Report - fs.duifene.com/res/r2/u5926683/windows_x64

Report Overview

Submitted URL
fs.duifene.com/res/r2/u5926683/windows_x64_40438856f14841f81dfa.zip
IP
23.248.177.66
ASN
#21859 ZEN-ECN
Submitted
2024-04-16 15:38:49
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xinchacha2dv.ocsp-certum.com	unknown	2013-12-19	2022-07-28	2024-04-15	340 B	1.8 kB	95.101.10.107
fs.duifene.com	unknown	2016-01-12	2021-10-03	2024-03-26	521 B	15 MB	23.248.177.66

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
fs.duifene.com/res/r2/u5926683/windows_x64_40438856f14841f81dfa.zip
IP
23.248.177.66
ASN
#21859 ZEN-ECN

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
15 MB (14786837 bytes)
Hash
2ec0e0e7d055702dcea2a4ce07f32402
e086173ce06ce49f7afb3509c893e1d4be73dd2a
860ecc15bc77ef592d85e151fab4afc5aac47bd1ef3c6a910a20c29b227dce31

Archive (39)

Filename

Md5

File type

74552956.png

53df7d59b42382fe946d6e1360a00df6

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

abc_123.png

1595e5eec52773980cb88e11a34c2aca

PNG image data, 639 x 632, 8-bit/color RGB, non-interlaced

afrog.png

ac60cd3ca8b942b9923ad543784a0684

PNG image data, 460 x 460, 8-bit/color RGBA, non-interlaced

AntSword-Loader.png

3e758a1fbd08c87e5713af69ccacbd62

PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced

avws.png

0cee8cc3ddd0e28b23ec9a8ddc426c0e

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

burp.png

d8c17801f07064959db870dd1fd362c2

PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced

burp.svg

bb6ca3a473590876de49fd75f28aa750

SVG Scalable Vector Graphics image

CMSeeK.png

cff9d464c914f3261e7393b559186512

PNG image data, 702 x 492, 8-bit/color RGBA, non-interlaced

CobaltStrike.ico

740db662e32aed9da8699be16f04089a

MS Windows icon resource - 1 icon, 256x256, 32 bits/pixel

dnsx.png

e93c2642559fd046f64b23b18cbdcb63

PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced

FofaViewer.png

1ebb55433ef40388ce5da86d009ae4cc

PNG image data, 174 x 158, 8-bit/color RGB, non-interlaced

fscan.png

ace0b787525406ce62d08b70d111efe0

PNG image data, 460 x 460, 8-bit/color RGB, non-interlaced

goby.png

3f32673bee9be64397cd75c896ba6b79

PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced

hashcat.png

5f2cb70cf946f28df65c525953b53185

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

hydra.png

043b7392bbbe490c693d77a9c0c1aa3b

PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced

img.png

e5321a1758928519eb2e56f8180af050

PNG image data, 234 x 232, 8-bit/color RGB, non-interlaced

java.png

ffecc03ecb449aca0872543ba5c594e6

PNG image data, 250 x 250, 8-bit/color RGB, non-interlaced

kali-burpsuite.png

abff83eeea80d476a04779ffcb5af0c7

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

Layer.png

76705b41a642e9a5be7c7df9c3e57ba7

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

LiqunKit.png

5a574e25501a63fa34bde2267959ed46

PNG image data, 260 x 261, 8-bit/color RGB, non-interlaced

Mitsurugi.png

a11c36b825b1ced2fa61540ee6fea106

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

naabu.png

38ec3a3dc0338895fdc97582a8a4c484

PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced

Navicat.png

7fde24707d7614fd05c887bc77fe811e

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

phpstorm.png

6d7a3f2df7756955264defc743b93617

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

python.png

b5c8e6cc3ecc9aefce920a839e408d0b

PNG image data, 720 x 720, 8-bit/color RGB, non-interlaced

RouterScan.png

4591c44931b55f670539782722acc9e5

PNG image data, 76 x 76, 8-bit/color RGBA, non-interlaced

SNETCracker.png

d5475dd3d9330605c0dc8f21d14a2e99

PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced

sqlmap.png

a4dd57b4230669f25d1474e4c8b6da0f

PNG image data, 768 x 397, 8-bit/color RGB, non-interlaced

subfinder.png

5b7eca3b67322877cf348d28ae2a2483

PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced

SuperSoft.ico

88c808989c269839d64017acaac2b333

MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel

Wafw00f.png

a0c597d9f219288e802885741983811a

PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced

wxzf.jpg

4e16fb7b3aa80ff5ba2cea4ad7cf4905

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1118x1524, components 3

xray.png

c0e316918f8d136f449742306969ae80

PNG image data, 548 x 548, 8-bit/color RGBA, interlaced

XSStrike.png

41a2340fae49db41d6cf7cfc8e384023

PNG image data, 139 x 150, 8-bit/color RGBA, non-interlaced

zss.ico

482972e3abd7fce27fbc155ec3997f8c

MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel

zss.jpg

da1a57e2fcf212d5139e38912d9bab78

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x1080, components 3

explanation.txt

2dbafd49ad39462a715aaf6c7a3f2e27

Unicode text, UTF-8 text, with CRLF line terminators

Updatecheck.json

797314745c284ad2fa8409e2e04042c4

JSON text data

zss.exe

0220808383618afd173ad429c9047391

PE32+ executable (console) x86-64, for MS Windows, 7 sections

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies executable converted using PyInstaller.
VirusTotal	suspicious	VirusTotal - Scan result 1/65

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

xinchacha2dv.ocsp-certum.com/

95.101.10.107

1.5 kB

URL
xinchacha2dv.ocsp-certum.com/
IP
95.101.10.107:0
ASN
#20940 Akamai International B.V.

File type
data
Size
1.5 kB (1538 bytes)
Hash
b261c57072f30b40ad697404f6790cbc
fd040e02b926dad76b9d3e3e1a539f2e2e2da070
3747e5aa913766e2f23e8bd4ca7a5c4a01e7821d6c0799bad91f79c2c3a85a9a

HTTP Headers

POST / HTTP/1.1
Host: xinchacha2dv.ocsp-certum.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1538
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=900
Date: Tue, 16 Apr 2024 15:38:21 GMT
Connection: keep-alive
X-N: S

fs.duifene.com/res/r2/u5926683/windows_x64_40438856f14841f81dfa.zip

23.248.177.66

200 OK

15 MB

URL User Request GET HTTP/2
fs.duifene.com/res/r2/u5926683/windows_x64_40438856f14841f81dfa.zip
IP
23.248.177.66:443
ASN
#21859 ZEN-ECN

Certificate
IssuerBeijing Xinchacha Credit Management Co., Ltd.
Subject*.duifene.com
Fingerprint5C:CF:65:9D:85:2C:F9:BE:C6:A3:0C:21:F0:D3:2B:BA:B9:90:90:CA
ValidityFri, 17 Nov 2023 10:00:32 GMT - Sat, 16 Nov 2024 10:00:31 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
15 MB (14786837 bytes)
Hash
2ec0e0e7d055702dcea2a4ce07f32402
e086173ce06ce49f7afb3509c893e1d4be73dd2a
860ecc15bc77ef592d85e151fab4afc5aac47bd1ef3c6a910a20c29b227dce31

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/65

HTTP Headers

GET /res/r2/u5926683/windows_x64_40438856f14841f81dfa.zip HTTP/1.1
Host: fs.duifene.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Tengine/2.3.2
date: Tue, 16 Apr 2024 15:38:22 GMT
content-type: application/x-zip-compressed
content-length: 14786837
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
etag: "de08a426744bd0ed6b6f498b99169222-15"
last-modified: Tue, 11 Jul 2023 15:48:28 GMT
x-cos-hash-crc64ecma: 12354278770416577218
x-cos-request-id: NjVjNGUxODNfNGVlZDk4MWVfOTE4XzI0MWE0MGI=
age: 3955176
x-via-ucdn: HIT by 23.248.177.70, HIT by 222.186.148.191
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (39)

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers