Report - ftp.noadmin.net/software/ventoy-1.0.79-windows.zip

Report Overview

Submitted URL
ftp.noadmin.net/software/ventoy-1.0.79-windows.zip
IP
176.118.218.37
ASN
#60042 OnTelecom LLC
Submitted
2024-04-23 09:02:50
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
9

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ftp.noadmin.net	unknown	2020-02-17	2018-07-08	2023-08-24	504 B	16 MB	176.118.218.37

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

Files detected

URL
ftp.noadmin.net/software/ventoy-1.0.79-windows.zip
IP
176.118.218.37
ASN
#60042 OnTelecom LLC

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
16 MB (15970438 bytes)
Hash
1c41fe08c7fe3aa5a6445e3ea5c846a2
3010a9012db49f7d2f66255c0516f5a58b431646
8d54aa5c12d15c6813a8a184198caf9aeb24be0f3a4af68d2dda011cfea2e13f

Archive (43)

Filename

Md5

File type

ventoy.disk.img.xz

e1dd1389b2588d9987ab76e414705957

XZ compressed data, checksum CRC32

plugson.tar.xz

2c18d3f649ad2de63214d88a3739f57e

XZ compressed data, checksum CRC32

version

9e3465aaf8997f1f26187c7400552ade

ASCII text

languages.json

e1075f096dff02f78125b6ee046de9ca

JSON text data

VentoyVlnk.exe

8e84aa749ac62d5dceb600cec8d86c96

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

FOR_X64_ARM.txt

94998e1249f884640f91dbdf91fe45c9

Unicode text, UTF-8 text

Ventoy2Disk.exe

171111f94a4aa4d0b54552c838c5d63a

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Ventoy2Disk_ARM.exe

d979ec43bae549ed9d30642ffefd2b90

PE32 executable (GUI) ARMv7 Thumb, for MS Windows, 6 sections

Ventoy2Disk_ARM64.exe

14d974a52afe055596fb057ff333892b

PE32+ executable (GUI) Aarch64, for MS Windows, 6 sections

Ventoy2Disk_X64.exe

398458affcb863db784a95f3d47c14bf

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

VentoyPlugson.exe

f663a08ec90cff8b55d2082d6cc02279

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ventoy_grub.cfg

bec7c7b9bb1e31b7d7d0b43de4dc77b1

ASCII text, with CRLF line terminators

menu_n.png

30b99aad83160bd8dd454a77d7dce320

PNG image data, 4 x 30, 8-bit/color RGBA, non-interlaced

menu_ne.png

5f986d2a559c125c7f5ad53cb8ae1ffb

PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced

slider_c.png

78f3cf1f0a89c23ce77f88bd5766ef8b

PNG image data, 20 x 4, 8-bit/color RGBA, non-interlaced

select_c.png

ccf38080aa59a45a428b87fa118517f2

PNG image data, 638 x 36, 8-bit/color RGBA, non-interlaced

terminal_box_s.png

e9d31235fc9a340e011504aa0089e45c

PNG image data, 64 x 16, 8-bit/color RGBA, non-interlaced

slider_s.png

331a0ff0e59b6c07f4c8cce6fe40a4eb

PNG image data, 20 x 8, 8-bit/color RGBA, non-interlaced

menu_sw.png

b006d2411337a639cbeac256aa57c946

PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced

terminal_box_c.png

3d8e1449a7635dea68854f0446d5dcbd

PNG image data, 64 x 34, 8-bit/color RGBA, non-interlaced

menu_w.png

60fd48b0d579f8cb33ce546a1369a3ab

PNG image data, 30 x 4, 8-bit/color RGBA, non-interlaced

terminal_box_ne.png

89ccc6f15794df7ea4e7fb33e307cd3e

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

terminal_box_w.png

949a1c2efa81f796c06980aa5fe57eed

PNG image data, 16 x 34, 8-bit/color RGBA, non-interlaced

terminal_box_e.png

973d079cb276bf0186ad944b1cc49832

PNG image data, 16 x 34, 8-bit/color RGBA, non-interlaced

slider_n.png

4c866b14c5797eb57d95979369769324

PNG image data, 20 x 8, 8-bit/color RGBA, non-interlaced

terminal_box_nw.png

59f35a9c57ae1e07da9c5ed5b4f1541f

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

menu_e.png

60fd48b0d579f8cb33ce546a1369a3ab

PNG image data, 30 x 4, 8-bit/color RGBA, non-interlaced

terminal_box_sw.png

d3ea83db1f97b7c2925ac1f71fe9d005

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

menu_c.png

254f25b6899730c5e538de43e095073f

PNG image data, 4 x 4, 8-bit/color RGBA, non-interlaced

ubuntu.png

06254c11cd10717004d7e2e11231ba95

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

deepin.png

a3dd1806a6cbf073a8b2b69a7e79264e

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

vtoyiso.png

a59484cd7ac471f710c1516dbde0a069

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

red-hat.png

43bfedc2ba25a0b88afc593f77f9a2cb

PNG image data, 42 x 32, 8-bit/color RGBA, non-interlaced

background.png

8b34b7f3f638f41b371b64bebe1eab12

PNG image data, 1024 x 768, 8-bit/color RGBA, non-interlaced

menu_s.png

2b7e4741bc7acf18181a6ec03a1d8a5f

PNG image data, 4 x 30, 8-bit/color RGBA, non-interlaced

terminal_box_n.png

20df2580f580222fd599f0c0b239c4de

PNG image data, 64 x 16, 8-bit/color RGBA, non-interlaced

terminal_box_se.png

f8ecc6c3f34b5bfd4dcd033e20d11f8a

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

menu_nw.png

5f986d2a559c125c7f5ad53cb8ae1ffb

PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced

menu_se.png

b006d2411337a639cbeac256aa57c946

PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced

theme.txt

105fcdf7662f30a65f0b80a0d295c764

ASCII text

ventoy.json

3484f707a36c7927f0671eb213580ac0

JSON text data

boot.img

d2de3b327325bf2b5a90d24f9c6d6bae

DOS/MBR boot sector

core.img.xz

2fe49591e2eeb25e7bbc32d75facdaf5

XZ compressed data, checksum CRC32

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 1/68

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

ftp.noadmin.net/software/ventoy-1.0.79-windows.zip

176.118.218.37

200 OK

16 MB

URL User Request GET HTTP/1.1
ftp.noadmin.net/software/ventoy-1.0.79-windows.zip
IP
176.118.218.37:443
ASN
#60042 OnTelecom LLC

Certificate
IssuerLet's Encrypt
Subjectftp.noadmin.net
Fingerprint61:99:9D:15:AE:16:BC:85:30:3F:97:6C:29:2E:9F:85:BC:0E:AC:61
ValiditySun, 21 Apr 2024 03:55:07 GMT - Sat, 20 Jul 2024 03:55:06 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
16 MB (15970438 bytes)
Hash
1c41fe08c7fe3aa5a6445e3ea5c846a2
3010a9012db49f7d2f66255c0516f5a58b431646
8d54aa5c12d15c6813a8a184198caf9aeb24be0f3a4af68d2dda011cfea2e13f

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/68

HTTP Headers

GET /software/ventoy-1.0.79-windows.zip HTTP/1.1
Host: ftp.noadmin.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 23 Apr 2024 09:02:21 GMT
Content-Type: application/zip
Content-Length: 15970438
Last-Modified: Tue, 02 Aug 2022 08:28:12 GMT
Connection: keep-alive
ETag: "62e8e01c-f3b086"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (43)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers