bdf4c67e

ASCII text, with CRLF line terminators

english-532-changes.txt

be6e7a983ca08d7377f743204637c3cb

ASCII text, with CRLF line terminators

english-533-changes.txt

36394de56ef74f79527ce10a4270f57f

ASCII text, with CRLF line terminators

english-540-changes.txt

1d2896c077ceb423d30fa8786b7de6fc

ASCII text, with CRLF line terminators

english-551-changes.txt

847fb96b70fab4b627d5f60f79396e18

ASCII text, with CRLF line terminators

english-561-changes.txt

a1aa2d3046742340cd2f50e16f3bf2b5

ASCII text, with CRLF line terminators

english-562-changes.txt

3c012c56beed200e98908481e8a11247

ASCII text, with CRLF line terminators

english-duppi-320-changes.txt

cb699889468b1d40d24d4b923fa5d240

ASCII text, with CRLF line terminators

english-duppi-330-changes.txt

35c48de4843d3616ee9616805602cf6e

ASCII text, with CRLF line terminators

english-duppi-334-changes.txt

9ff130c707d3583543138ba91029505e

ASCII text, with CRLF line terminators

historique.txt

8d76a8fc0bb5bccde45eed28612d3b88

Unicode text, UTF-8 text, with CRLF line terminators

hrf_30_spec.txt

71f0fad0fcdbe22b63d6e2519896f747

ASCII text, with CRLF line terminators

lisezmoi.txt

915dd3f75fda676f82f2b2a4e72551de

Unicode text, UTF-8 text, with CRLF line terminators

readme.txt

fc9f14318643b9f20688dfc320800c28

ISO-8859 text, with CRLF line terminators

translation.txt

2159422517aa21edf5262691ad1111dc

ASCII text, with CRLF line terminators

whatsnew.txt

c2b762ba3617377039fef2c80f39005d

Unicode text, UTF-8 text, with CRLF line terminators

cnv_pictex.d5c

bbd76823e5258cd99bafa584c6a4edfe

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

drv_11th.d5d

3a58f6707bd6649e4eb40274bbd9893a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

drv_default.d5d

852dbfc8461c830725081f2aebc5c515

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

drv_ut.d5d

9492d666bcf1cd4d5a8f58473ee8ec21

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

drv_zip.d5d

e79c2d844065a87e063760514ece9861

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

file_id.diz

1bb438cc02dc7d68d756b78437787086

ASCII text, with CRLF line terminators

Blood.dpal

adc65f4ac5e6961f736f003243f3e35b

data

Doom.dpal

00d8f1f2976c5f7cb67be1713fea93d0

data

Duke3D.dpal

40231fb2206f7ff629285fa414e7fb84

data

Quake 1.dpal

73a533a9ef3c346b210cb6fd4a665bc1

data

Quake 2.dpal

5cfbf389914759bfc7b0c8bbbf945583

data

Shadow Warrior.dpal

da0a9adb814c46a289fdf69ccd05e402

data

default.dulk

13da7a2432e81d880b7d66daf3855442

data

english.lng

3d1e0c214a55aff11a907d413b34a741

data

english.lng

3a6dd3895aef0e6b1d329b4c1e20b82a

data

spanish.lng

a0a486bc311b22068cfad8091d6bbeb1

data

spanish.lng

68d72d2576718f1420b0d40fa37e6cd6

data

english.ls

bf100b41ef8f7b845773fdcccc49f16a

ASCII text

english_duppi.ls

1c506ce73635916cd6a7e9b7da803c66

ASCII text

french.ls

0af84640ab45ea106f7bbf73a3c0654e

ISO-8859 text

french_duppi.ls

cd5bf9b980aca51460663908d9e80fe8

ISO-8859 text

spanish.ls

e444e3eda11ef59f57117109f44cbb27

ISO-8859 text

spanish_duppi.ls

b83089ae12ad1ac3df921c4b773ef6ad

ISO-8859 text

drv_default_mix.lst

57bfb3633a26d2cd41f56894b25ba44d

ASCII text, with CRLF, LF line terminators

drgunpack5.exe.sig

7dde37d6c0b95ee2f531344646e9430c

data

homepage.uht

07105dd16eba58d7898851cc4e1c3770

unicos (cray) executable

text-db.uht

c01313dec8e962914c9873800cf93f5b

data

text-list.uht

2912d36805ccc5ce603bd6a33f0cb327

data

xml-db.uht

79e4d3d276c0345fd439640cd7406090

data

dlngc.exe

60f89037c23cb9f6eb2488f6dc9d5880

PE32 executable (console) Intel 80386, for MS Windows, 8 sections

drgunpack5.exe

d208d16eb1d461742d49d28bf6483bb0

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

duhtcomp.exe

847e073b741aeab6dc8f287f77826e48

PE32 executable (console) Intel 80386, for MS Windows, 8 sections

duppi.exe

920c2ff0f6b28be2b8f90e8280a46514

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

duppiinstall.exe

95e4c7973f6cf3fd2eeef0b7489b560f

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

libcurl-3.dll

1b5189cea193b4e059971dc9f9163487

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 10 sections

unzip32.dll

da235a5119731706f2a72d1951b35169

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

zlib1.dll

a2b3069a61e8cadf87b1811c4dfb8ec1

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/61

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

github.com/elbereth/DragonUnPACKer/releases/download/release-56240-exedrachac/dup562exedrachac.7z

140.82.121.3

302 Found

0 B

URL User Request GET HTTP/2
github.com/elbereth/DragonUnPACKer/releases/download/release-56240-exedrachac/dup562exedrachac.7z
IP
140.82.121.3:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /elbereth/DragonUnPACKer/releases/download/release-56240-exedrachac/dup562exedrachac.7z HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Tue, 16 Apr 2024 18:48:07 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/49774582/4c56f255-e498-44b3-ad36-76ed80cf44b3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240416%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240416T184807Z&X-Amz-Expires=300&X-Amz-Signature=f3497b210b3a80094221c815c7ecc9fa0f044f63bb00c31f970101dfb59ad60e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=49774582&response-content-disposition=attachment%3B%20filename%3Ddup562exedrachac.7z&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: D922:337554:B2951F2:B404BB6:661EC7E7
X-Firefox-Spdy: h2

objects.githubusercontent.com/github-production-release-asset-2e65be/49774582/4c56f255-e498-44b3-ad36-76ed80cf44b3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240416%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240416T184807Z&X-Amz-Expires=300&X-Amz-Signature=f3497b210b3a80094221c815c7ecc9fa0f044f63bb00c31f970101dfb59ad60e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=49774582&response-content-disposition=attachment%3B%20filename%3Ddup562exedrachac.7z&response-content-type=application%2Foctet-stream

185.199.111.133

200 OK

2.7 MB

URL User Request GET HTTP/2
objects.githubusercontent.com/github-production-release-asset-2e65be/49774582/4c56f255-e498-44b3-ad36-76ed80cf44b3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240416%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240416T184807Z&X-Amz-Expires=300&X-Amz-Signature=f3497b210b3a80094221c815c7ecc9fa0f044f63bb00c31f970101dfb59ad60e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=49774582&response-content-disposition=attachment%3B%20filename%3Ddup562exedrachac.7z&response-content-type=application%2Foctet-stream
IP
185.199.111.133:443
ASN
#54113 FASTLY

Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
7-zip archive data, version 0.3
Size
2.7 MB (2672206 bytes)
Hash
6d86f3698b97c43e77e032930a8852ab
ca3e7951c5b1c5226c7f9a6c596faca7d18dc38d
e651a072953cf6d439ee88bbc7cff74555adc6d1bed4c24bebb8f13b079e3be5

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/61

HTTP Headers

GET /github-production-release-asset-2e65be/49774582/4c56f255-e498-44b3-ad36-76ed80cf44b3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240416%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240416T184807Z&X-Amz-Expires=300&X-Amz-Signature=f3497b210b3a80094221c815c7ecc9fa0f044f63bb00c31f970101dfb59ad60e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=49774582&response-content-disposition=attachment%3B%20filename%3Ddup562exedrachac.7z&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
content-md5: bYbzaYuXxD534DKTCohSqw==
last-modified: Tue, 03 May 2022 15:05:18 GMT
etag: "0x8DA2D165665F414"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 095be58e-601e-0071-4a2e-90077e000000
x-ms-version: 2020-10-02
x-ms-creation-time: Tue, 03 May 2022 15:05:18 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=dup562exedrachac.7z
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 0
date: Tue, 16 Apr 2024 18:48:07 GMT
x-served-by: cache-iad-kcgs7200159-IAD, cache-hel1410024-HEL
x-cache: HIT, MISS
x-cache-hits: 5, 0
x-timer: S1713293287.421538,VS0,VE491
content-length: 2672206
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (67)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers