Report - truboprovod.ru/download/soft/common/PASS_KeySt_LMS.zip

Report Overview

Submitted URL
truboprovod.ru/download/soft/common/PASS_KeySt_LMS.zip
IP
62.141.103.146
ASN
#3216 PVimpelCom
Submitted
2024-04-17 05:56:48
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
truboprovod.ru	unknown	2001-01-25	2015-02-21	2024-03-24	508 B	17 MB	62.141.103.146

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
truboprovod.ru/download/soft/common/PASS_KeySt_LMS.zip
IP
62.141.103.146
ASN
#3216 PVimpelCom

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
17 MB (16849672 bytes)
Hash
3ff79234b9aafb743ca5debe36efd2b2
c3cd01fec6a4a63fc6b371efb406c2d1d3e25231
a1e64fe66f75941a896e77a11b5c15d6c7ae5f3f9011c4a4ca1a2fa3434edc65

Archive (22)

Filename

Md5

File type

sx32w.dll

1662680636edf88f9c02c569957dd1f8

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

USAFE32.DLL

3badaed8105842e1e3942be71db98fe5

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

wxbase32u_vc14x.dll

d7b475e7c3d842cfea6a33e1195bb655

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

wxmsw32u_core_vc14x.dll

b9867b35efd74447b790a4653d2a99de

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

643.mo

84f00f0a5b4e7624230f17ba0aafa2d0

GNU message catalog (little endian), revision 0.0, 98 messages, Project-Id-Version: keyst 1.0 ' Код: '

exit2blue16.png

3b8f33e6894379fa188b184a58725261

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

exit3blue16.png

f3f87f69cc6cf1d01b7107c354021188

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

exitblue16.png

83a72aff66800354d752583dfb9e16fc

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

recordblue16.png

beafa959c1810c9f636d209dccb40d12

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

recordgreen16.png

2f80ae0a735a06df0a52b9fbf9b2a0fc

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

recordred16.png

51d39ce043c5b6d7bee3c8ccd5ee8178

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

refresh.png

83bc299be25e8e7c8a1f6303cc130ffd

PNG image data, 32 x 32, 8-bit colormap, non-interlaced

refreshblue16.png

92586d8da69d9d6f17a6e703b7e24b1f

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

refreshgreen16.png

4039cbbe2d4bfb470eea5b07370b08fd

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

save16.png

ad949106e1d7404e2a283dbeea2616ce

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

save32.png

3426a6a5c77f0d037bcc529ed7e6eb5c

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

savefile16.png

3446f6a53b63835f4c388689deb95c2f

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

savefile32.png

6fff0216552458ea7c39b88a0fc65ab1

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

ssp2hl_upgrade.exe

55742e26d8f4865746db5241fdabeae5

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections

Thumbs.db

4c1e54e2b020d5b6308870606193080a

Composite Document File V2 Document, Cannot read section info

keyst.exe

0893dcf4ac1ef0532e4288332a466440

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

sntl_licgen_windows.dll

3074e8bc2636a74157ab81d4d10da54f

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	meth_stackstrings

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

truboprovod.ru/download/soft/common/PASS_KeySt_LMS.zip

62.141.103.146

200 OK

17 MB

URL User Request GET HTTP/1.1
truboprovod.ru/download/soft/common/PASS_KeySt_LMS.zip
IP
62.141.103.146:443
ASN
#3216 PVimpelCom

Certificate
IssuerLet's Encrypt
Subjecttruboprovod.ru
Fingerprint2D:EA:C1:4A:3B:A4:A4:CC:94:0D:ED:5F:36:33:7C:83:5E:49:76:DC
ValidityThu, 15 Feb 2024 07:14:07 GMT - Wed, 15 May 2024 07:14:06 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
17 MB (16849672 bytes)
Hash
3ff79234b9aafb743ca5debe36efd2b2
c3cd01fec6a4a63fc6b371efb406c2d1d3e25231
a1e64fe66f75941a896e77a11b5c15d6c7ae5f3f9011c4a4ca1a2fa3434edc65

HTTP Headers

GET /download/soft/common/PASS_KeySt_LMS.zip HTTP/1.1
Host: truboprovod.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 05:56:32 GMT
Server: Apache
Set-Cookie: PHPSESSID=781b061bfb24430d0b0c70dcffa9db1c; expires=Fri, 17-May-2024 05:56:32 GMT; Max-Age=2592000; path=/
Expires: 0
Cache-Control: must-revalidate
Pragma: public
Content-Length: 16849672
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip