Report - drv.dns-shop.ru/1.%20drivers/1.%20drivers/Laptop/ArdorGaming/5082627,5082628/Intel

Report Overview

Submitted URL
drv.dns-shop.ru/1.%20drivers/1.%20drivers/Laptop/ArdorGaming/5082627,5082628/Intel_Graphics.zip
IP
193.17.93.93
ASN
#210756 EdgeCenter LLC
Submitted
2024-04-16 11:49:35
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
drv.dns-shop.ru	unknown	2006-09-26	2023-03-27	2024-04-14	549 B	67 kB	193.17.93.93

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
drv.dns-shop.ru/1.%20drivers/1.%20drivers/Laptop/ArdorGaming/5082627,5082628/Intel_Graphics.zip
IP
193.17.93.93
ASN
#210756 EdgeCenter LLC

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
66 kB (66543 bytes)
Hash
5f1e300411c562fc9d4320524ddfa456
d04f322100fce768594648e2bf2e5a0e19b005c7
2702064a2ee9e8c243200a1d598e1b7eaacccafafb552fbf07998b98482ddb91

Archive (6)

Filename

Md5

File type

CHANGELOG.md

291cd3b562799f402987eae2c73a3d52

ASCII text

gna.cat

bd298ef4a1c3fe5895f38aee3e38da37

DER Encoded PKCS#7 Signed Data

gna.inf

cb769bf20e97e53a0d25dc32bd9fbd05

Windows setup INFormation

gna.sys

6ea3a12f265cb170ff3ed395ab507181

PE32+ executable (native) x86-64, for MS Windows, 8 sections

SetupInf.exe

5b6fb7427de667cb150c206c48b3531c

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows, 2 sections

SetupInf.ini

f49fecd7f9364acc725494ff1d62b2e9

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	drv.dns-shop.ru/1.%20drivers/1.%20drivers/Laptop/ArdorGaming/5082627,5082628/Intel_Graphics.zip	193.17.93.93	200 OK	66 kB
URL User Request GET HTTP/2 drv.dns-shop.ru/1.%20drivers/1.%20drivers/Laptop/ArdorGaming/5082627,5082628/Intel_Graphics.zip IP 193.17.93.93:443 ASN #210756 EdgeCenter LLC Certificate IssuerGlobalSign nv-sa Subject.dns-shop.ru Fingerprint60:1B:CD:BC:F4:12:1A:0E:F9:9B:29:95:E3:5E:CA:0A:99:D9:89:D0 ValidityTue, 06 Jun 2023 01:21:03 GMT - Sun, 07 Jul 2024 01:21:02 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 66 kB (66543 bytes) Hash 5f1e300411c562fc9d4320524ddfa456 d04f322100fce768594648e2bf2e5a0e19b005c7 2702064a2ee9e8c243200a1d598e1b7eaacccafafb552fbf07998b98482ddb91 HTTP Headers GET /1.%20drivers/1.%20drivers/Laptop/ArdorGaming/5082627,5082628/Intel_Graphics.zip HTTP/1.1 Host: drv.dns-shop.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: nginx date: Tue, 16 Apr 2024 11:49:09 GMT content-type: application/octet-stream content-length: 66543 etag: "5f1e300411c562fc9d4320524ddfa456" last-modified: Mon, 06 Mar 2023 00:56:20 GMT x-amz-meta-s3b-last-modified: 20230303T010238Z x-amz-meta-sha256: 2702064a2ee9e8c243200a1d598e1b7eaacccafafb552fbf07998b98482ddb91 x-amz-request-id: 7a1a5f06eb8fdd34 cache: MISS x-node: m9-up-gc19 accept-ranges: bytes X-Firefox-Spdy: h2`

drv.dns-shop.ru/1.%20drivers/1.%20drivers/Laptop/ArdorGaming/5082627,5082628/Intel_Graphics.zip

193.17.93.93

200 OK

66 kB

URL User Request GET HTTP/2
drv.dns-shop.ru/1.%20drivers/1.%20drivers/Laptop/ArdorGaming/5082627,5082628/Intel_Graphics.zip
IP
193.17.93.93:443
ASN
#210756 EdgeCenter LLC

Certificate
IssuerGlobalSign nv-sa
Subject*.dns-shop.ru
Fingerprint60:1B:CD:BC:F4:12:1A:0E:F9:9B:29:95:E3:5E:CA:0A:99:D9:89:D0
ValidityTue, 06 Jun 2023 01:21:03 GMT - Sun, 07 Jul 2024 01:21:02 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
66 kB (66543 bytes)
Hash
5f1e300411c562fc9d4320524ddfa456
d04f322100fce768594648e2bf2e5a0e19b005c7
2702064a2ee9e8c243200a1d598e1b7eaacccafafb552fbf07998b98482ddb91

HTTP Headers

GET /1.%20drivers/1.%20drivers/Laptop/ArdorGaming/5082627,5082628/Intel_Graphics.zip HTTP/1.1
Host: drv.dns-shop.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 11:49:09 GMT
content-type: application/octet-stream
content-length: 66543
etag: "5f1e300411c562fc9d4320524ddfa456"
last-modified: Mon, 06 Mar 2023 00:56:20 GMT
x-amz-meta-s3b-last-modified: 20230303T010238Z
x-amz-meta-sha256: 2702064a2ee9e8c243200a1d598e1b7eaacccafafb552fbf07998b98482ddb91
x-amz-request-id: 7a1a5f06eb8fdd34
cache: MISS
x-node: m9-up-gc19
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (6)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers