Report - pdds-cdn.quark.cn/27-4/stfile/2109/3fd61c3fdc86e62f93af69a11768a975/weex-arm64-v8a-20210928152626.zip?auth_key=1714038075-0-0-32bbb99f2ab6676020f34bc0171585c2&SESSID=1eff081de57bddb7f524595a9d1fdce0

Report Overview

Submitted URL
pdds-cdn.quark.cn/27-4/stfile/2109/3fd61c3fdc86e62f93af69a11768a975/weex-arm64-v8a-20210928152626.zip?auth_key=1714038075-0-0-32bbb99f2ab6676020f34bc0171585c2&SESSID=1eff081de57bddb7f524595a9d1fdce0
IP
61.170.80.227
ASN
#4812 China Telecom Group
Submitted
2024-04-18 09:42:04
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pdds-cdn.quark.cn	unknown	2012-06-18	2023-03-07	2024-04-10	652 B	4.3 MB	61.170.80.230

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
pdds-cdn.quark.cn/27-4/stfile/2109/3fd61c3fdc86e62f93af69a11768a975/weex-arm64-v8a-20210928152626.zip?auth_key=1714038075-0-0-32bbb99f2ab6676020f34bc0171585c2&SESSID=1eff081de57bddb7f524595a9d1fdce0
IP
61.170.80.230
ASN
#4812 China Telecom Group

File type
Zip archive data, at least v1.0 to extract, compression method=deflate
Size
4.3 MB (4279128 bytes)
Hash
3fd61c3fdc86e62f93af69a11768a975
103f8b2559e2012663e4addd95c7835a430505c4
98358977ec7227bce49444756d928c15d6cfeb3a2d1b07775cd17c274d03b1c3

Archive (8)

Filename

Md5

File type

libweexcore.so

051ad098d4c45a9c269a2c5ba4325b47

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

libJavaScriptCore.so

21a5ddb6ec4d6aee84e38a2a27d844d6

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

libweexjss.so

ae0f42eb56b1c53bc57cb58d71edad1c

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

libWeexEagle.so

1a890b288e3f4e00fbf6aa6f8014c926

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

libweexjssr.so

ea9b148223766f5e96e2f85da4de917c

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

libweexjsb.so

19d4fba0d7b32b7abd4a588a7bc76d4d

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

libweexjst.so

19d4fba0d7b32b7abd4a588a7bc76d4d

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

libWTF.so

f2d54f165d1e199bfbd6299c27498e21

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

pdds-cdn.quark.cn/27-4/stfile/2109/3fd61c3fdc86e62f93af69a11768a975/weex-arm64-v8a-20210928152626.zip?auth_key=1714038075-0-0-32bbb99f2ab6676020f34bc0171585c2&SESSID=1eff081de57bddb7f524595a9d1fdce0

61.170.80.230

200 OK

4.3 MB

URL User Request GET HTTP/1.1
pdds-cdn.quark.cn/27-4/stfile/2109/3fd61c3fdc86e62f93af69a11768a975/weex-arm64-v8a-20210928152626.zip?auth_key=1714038075-0-0-32bbb99f2ab6676020f34bc0171585c2&SESSID=1eff081de57bddb7f524595a9d1fdce0
IP
61.170.80.230:443
ASN
#4812 China Telecom Group

Certificate
IssuerGlobalSign nv-sa
Subjectpdds-cdn.quark.cn
Fingerprint35:31:5A:7D:83:7E:0C:93:64:56:AF:B6:98:39:31:20:46:D0:B4:A0
ValidityMon, 25 Mar 2024 07:56:08 GMT - Sat, 26 Apr 2025 07:56:07 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=deflate
Size
4.3 MB (4279128 bytes)
Hash
3fd61c3fdc86e62f93af69a11768a975
103f8b2559e2012663e4addd95c7835a430505c4
98358977ec7227bce49444756d928c15d6cfeb3a2d1b07775cd17c274d03b1c3

HTTP Headers

GET /27-4/stfile/2109/3fd61c3fdc86e62f93af69a11768a975/weex-arm64-v8a-20210928152626.zip?auth_key=1714038075-0-0-32bbb99f2ab6676020f34bc0171585c2&SESSID=1eff081de57bddb7f524595a9d1fdce0 HTTP/1.1
Host: pdds-cdn.quark.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/zip
Content-Length: 4279128
Connection: keep-alive
Date: Thu, 18 Apr 2024 09:41:08 GMT
x-oss-request-id: 6620EAB4754D1C383190322D
x-oss-cdn-auth: success
Accept-Ranges: bytes
x-oss-object-type: Multipart
x-oss-storage-class: Standard
x-oss-server-time: 68
Ali-Swift-Global-Savetime: 1713433268
Via: cache15.l2cn1827[0,0,304-0,H], cache57.l2cn1827[1,0], vcache15.cn6012[0,0,200-0,H], vcache11.cn6012[10,0]
ETag: "F3460542DDCE957A5AF5D976A024B444-5"
Last-Modified: Tue, 28 Sep 2021 07:31:48 GMT
x-oss-hash-crc64ecma: 11116929286513430265
Age: 30
X-Cache: HIT TCP_MEM_HIT dirn:6:1443304753 mlen:0
X-Swift-SaveTime: Thu, 18 Apr 2024 09:41:15 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: 3daa501f17134332980258557e