Report - dl-dr-4.xyz/drv/old/Intel-FORCED-81x64-WIGIG_3.0.33116

Report Overview

Submitted URL
dl-dr-4.xyz/drv/old/Intel-FORCED-81x64-WIGIG_3.0.33116_old-drp.zip
IP
89.41.180.201
ASN
#25198 Interkvm Host Srl
Submitted
2024-04-19 15:48:57
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dl-dr-4.xyz	unknown	2023-06-04	2023-06-04	2024-04-18	520 B	3.2 MB	89.41.180.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-19 15:48:30	medium	89.41.180.201	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-19	medium	dl-dr-4.xyz	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
dl-dr-4.xyz/drv/old/Intel-FORCED-81x64-WIGIG_3.0.33116_old-drp.zip
IP
89.41.180.201
ASN
#25198 Interkvm Host Srl

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
3.2 MB (3205065 bytes)
Hash
d921e523ab9d8dde0ce63cb32919533b
611a816fa2fd8bdf4ea02d9bbc2926b5b2d9e51c
3e433f2beb283cc917a020dd14b6dff25846fb798b726e421b61a9daa1971207

Archive (15)

Filename

Md5

File type

BPRGInst.exe

e547c8455d13e201f1bbbd4170052774

PE32+ executable (console) x86-64, for MS Windows, 6 sections

WdfCoinstaller01011.dll

d10864c1730172780c2d4be633b9220a

PE32+ executable (DLL) (console) x86-64, for MS Windows, 6 sections

WiGigClassInstaller.dll

157811eb297653cd1fbe60d9ac2a2c34

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

iWiGiG.inf

0c657e1e2f01c5f9f950cd9881874565

Windows setup INFormation

iWiGiG.sys

96e4bde1f365f8eaa25a585baebe7bfb

PE32+ executable (native) x86-64, for MS Windows, 8 sections

iWiGigUM.dll

80509a06ea976e4599c73e5344b30369

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

iWiGigUM.inf

132f6489f92c56b4abf0106c5d3a77f7

Windows setup INFormation

imausbhpal.cat

9b8da1d15ebb13b8cb74de05375fad73

DER Encoded PKCS#7 Signed Data

imausbhpal.inf

6014b2c60fa239a059d5e9854d6a8980

Windows setup INFormation

imausbhpal.sys

41618c755c1995b8886a5af30abf99e9

PE32+ executable (native) x86-64, for MS Windows, 8 sections

imausbhub.cat

8f3d20bb1301141b4fa42acd910cd1f6

DER Encoded PKCS#7 Signed Data

imausbhub.inf

a01837a1cddb5e6e7f15f9c0a56aae23

Windows setup INFormation

imausbhub.sys

8b2d6e2dcedc8bfae9c8d2204357fbea

PE32+ executable (native) x86-64, for MS Windows, 10 sections

iwigig.cat

8d58b97f95b00bd918d7b0b2322eb240

DER Encoded PKCS#7 Signed Data

iwigigum.cat

5df27fb549d15585c18219031b50cb57

DER Encoded PKCS#7 Signed Data

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

dl-dr-4.xyz/drv/old/Intel-FORCED-81x64-WIGIG_3.0.33116_old-drp.zip

89.41.180.201

200 OK

3.2 MB

URL User Request GET HTTP/1.1
dl-dr-4.xyz/drv/old/Intel-FORCED-81x64-WIGIG_3.0.33116_old-drp.zip
IP
89.41.180.201:443
ASN
#25198 Interkvm Host Srl

Certificate
IssuerLet's Encrypt
Subjectdl-dr-4.xyz
Fingerprint53:DD:DB:48:8D:08:FB:F2:91:BC:7E:7F:53:67:F2:0A:7A:45:32:C1
ValidityMon, 12 Feb 2024 17:40:09 GMT - Sun, 12 May 2024 17:40:08 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
3.2 MB (3205065 bytes)
Hash
d921e523ab9d8dde0ce63cb32919533b
611a816fa2fd8bdf4ea02d9bbc2926b5b2d9e51c
3e433f2beb283cc917a020dd14b6dff25846fb798b726e421b61a9daa1971207

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /drv/old/Intel-FORCED-81x64-WIGIG_3.0.33116_old-drp.zip HTTP/1.1
Host: dl-dr-4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx-n.wtf/1.25.2
Date: Fri, 19 Apr 2024 15:48:30 GMT
Content-Type: application/zip
Content-Length: 3205065
Last-Modified: Sat, 23 Mar 2024 18:36:21 GMT
Connection: keep-alive
ETag: "65ff2125-30e7c9"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (15)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers