Report - cdn.pcspeedcat.com/setupit/products/pcat/payloads/base/pcspeedcat.zip

Report Overview

Submitted URL
cdn.pcspeedcat.com/setupit/products/pcat/payloads/base/pcspeedcat.zip
IP
108.157.229.63
ASN
#16509 AMAZON-02
Submitted
2024-04-26 08:26:40
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
9

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.pcspeedcat.com	unknown	2015-10-21	2017-02-06	2024-04-08	523 B	931 kB	108.157.229.63

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.pcspeedcat.com/setupit/products/pcat/payloads/base/pcspeedcat.zip
IP
108.157.229.63
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
931 kB (930726 bytes)
Hash
f40dd456840e05d7b0d63d36b3ec70e3
74cee66db568b66394b9cadbf4fc19ea096d5d40
6513d24e8862f357de98c1f021d1b084f635411014c148469d6d0a93ae539980

Archive (8)

Filename

Md5

File type

EULA.txt

4b77d72189e84d39d5ea079916d66fde

ASCII text, with very long lines (1635), with CRLF line terminators

gouninst.exe

7ea392259cdb68734cc0a9f1f024e075

PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections

goup3.exe

b1aff82589b9c5494c20b819d3289082

PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections

PCSpeedCat.exe

b8e9058d4444f617d1ebc17f38308d3e

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

PCSpeedCat.ico

5830636b2f06a230711ad998b0ba4b17

MS Windows icon resource - 6 icons, -128x-128, 32 bits/pixel, 64x64, 32 bits/pixel

res.res

6619ab78d71dc18bb13ae63e9d3ef77f

MSVC .res

Runapp.exe

381d6550a954e5271661399e106d759b

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

wmi.exe

1221411d31f9dcb3ae728fc48b68f925

PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files is `SliverFox` malware
YARAhub by abuse.ch	malware	Detect files is `SliverFox` malware
YARAhub by abuse.ch	malware	Detect files is `SliverFox` malware
VirusTotal	malicious	VirusTotal - Scan result 24/65

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

cdn.pcspeedcat.com/setupit/products/pcat/payloads/base/pcspeedcat.zip

108.157.229.63

200 OK

931 kB

URL User Request GET HTTP/2
cdn.pcspeedcat.com/setupit/products/pcat/payloads/base/pcspeedcat.zip
IP
108.157.229.63:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.pcspeedcat.com
Fingerprint2F:93:D5:F4:59:72:8B:9A:F6:75:39:3B:77:D7:8E:E0:52:31:7B:0C
ValidityWed, 26 Jul 2023 00:00:00 GMT - Fri, 23 Aug 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
931 kB (930726 bytes)
Hash
f40dd456840e05d7b0d63d36b3ec70e3
74cee66db568b66394b9cadbf4fc19ea096d5d40
6513d24e8862f357de98c1f021d1b084f635411014c148469d6d0a93ae539980

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 24/65

HTTP Headers

GET /setupit/products/pcat/payloads/base/pcspeedcat.zip HTTP/1.1
Host: cdn.pcspeedcat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/zip
content-length: 930726
date: Fri, 26 Apr 2024 08:23:22 GMT
server: Apache/2.4.18 (Ubuntu)
last-modified: Thu, 28 Feb 2019 21:33:05 GMT
etag: "e33a6-582fb091f4640"
accept-ranges: bytes
x-cache: Miss from cloudfront
via: 1.1 3346055bb53a57ebf02828b88e1ee87c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: i8wYO_FRAZ23Zpz0nlS4D7Vo3OKrbYD17LpXNHMhRZ8lkjpfoWoriw==
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (8)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers