Report - www.pce-instruments.com/us/software/pce-vd3.zip

Report Overview

Submitted URL
www.pce-instruments.com/us/software/pce-vd3.zip
IP
172.66.43.96
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-18 01:41:03
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.pce-instruments.com	unknown	2010-03-18	2015-01-21	2024-03-15	501 B	12 MB	172.66.40.160

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.pce-instruments.com/us/software/pce-vd3.zip
IP
172.66.40.160
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
12 MB (12051276 bytes)
Hash
c43d0958d874fe4956ad2538eaa6029a
a409b3378f0b97fb0ccedee188b2c100b8475efd
408b8ff0de1070c37fe7fe1c8fbb11ca9b9b54e8f2f71f566fef89f4076bc5d9

Archive (19)

Filename

Md5

File type

0x0409.ini

6c87581375d4e4789761b9833c2a1b4d

Generic INItialization configuration [Languages]

Autorun.inf

466bb5b7f0d94af1a7f73bb584ac98c9

Microsoft Windows Autorun file

USBXpress_Install.exe

9d873cd8a0b0baf7ca21601d2afd40fb

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

instmsia.exe

43f7305c2e5dd4a8f3c5abeb2ffe4833

PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive, 3 sections

instmsiw.exe

61a5fb191ae2ae876db31dcce75e4183

PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive, 3 sections

Datalogger.exe

95ce733cbc1325b916eeadb445f4a028

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

Help.chm

7359b51c1721140bf8815aee41552535

MS Windows HtmlHelp Data

SiUSBXp.dll

372584e745a5a968aa02d7b969fb377b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

setup.exe

a5cb22a63930f76ef6b6460cf597654d

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Setup.ini

d1f41201aaf9d296f8ef1c6b2f901afd

Generic INItialization configuration [Startup]

SETUPGUIDE.exe

091214c918f90ee425d048c1eaab0888

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

asycfilt.dll

c89e401800de62e5702e085d898eed20

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections

comcat.dll

3b180da2b50b954a55fe37afba58d428

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections

mfc42.dll

71ad9ea933ace083add86bbe4f265d8b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

msvcrt.dll

4300d1a092b91e7c8dfa6f1e5e7973b2

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

oleaut32.dll

7b156d230278b8c914ef3f4169fec1cc

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections

olepro32.dll

ce0155405ea902797e88b92a78443aeb

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections

stdole2.tlb

1b02577f0addea32eb02a50d4a4cdd1e

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

Vibration Datalogger.msi

d5272d83cf23e6f8255ecbf3d3f75969

Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Last Saved By: InstallShield , Number of Characters: 0, Security: 1, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Number of Pages: 200, Name of Creating Application: InstallShield? X - Express Edition 10.0, Last Saved Time/Date: Tue Oct 6 17:27:08 2009, Create Time/Date: Tue Oct 6 17:27:08 2009, Last Printed: Tue Oct 6 17:27:08 2009, Revision Number: {CB15CE13-DF4E-43E9-A6BB-C2133DCB22B2}, Code page: 1252, Template: Intel;1033

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	detect_Redline_Stealer
YARAhub by abuse.ch	malware	detect_Redline_Stealer
VirusTotal	suspicious	VirusTotal - Scan result 6/63

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.pce-instruments.com/us/software/pce-vd3.zip

172.66.40.160

200 OK

12 MB

URL User Request GET HTTP/2
www.pce-instruments.com/us/software/pce-vd3.zip
IP
172.66.40.160:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectpce-instruments.com
Fingerprint85:7F:EC:EF:F9:89:72:F0:9F:EF:6A:EB:6B:9B:E8:89:C3:A7:C5:93
ValidityFri, 08 Mar 2024 23:59:19 GMT - Thu, 06 Jun 2024 23:59:18 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
12 MB (12051276 bytes)
Hash
c43d0958d874fe4956ad2538eaa6029a
a409b3378f0b97fb0ccedee188b2c100b8475efd
408b8ff0de1070c37fe7fe1c8fbb11ca9b9b54e8f2f71f566fef89f4076bc5d9

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 6/63

HTTP Headers

GET /us/software/pce-vd3.zip HTTP/1.1
Host: www.pce-instruments.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 01:40:34 GMT
content-type: application/zip
content-length: 12051276
cf-ray: 8760f2919ae156b1-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: max-age=2678400
etag: "b7e34c-5e3497d172c81"
expires: Thu, 18 Apr 2024 01:40:34 GMT
last-modified: Fri, 08 Jul 2022 11:27:34 GMT
strict-transport-security: max-age=63072000
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (19)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers