Report - ironlogic.ru/il.nsf/file/ru_drv_z2_z397_v2.12.26_6.zip/$FILE/drv_z2_z397_v2.12.26

Report Overview

Submitted URL
ironlogic.ru/il.nsf/file/ru_drv_z2_z397_v2.12.26_6.zip/$FILE/drv_z2_z397_v2.12.26_6.zip
IP
193.232.119.7
ASN
#61383 Research and Production Company Medicina-Tekhnika LLC
Submitted
2024-04-16 04:20:56
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ironlogic.ru	330000	2000-12-25	2015-03-13	2024-04-16	541 B	7.4 MB	193.232.119.7

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
ironlogic.ru/il.nsf/file/ru_drv_z2_z397_v2.12.26_6.zip/$FILE/drv_z2_z397_v2.12.26_6.zip
IP
193.232.119.7
ASN
#61383 Research and Production Company Medicina-Tekhnika LLC

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
7.4 MB (7381857 bytes)
Hash
a18ce995f0b113d61224779f799a0e7d
2973f3ed9bf29e5c2c13e040d529480dda3bebd9
9a7aeaeefe256da8c970aaa7b720a827232e3c5e7ec0a235e01a433ccebf14c6

Archive (73)

Filename

Md5

File type

ftbusui.dll

4ead6c8d6c2231630b2aea0d009964fc

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

ftcserco.dll

f38fee3bc3c3f610020f455a11182a3e

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

ftd2xx.lib

22937faf090d430afc8d575d9d8199a5

current ar archive

ftd2xx64.dll

8fa9b4938cc16c1c77f16dd3d199337a

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

ftdibus.sys

7432bcf4ea11ca623ba45b09452b6802

PE32+ executable (native) x86-64, for MS Windows, 9 sections

ftlang.dll

ef85c4f7ec732f75464fe4f532d07bea

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

ftser2k.sys

7c3752d6ad5e6cfc0c49c7201ddcbd48

PE32+ executable (native) x86-64, for MS Windows, 10 sections

ftserui2.dll

d25899c640e904fc746b5c8035671561

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

CDM 2 12 26 Release Info.rtf

c79b716775b211f2223477b3cb339d98

Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025

ftd2xx.h

d00e424fb587281c98e0cd1d420a007c

C source, ISO-8859 text, with CRLF line terminators

ftdibus.cat

a640ad9237f1f5ca92bf78d8728ab001

DER Encoded PKCS#7 Signed Data

ftdibus.inf

0df184fb978c2dd9dd1c504a1b8b7ebf

ISO-8859 text, with CRLF line terminators

ftdiport.cat

b19765cd6a3cd0038eea5368069cb5b3

DER Encoded PKCS#7 Signed Data

ftdiport.inf

ddeabd50ce9a49091ecaf6807d6cb639

ISO-8859 text, with CRLF line terminators

ftbusui.dll

fce8d3d8dcfc5e142dfd41e6cb10a64e

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ftcserco.dll

5645ff83ce1973e3dc7fffa6e49fe1a2

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

ftd2xx.dll

2a6f27d337543222f0a6f81b1e09d02a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ftd2xx.lib

4d1ef4d34a280e643fade1bdede7bb03

current ar archive

ftdibus.sys

76ac1a9b8b960e899d395168f72ff5fe

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

ftlang.dll

e2e3d242a0016909999002d65dbb6f9f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ftser2k.sys

c352842a4fcdcd758e05af8c0b3e9922

PE32 executable (native) Intel 80386, for MS Windows, 8 sections

ftserui2.dll

7f036fdb12c418b4bd96a0e00e4439ba

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

ftd2xx.lib

5f02de688d90cfcf59c77ea22fba3084

current ar archive

ftd2xx.lib

c76cc092c1e04a6490668724b99163f1

current ar archive

ftbusui.dll

7669949e4f39db932be591ef61e1c7eb

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

ftcserco.dll

92698e1a2090be437eb4bacc1cf7f37c

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

ftd2xx.lib

804d7ce066ee98399068fe6c44820d78

current ar archive

ftd2xx64.dll

b35805cb0fefcc9fa3384c1cee873b59

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

ftdibus.sys

fa169871d8fadcc6539c4e8726610286

PE32+ executable (native) x86-64, for MS Windows, 8 sections

ftlang.dll

df57f18c4be9c4090c66e08743ef2f5e

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

ftser2k.sys

24237091348d1efb5635a1cf9649e311

PE32+ executable (native) x86-64, for MS Windows, 9 sections

ftserui2.dll

67dfda0b101b2f45e8e6f4803453ec2f

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

CDM 2 08 14 Release Info.rtf

bb172a7d0d55b365cefb0ac5c99d53b9

Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025

ftd2xx.h

30c72676b95d747e80c54f096dd231bb

C source, ISO-8859 text, with CRLF line terminators

ftdibus.cat

9bceadb34de2d69f4b9dc424fb39ccf7

DER Encoded PKCS#7 Signed Data

ftdibus.inf

31d82a69c675a48f8e9e3541633904a7

Windows setup INFormation

ftdiport.cat

393a041ff1b86ef3e7e14347ea182423

DER Encoded PKCS#7 Signed Data

ftdiport.inf

bd4ba29b33ac0872f3335e15a6d8c407

Windows setup INFormation

ftbusui.dll

63bdb2d180f7e95adad61c7eae3a06c2

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ftcserco.dll

f8dbe346181964054bee41244f25f15e

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

ftd2xx.dll

e8d5d9e24e387409cf75a70ad12707c8

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ftd2xx.lib

388fb2db7ce951a79c7b92d23663906e

current ar archive

ftdibus.sys

aae37f0f2f613218dce17b42a18c38db

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

ftlang.dll

d999e02c52bdeb83c21db190a8890f38

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ftser2k.sys

48bfd1ba45c9c9e7ab339e25abfba1d2

PE32 executable (native) Intel 80386, for MS Windows, 8 sections

ftserui2.dll

fc326a62ac18e47a00ad1e45c10dd7b8

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

ftd2xx.lib

78c163b785b3b5994bd44a091dc38039

current ar archive

ftd2xx.lib

abd6bf4d1496cae69c41b59c7d5003e3

current ar archive

!readme_rus.txt

dda1f8a2d74303ca76e01ed3d05750d6

Non-ISO extended-ASCII text, with CRLF line terminators

FTD2XX.DLL

be022a10e3b3b2e02b62d3d40ac37a62

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

FTD2XX.H

2014dd8466c2038bc6161dff1e9c68ff

C source, ASCII text, with CRLF line terminators

FTD2XX.INF

f8da01c93dac4cc8c7e955a5f1bc8daa

Windows setup INFormation

FTD2XX.LIB

2ab9146f7cf966bead8a67c25700c1f7

current ar archive

FTD2XX.SYS

07a83a2e070357075c2056810c67c9e4

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

FTD2XXUN.INI

5618edacaf85b928cf707385da3ecb7f

ASCII text, with CRLF line terminators

FTDIUNIN.EXE

6570c5bc7f398f7d48f78998352a923a

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

remove.bat

d2db045dab6d8450f53e19fb546c2da4

ASCII text, with CRLF line terminators

CDMUninstaller.exe

67869321a8eeb1cab1d340123e78bde9

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

CDMUninstaller.txt

ce8f4c0c0711aa7c3dfbdf7ad65ddc70

ASCII text, with very long lines (334), with CRLF line terminators

log_09-03-2019.txt

c1eb9e9aa1344d5794606ab2c9c57ec1

ASCII text, with CRLF line terminators

log_09-09-2016.txt

6cdc47c0a6c7a9dfd5705e65e262e323

ASCII text, with CRLF line terminators

log_29-07-2015.txt

9b8f60c57d996fe25266cc3fe3085f1a

ASCII text, with CRLF line terminators

remove.bat

0d2f7c2e51f553144025bdc45ed751fe

ASCII text, with CRLF line terminators

How to Disable Driver Signature Verification on 64-Bit Windows 8.1 or 10 (So That You Can Install Unsigned Drivers).url

a574157367f00efb10ff1b661aff3053

MS Windows 95 Internet shortcut text (URL=<http://www.howtogeek.com/167723/how-to-disable-driver-signature-verification-on-64-bit-windows-8.1-so-that-you-can-install-unsi>), ASCII text, with CRLF line terminators

How To Install Any Digitally Unsigned Drivers On Windows 8.url

0540d50bb691a747f8fc8b3fdb453ac0

MS Windows 95 Internet shortcut text (URL=<http://www.addictivetips.com/windows-tips/how-to-install-any-digitally-unsigned-drivers-on-windows-8/>), ASCII text, with CRLF line terminators

��⠭�� ᠭ�� ࠩ��஢ � Windows 8.pdf

40592805d653acae5f441dd6c7bd29d6

PDF document, version 1.5, 1 pages

�⪫�祭�� 易⥫쭮� �஢�ન �� ࠩ��஢ � Windows 10_v1.pdf

8af288d6b25fad53eba4e5bd3d3c5115

PDF document, version 1.5, 2 pages

�⪫�祭�� 易⥫쭮� �஢�ન �� ࠩ��஢ � Windows 10_v2.pdf

765b2a84c66d111efcd74d717b9b378b

PDF document, version 1.5, 2 pages

�⪫�祭�� 易⥫쭮� �஢�ન �� ࠩ��஢ � Windows 10_v3.pdf

10c862d853b56c8f83ffc9ffa8d70a1c

PDF document, version 1.5, 1 pages

�⪫�祭�� 易⥫쭮� �஢�ન �� ࠩ��஢ � Windows 11_v2.pdf

6c27da43f6f35bca853b535a35639bec

PDF document, version 1.5, 2 pages

�⪫�祭�� 易⥫쭮� �஢�ન �� ࠩ��஢ � Windows 11_v1.pdf

c0816beac108bf73b0d47df7c97683bb

PDF document, version 1.5, 1 pages

�� ⠭�� ࠩ��஢_v5.docx

49407881b9eb0e4a76ef42a6b8c1c71d

Microsoft Word 2007+

�⪫�祭�� 易⥫쭮� �஢�ન �� ࠩ��஢ � Windows 10_v4.pdf

b75ef15289c050d144d0645991cd90d3

PDF document, version 1.7, 3 pages

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	ironlogic.ru/il.nsf/file/ru_drv_z2_z397_v2.12.26_6.zip/$FILE/drv_z2_z397_v2.12.26_6.zip	193.232.119.7	200 OK	7.4 MB
URL User Request GET HTTP/1.1 ironlogic.ru/il.nsf/file/ru_drv_z2_z397_v2.12.26_6.zip/$FILE/drv_z2_z397_v2.12.26_6.zip IP 193.232.119.7:443 ASN #61383 Research and Production Company Medicina-Tekhnika LLC Certificate IssuerLet's Encrypt Subjectironlogic.ru Fingerprint72:2A:DF:91:9C:43:AF:C0:A7:06:A2:EE:95:5B:90:E1:68:D5:D3:67 ValiditySat, 02 Mar 2024 00:51:40 GMT - Fri, 31 May 2024 00:51:39 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 7.4 MB (7381857 bytes) Hash a18ce995f0b113d61224779f799a0e7d 2973f3ed9bf29e5c2c13e040d529480dda3bebd9 9a7aeaeefe256da8c970aaa7b720a827232e3c5e7ec0a235e01a433ccebf14c6 HTTP Headers GET /il.nsf/file/ru_drv_z2_z397_v2.12.26_6.zip/$FILE/drv_z2_z397_v2.12.26_6.zip HTTP/1.1 Host: ironlogic.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 16 Apr 2024 04:20:27 GMT Content-Type: application/x-zip Content-Length: 7381857 Connection: keep-alive Last-Modified: Sun, 07 Apr 2024 06:02:45 GMT X-Content-Type-Option: nosniff Accept-Ranges: bytes ETag: W/"MTAtMDAwMi0wLTQ0MjU4QUY4MDAyMTM1QzItODE1ODMyN0IwOUU1NEFDMjQ0MjU4QUY4MDAyMTM1Qjg="`

ironlogic.ru/il.nsf/file/ru_drv_z2_z397_v2.12.26_6.zip/$FILE/drv_z2_z397_v2.12.26_6.zip

193.232.119.7

200 OK

7.4 MB

URL User Request GET HTTP/1.1
ironlogic.ru/il.nsf/file/ru_drv_z2_z397_v2.12.26_6.zip/$FILE/drv_z2_z397_v2.12.26_6.zip
IP
193.232.119.7:443
ASN
#61383 Research and Production Company Medicina-Tekhnika LLC

Certificate
IssuerLet's Encrypt
Subjectironlogic.ru
Fingerprint72:2A:DF:91:9C:43:AF:C0:A7:06:A2:EE:95:5B:90:E1:68:D5:D3:67
ValiditySat, 02 Mar 2024 00:51:40 GMT - Fri, 31 May 2024 00:51:39 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
7.4 MB (7381857 bytes)
Hash
a18ce995f0b113d61224779f799a0e7d
2973f3ed9bf29e5c2c13e040d529480dda3bebd9
9a7aeaeefe256da8c970aaa7b720a827232e3c5e7ec0a235e01a433ccebf14c6

HTTP Headers

GET /il.nsf/file/ru_drv_z2_z397_v2.12.26_6.zip/$FILE/drv_z2_z397_v2.12.26_6.zip HTTP/1.1
Host: ironlogic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 16 Apr 2024 04:20:27 GMT
Content-Type: application/x-zip
Content-Length: 7381857
Connection: keep-alive
Last-Modified: Sun, 07 Apr 2024 06:02:45 GMT
X-Content-Type-Option: nosniff
Accept-Ranges: bytes
ETag: W/"MTAtMDAwMi0wLTQ0MjU4QUY4MDAyMTM1QzItODE1ODMyN0IwOUU1NEFDMjQ0MjU4QUY4MDAyMTM1Qjg="

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (73)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers