Report Overview
Submitted URL
crm.jcrestorer.com/updata/khd.exe
IP
47.118.36.171ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.
Submitted
2024-04-16 21:17:20
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5
Domain Summary
| Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
|---|---|---|---|---|---|---|---|
| crm.jcrestorer.com | unknown | 2017-02-06 | 2021-09-15 | 2024-04-13 | 487 B | 4.0 MB | 47.118.36.171 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
| Scan Date | Severity | Indicator | Alert |
|---|---|---|---|
| 2024-04-16 | medium | crm.jcrestorer.com/updata/khd.exe | meth_get_eip |
| 2024-04-16 | medium | crm.jcrestorer.com/updata/khd.exe | meth_peb_parsing |
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
crm.jcrestorer.com/updata/khd.exe
IP
47.118.36.171ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type
PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
Size
4.0 MB (3998720 bytes)
Hash
5cdf3f214234cddfe3a0368135ec98ab
50c1324d00ed1e1ea11613437e9e8ce619edfda3
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| YARAhub by abuse.ch | malware | meth_get_eip |
| YARAhub by abuse.ch | malware | meth_peb_parsing |
| VirusTotal | malicious |
JavaScript (0)
HTTP Transactions (1)
| URL | IP | Response | Size | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
crm.jcrestorer.com/updata/khd.exe | 47.118.36.171 | 200 HP Http Server OK | 4.0 MB | |||||||||||||
Detections
HTTP Headers
| ||||||||||||||||