Report - www.ukrebs-software.de/download/back4sure/Back4Sure_Portable.zip

Report Overview

Submitted URL
www.ukrebs-software.de/download/back4sure/Back4Sure_Portable.zip
IP
81.169.145.77
ASN
#6724 Strato AG
Submitted
2024-04-17 10:22:38
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.ukrebs-software.de	unknown	unknown	2014-02-20	2024-03-10	518 B	3.9 MB	81.169.145.77

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.ukrebs-software.de/download/back4sure/Back4Sure_Portable.zip
IP
81.169.145.77
ASN
#6724 Strato AG

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
3.9 MB (3933877 bytes)
Hash
3f60ce8bcab04c440709b7e57c7d20a6
757bafc9797c7779803c9a6c49fb1940b8acbf07
12b3ea173d01165662da5e01b53df32aea0b9e9a06a66e856a9a54868b3762c1

Archive (23)

Filename

Md5

File type

Back4Sure.exe

a6bd16a75033c4b77e6d29f640a263b0

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Back4Sure.ini

83a22083c20ed02666a2b80bda2a3a8b

Generic INItialization configuration [Usage]

Contact.txt

35849ceb2a10a380205d3ff52322ce96

ASCII text, with CRLF line terminators

DefaultJob.b4j

cf3a46b7dfa92acdf6cd1a6568ac25af

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Back4Sure.chm

966729adb7bef1a0bf6df71b6d5a1a5a

MS Windows HtmlHelp Data

Back4Sure.chm

6b9927afa90248d5e8931e65e8c184b7

MS Windows HtmlHelp Data

Ez7Zip.dll

ac178a5dfc3deb82a271062f2c721bec

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

FileAssociation.exe

d5be377d36e5c52d2151e880086587de

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

Catalan.dll

de38b4a0fe24650de90fb43379284042

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

Chinese.dll

5b0f4e62fef2efd23f024ce3c79a10ce

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

Dutch.dll

3617472d2a2586fe079b5ac4de89c2c1

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

French.dll

ce8f02f4ffdab945524c45fe590a39fb

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

German.dll

71675ba08e0ea22ca92dc616047c46a8

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

Italian.dll

d237882c538a47d1e0e732000615424e

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

PortugueseBrazilian.dll

97799cd3960738e4a077689490795137

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

Romanian.dll

487214fa8d8339c503740b0d93927db8

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

Russian.dll

1a29168aac13c6d614004ea0c0f9dacd

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

Spanish.dll

048e533ad32da325c06ce1c1fb0d7d2f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

Swedish.dll

9e3d3c2653e7d5201b9a5eab2260e529

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

libeay32.dll

4066479240d76b49919b8799c40efbc1

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

License agreement.txt

5f38705d36b158e610aed08bd6220aff

ASCII text, with very long lines (380), with CRLF line terminators

OpenSSL License.txt

83d26c69f6f0172ee7f795790424b453

ASCII text

ssleay32.dll

721f686c46dd56611d6ba54bf3501b4c

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.ukrebs-software.de/download/back4sure/Back4Sure_Portable.zip

81.169.145.77

200 OK

3.9 MB

URL User Request GET HTTP/2
www.ukrebs-software.de/download/back4sure/Back4Sure_Portable.zip
IP
81.169.145.77:443
ASN
#6724 Strato AG

Certificate
IssuerDigiCert Inc
Subjectwww.ukrebs-software.de
FingerprintA6:CA:F8:5C:E5:5B:C1:83:D8:5B:A0:F9:3D:2E:C9:5F:78:B2:FF:F3
ValidityMon, 19 Feb 2024 00:00:00 GMT - Wed, 05 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
3.9 MB (3933877 bytes)
Hash
3f60ce8bcab04c440709b7e57c7d20a6
757bafc9797c7779803c9a6c49fb1940b8acbf07
12b3ea173d01165662da5e01b53df32aea0b9e9a06a66e856a9a54868b3762c1

HTTP Headers

GET /download/back4sure/Back4Sure_Portable.zip HTTP/1.1
Host: www.ukrebs-software.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
vary: User-Agent
last-modified: Sun, 10 Mar 2024 09:09:51 GMT
etag: "3c06b5-6134ac998b5c0"
accept-ranges: bytes
content-length: 3933877
content-type: application/zip
date: Wed, 17 Apr 2024 10:22:11 GMT
server: Apache/2.4.59 (Unix)
X-Firefox-Spdy: h2