Report - download.sysinternals.com/files/PSTools.zip

Report Overview

Submitted URL
download.sysinternals.com/files/PSTools.zip
IP
152.199.19.160
ASN
#15133 EDGECAST
Submitted
2024-04-16 12:43:05
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
download.sysinternals.com	317209	1998-04-12	2012-05-21	2024-04-16	497 B	5.3 MB	152.199.19.160

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
download.sysinternals.com/files/PSTools.zip
IP
152.199.19.160
ASN
#15133 EDGECAST

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
5.3 MB (5282424 bytes)
Hash
41ebdadc06b18164dc571f9db251c01b
ddfb009f8b92226aa45c467f8d0eebb29a8e2ff5
a9ca77dfe03ce15004157727bb43ba66f00ceb215362c9b3d199f000edaa8d61

Archive (29)

Filename

Md5

File type

PsLoggedon.exe

e3ea271e748ccdad6a6d3e692d6f337e

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

PsLoggedon64.exe

07ed30d2343bf8914daaed872b681118

PE32+ executable (console) x86-64, for MS Windows, 5 sections

psping.exe

93f162d9e1ae290f47695e71589fd4d4

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

psping64.exe

ad7e3ddf557e1de0170e384031d3a221

PE32+ executable (console) x86-64, for MS Windows, 7 sections

psshutdown.exe

31e8e12d02a6cac9088d89215cf4552c

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

psshutdown64.exe

b5b4abc85d5d8c817ce552c3c6a0aba5

PE32+ executable (console) x86-64, for MS Windows, 7 sections

psfile.exe

a0c7585c86ab8bfe6d55a2547e7c9382

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

psfile64.exe

880ed8c97e6bdb64a342fad25094049b

PE32+ executable (console) x86-64, for MS Windows, 7 sections

PsGetsid.exe

3d4112b92a8285d8661bbc29125bdbf5

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

PsGetsid64.exe

c2b0f2de5955aaa313999ff20b675be4

PE32+ executable (console) x86-64, for MS Windows, 7 sections

PsInfo.exe

2691d7f266050e6849793d4b6661dddf

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

PsInfo64.exe

86a65cfa9f258b0a46ed54e1ad235078

PE32+ executable (console) x86-64, for MS Windows, 7 sections

pskill.exe

5801303c49e5bb612aa55fb8b909a9c9

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

pskill64.exe

ba9345119c1175c96d27370b0d203e70

PE32+ executable (console) x86-64, for MS Windows, 7 sections

pslist.exe

6c08bae0981841e0cd22ff0f0e8f7510

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

pslist64.exe

77bf50713a9eb7b270a73a9797f8ddfe

PE32+ executable (console) x86-64, for MS Windows, 7 sections

psloglist.exe

4f7f8d6c8b22eb5c0c35b29210e2127c

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

psloglist64.exe

14b2f5291036be454ae2fc762ff6eaaa

PE32+ executable (console) x86-64, for MS Windows, 7 sections

pspasswd.exe

427214d675b6bce9f273eb2dde0aeefc

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

pspasswd64.exe

2a23848ac28d73352ba80584327ff713

PE32+ executable (console) x86-64, for MS Windows, 7 sections

PsService.exe

136f9205a5945681ec470b8461dfee5f

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

PsService64.exe

657c2da84107644a1397d49e0b526f24

PE32+ executable (console) x86-64, for MS Windows, 7 sections

pssuspend.exe

1b9f1a75593dfc670fa7c54659ab5796

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

pssuspend64.exe

6eeeeb93f86c729faa2280525c699caf

PE32+ executable (console) x86-64, for MS Windows, 7 sections

PsExec.exe

24a648a48741b1ac809e47b9543c6f12

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

PsExec64.exe

db89ec570e6281934a5c5fcf7f4c8967

PE32+ executable (console) x86-64, for MS Windows, 7 sections

psversion.txt

86a1461b30bb482652d8e2223d03c2a4

ASCII text, with CRLF line terminators

Pstools.chm

009ac2be60f92dc2c41b094ce2d3857c

MS Windows HtmlHelp Data

Eula.txt

8c24c4084cdc3b7e7f7a88444a012bfc

Unicode text, UTF-8 (with BOM) text, with very long lines (518), with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 4/60

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

download.sysinternals.com/files/PSTools.zip

152.199.19.160

200 OK

5.3 MB

URL User Request GET HTTP/2
download.sysinternals.com/files/PSTools.zip
IP
152.199.19.160:443
ASN
#15133 EDGECAST

Certificate
IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint86:E0:37:E4:B1:31:51:81:DD:54:33:82:FF:4D:EB:D1:15:5F:65:C4
ValidityTue, 30 Jan 2024 00:00:00 GMT - Thu, 30 Jan 2025 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
5.3 MB (5282424 bytes)
Hash
41ebdadc06b18164dc571f9db251c01b
ddfb009f8b92226aa45c467f8d0eebb29a8e2ff5
a9ca77dfe03ce15004157727bb43ba66f00ceb215362c9b3d199f000edaa8d61

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 4/60

HTTP Headers

GET /files/PSTools.zip HTTP/1.1
Host: download.sysinternals.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 114419
content-md5: Qeva3AaxgWTcVx+dslHAGw==
content-type: application/x-zip-compressed
date: Tue, 16 Apr 2024 12:42:37 GMT
etag: 0x8DB3ABA98E3E0D1
last-modified: Tue, 11 Apr 2023 18:28:50 GMT
server: ECAcc (ska/F769)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: a98a35ff-701e-0022-3df1-8e70b8000000
x-ms-version: 2009-09-19
content-length: 5282424
X-Firefox-Spdy: h2