Report - cdn.semkrill.ru/installer/SandeLLoCHECKER_Installer-FILES.7z

Report Overview

Submitted URL
cdn.semkrill.ru/installer/SandeLLoCHECKER_Installer-FILES.7z
IP
104.21.19.10
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-17 06:51:40
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
9

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.semkrill.ru	unknown	2023-01-25	2023-07-06	2024-04-15	514 B	12 MB	172.67.184.109

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.semkrill.ru/installer/SandeLLoCHECKER_Installer-FILES.7z
IP
172.67.184.109
ASN
#13335 CLOUDFLARENET

File type
7-zip archive data, version 0.4
Size
12 MB (12251861 bytes)
Hash
f063063d0d033da8fa0380d86824e3af
093da2ee11d41dd7c13c4a7354a0014d0fa9d8bb
66640db6960dd9173483e3531f9978a74336492306e57dbf3902ca06ba29fff2

Archive (27)

Filename

Md5

File type

reg1.bat

71c2ab4ba40883fbf4713878a29ebcae

DOS batch file, ASCII text, with CRLF line terminators

reg2.bat

847e532991368d9cb63efacd08bcc2fe

DOS batch file, ASCII text, with CRLF line terminators

reg3.bat

d4cc8149be4959f1ad36ede98a99ca26

DOS batch file, ASCII text, with CRLF line terminators

reg4.bat

3ebe1534098a9d20fd7a14de1194ff83

DOS batch file, ASCII text, with CRLF line terminators

reg5.bat

bba9311f50d2704b6197520a99b1bf77

DOS batch file, ASCII text, with CRLF line terminators

steam_appid.txt

d5cfead94f5350c12c322b5b664544c1

ASCII text, with no line terminators

AppUpdater.exe

d559499e96b45ef1abdd4f35c89663d7

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

BrowserDownloadsView.exe

118968b09619b304e29d77c7b41402b7

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

DevManView.exe

9aa355d3d48e8a811a226f7320ad5aec

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

ExecutedProgramsList.exe

7366668cc7eaa1068a38cc2761217fc4

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

JumpListsView.exe

1a7524a3f7443c3e041774d5f372142c

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

MUICacheView.exe

e999c811b919c420d5657a484cecdd61

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

regjump.exe

0754f552bf43d0ea03e7ffae3764f76c

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

SandeLLo CHECKER.exe

299d46d51493467d70eaa05661e28e4d

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

shellbag.exe

463058236a0d84f8f8982d946eed0e07

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

UserAssistView.exe

f36530f46a34516be38521ee9a134d28

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

DotNetZip.dll

a999d7f3807564cc816c16f862a60bbe

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Newtonsoft.Json.dll

081d9558bbb7adce142da153b2d5577a

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Steamworks.NET.dll

c5b797a84429fb737e8a09846e3a6901

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

steam_api.dll

fe8e00c889a156836d57919ca23cde50

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

WindowsInput.dll

d711daf0138d35bdb878e397e0abb7c0

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

BrowserDownloadsView.cfg

2808115146d3886750a27994323846d8

ASCII text, with CRLF line terminators

DevManView.cfg

299577528f4a6adcac86b36f920b8032

Generic INItialization configuration [RecentFiles]

ExecutedProgramsList.cfg

4edc075d18603600c3b30206fcc058f4

ASCII text, with CRLF line terminators

JumpListsView.cfg

4ccd997c204b66073d071546be6273ab

ASCII text, with CRLF line terminators

MUICacheView.cfg

d42eb06e18177a8fbac1c51775a29d75

ASCII text, with CRLF line terminators

UserAssistView.cfg

d2341fdf2dadc9672794d09138c378ee

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
VirusTotal	malicious	VirusTotal - Scan result 23/61

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

cdn.semkrill.ru/installer/SandeLLoCHECKER_Installer-FILES.7z

172.67.184.109

200 OK

12 MB

URL User Request GET HTTP/2
cdn.semkrill.ru/installer/SandeLLoCHECKER_Installer-FILES.7z
IP
172.67.184.109:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectsemkrill.ru
FingerprintCE:55:81:CF:08:BF:0F:0E:0A:ED:26:EE:3C:31:5D:CE:66:9F:7E:E3
ValidityFri, 15 Mar 2024 10:31:08 GMT - Thu, 13 Jun 2024 10:31:07 GMT

File type
7-zip archive data, version 0.4
Size
12 MB (12251861 bytes)
Hash
f063063d0d033da8fa0380d86824e3af
093da2ee11d41dd7c13c4a7354a0014d0fa9d8bb
66640db6960dd9173483e3531f9978a74336492306e57dbf3902ca06ba29fff2

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 23/61

HTTP Headers

GET /installer/SandeLLoCHECKER_Installer-FILES.7z HTTP/1.1
Host: cdn.semkrill.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 06:51:10 GMT
content-length: 12251861
last-modified: Sat, 07 Oct 2023 12:44:57 GMT
etag: "baf2d5-6071fb976a2b3"
strict-transport-security: max-age=31536000;
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jZioyOOAYCQ3%2F8k%2FWxoikvF%2Bq8Q%2B1JgJsophq1BOP5lGqCN8pT4nrnErAjoZdPrsF9zJ%2B0gaOQJ0wIV0f60EVD1zC%2BJkYHbfg7bQy4X6EoldcEAT0crYw0cMFoxbgc%2FvXj4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875a7c2f694f9312-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2