Report - github.com/pal1000/Realtek-UAD-generic/releases/download/6.0.9652.1/Unofficial-Realtek-UAD-generic-6.0.9652.1-r2.7z

Report Overview

Submitted URL
github.com/pal1000/Realtek-UAD-generic/releases/download/6.0.9652.1/Unofficial-Realtek-UAD-generic-6.0.9652.1-r2.7z
IP
140.82.121.3
ASN
#36459 GITHUB
Submitted
2024-04-24 13:48:48
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2024-03-24	569 B	4.0 kB	140.82.121.3
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2024-04-24	1.0 kB	19 MB	185.199.111.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
objects.githubusercontent.com/github-production-release-asset-2e65be/180331793/dbebd463-f177-4413-ba3f-77239080918e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240424%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240424T134747Z&X-Amz-Expires=300&X-Amz-Signature=d56e1ca541315321442b2252ff91c668a6d3cc04ea2a09b2a50004c7d813d9cd&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=180331793&response-content-disposition=attachment%3B%20filename%3DUnofficial-Realtek-UAD-generic-6.0.9652.1-r2.7z&response-content-type=application%2Foctet-stream
IP
185.199.111.133
ASN
#54113 FASTLY

File type
7-zip archive data, version 0.4
Size
19 MB (19164258 bytes)
Hash
32b9ab1164a1239d0e0f7136beb67b76
84a7f66c069152387980f36c86111b8764dfc3db
29f013e930f11a9b88bc94922612f69c74de838f9b1ae15fc9c1e940f09f1b03

Archive (54)

Filename

Md5

File type

audiotype.cmd

1a7937ddaa54adc022dc898d33b69f58

DOS batch file, ASCII text, with CRLF line terminators

defeatpnplock.cmd

9f5202bc39fec028aebc9f739edb327f

DOS batch file, ASCII text, with CRLF line terminators

forceupdater.cmd

9548d031f0c6f70162a906f9229a23c2

DOS batch file, ASCII text, with CRLF line terminators

HKR.cmd

4fbb12a715175b0fbfe2d03d95dc2743

ASCII text, with CRLF line terminators

regedit.cmd

e10269d1f108aecb9e2b5e25e1d16df8

DOS batch file, ASCII text, with CRLF line terminators

autostart.cmd

55a7c3687d1e944a4d144bb17d084e45

ASCII text, with CRLF line terminators

deluadcomponent.cmd

ead011c1bfb366fba6467b001540a95b

ASCII text, with CRLF line terminators

finduadservices.vbs

b893be2fc026c115206cca9f7f4e0cd9

ASCII text, with CRLF line terminators

getshell.vbs

4d394f7b60bcbd9a2913e15d5b9bdc63

ASCII text, with CRLF line terminators

uadserviceremove.cmd

a7b617797aae7bfcf0e8ab8371eddfb2

ASCII text, with CRLF line terminators

uadserviceusermode.vbs

8ab9cd78563d870fc7d71fcf9e67a1ce

ASCII text, with CRLF line terminators

README.md

d9056cdab02a58b387469cbc1c50044c

ASCII text, with very long lines (505), with CRLF line terminators

setup.cmd

40e44fb35e6f05b9571c2a30947c22d2

DOS batch file, ASCII text, with CRLF line terminators

disablewindowsupdatedriversdownload.cmd

5ed55077a1352f6ca3048e355178970a

DOS batch file, ASCII text, with CRLF line terminators

enablewindowsupdatedriversdownload.cmd

7fea6ea3983825c20b8843c67bf18ea7

DOS batch file, ASCII text, with CRLF line terminators

removesetupautostart.cmd

df6e5f23d8e54c9628395a9950a05981

DOS batch file, ASCII text, with CRLF line terminators

restorewindowsnormalstartup.cmd

486437bdf37ce690be3c49264dd66b8a

DOS batch file, ASCII text, with CRLF line terminators

HDXRT.inf

125f5c9d599f838704953fe9503a8fe6

Windows setup INFormation

HDXRTSST.inf

298040402bae4928e5454a19ac888bda

Windows setup INFormation

HDXRTU.CAT

261e9712b1690a149b9dc3eef4235b28

DER Encoded PKCS#7 Signed Data

RTAIODAT.DAT

2b3052d5073a0fc986593a70f1d38a73

DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 576460821022900224.000000, slope 170141710803118926675118326344417542144.000000

HDXRT.inf

1f3d94cb0c78d9111ef036e36f7121ab

Windows setup INFormation

HDXRTSST.inf

b814450eb949d73669138da905b73f69

Windows setup INFormation

HDXRTU.CAT

bf6039313f45a4a758c335429f044de8

DER Encoded PKCS#7 Signed Data

RTAIODAT.DAT

5a1170433af209dabdfc72d13f5ffcdd

hdxrtext.cat

69580f3619b7bec20a9715b8d93ec5d5

DER Encoded PKCS#7 Signed Data

HDX_GenericExt_RTK.inf

cf5f6840f096ae460847d0df79d78fbf

Windows setup INFormation

realtekapo.cat

0a95153b349a53e53db412f46f8c45a1

DER Encoded PKCS#7 Signed Data

RealtekAPO.inf

d0fb88accb1366b3e4028de31c20ab27

Windows setup INFormation

realtekapo.cat

11a71b7716d9cf7c2c63584c8886b59d

DER Encoded PKCS#7 Signed Data

RealtekAPO.inf

3567be508f45bed0cf1bf30a66d55a02

Windows setup INFormation

realtekhsa.cat

acc92df98596f13834382920c0e69c83

DER Encoded PKCS#7 Signed Data

RealtekHSA.inf

6f9879f727b017b57e0b4ed45f668145

Windows setup INFormation

realtekservice.cat

b113a776b5734538bc23a0ce1c2dba06

DER Encoded PKCS#7 Signed Data

RealtekService.inf

4d4ac956901044bdd874bd7b94c5d862

Windows setup INFormation

RTAIODAT.DAT

578bec10628d91fa38216642b8f30e3b

devcon.exe

4a4b27f0b7eed3b55c896630e8ace441

PE32+ executable (console) x86-64, for MS Windows, 6 sections

nircmd.exe

5ed4728caa339c2a7479102f0c04c087

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

nircmdc.exe

a89a436cd742f2aed183ae3aac6f575f

PE32+ executable (console) x86-64, for MS Windows, 5 sections

RTKVHD64.sys

e8deaccb145ef4ba30084625a1ec3e72

PE32+ executable (native) x86-64, for MS Windows, 10 sections

RTKVHD64.sys

85601f02a809535c62df53d1102ad1a5

PE32+ executable (native) x86-64, for MS Windows, 10 sections

RltkAPOU64.dll

7720c21094bc5a347f862b7ef55018f2

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 12 sections

RltkAPOU64.dll

e96a7dbabc2795c39a5cbd2e63792d65

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 12 sections

MonoSeparationEnrollDll.dll

0d5fa1ebd577a19bacf41840945cded4

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

MonoSeparationGEnrollDll.dll

643641d1c30b1f5c2cf7866ae3271dcf

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

RtCOM64.dll

dd3853ce3d3934ebbe122f136b50b723

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

RtDataProc64.dll

402c4a75d785003d28de449d4c64f5d3

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 9 sections

RtkApi64U.dll

f25a665b2c14bea0a9d4c06129d795f3

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

RtkAudUService64.exe

47f596173caff41a93c630730f1c2d9f

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

RtkAudUServiceConf64.dll

f4ad59d41b2f9eb64f1ea6069d3ee230

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

RtkAudUServiceRes64.dll

4d953515a75c61b86f75514db995bae9

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

RtkCfg64.dll

63cefa24543ba6302ad39a3446dc23f5

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

SpeakerVerfDll.dll

d312b58e4b51a6ee0791fb7ce774897c

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

RTKVHD64.sys

1ebe11e93d70f6d245344f64055bcc1b

PE32+ executable (native) x86-64, for MS Windows, 9 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	bumblebee_win_generic
YARAhub by abuse.ch	malware	bumblebee_win_generic
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	bumblebee_win_generic
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	github.com/pal1000/Realtek-UAD-generic/releases/download/6.0.9652.1/Unofficial-Realtek-UAD-generic-6.0.9652.1-r2.7z	140.82.121.3	302 Found	0 B
URL User Request GET HTTP/2 github.com/pal1000/Realtek-UAD-generic/releases/download/6.0.9652.1/Unofficial-Realtek-UAD-generic-6.0.9652.1-r2.7z IP 140.82.121.3:443 ASN #36459 GITHUB Certificate IssuerSectigo Limited Subjectgithub.com FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0 ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /pal1000/Realtek-UAD-generic/releases/download/6.0.9652.1/Unofficial-Realtek-UAD-generic-6.0.9652.1-r2.7z HTTP/1.1 Host: github.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found server: GitHub.com date: Wed, 24 Apr 2024 13:47:47 GMT content-type: text/html; charset=utf-8 vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/180331793/dbebd463-f177-4413-ba3f-77239080918e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240424%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240424T134747Z&X-Amz-Expires=300&X-Amz-Signature=d56e1ca541315321442b2252ff91c668a6d3cc04ea2a09b2a50004c7d813d9cd&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=180331793&response-content-disposition=attachment%3B%20filename%3DUnofficial-Realtek-UAD-generic-6.0.9652.1-r2.7z&response-content-type=application%2Foctet-stream cache-control: no-cache strict-transport-security: max-age=31536000; includeSubdomains; preload x-frame-options: deny x-content-type-options: nosniff x-xss-protection: 0 referrer-policy: no-referrer-when-downgrade content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ content-length: 0 x-github-request-id: 2103:1A7AD3:74D20B5:7619830:66290D83 X-Firefox-Spdy: h2

	objects.githubusercontent.com/github-production-release-asset-2e65be/180331793/dbebd463-f177-4413-ba3f-77239080918e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240424%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240424T134747Z&X-Amz-Expires=300&X-Amz-Signature=d56e1ca541315321442b2252ff91c668a6d3cc04ea2a09b2a50004c7d813d9cd&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=180331793&response-content-disposition=attachment%3B%20filename%3DUnofficial-Realtek-UAD-generic-6.0.9652.1-r2.7z&response-content-type=application%2Foctet-stream	185.199.111.133	200 OK	19 MB
URL User Request GET HTTP/2 objects.githubusercontent.com/github-production-release-asset-2e65be/180331793/dbebd463-f177-4413-ba3f-77239080918e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240424%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240424T134747Z&X-Amz-Expires=300&X-Amz-Signature=d56e1ca541315321442b2252ff91c668a6d3cc04ea2a09b2a50004c7d813d9cd&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=180331793&response-content-disposition=attachment%3B%20filename%3DUnofficial-Realtek-UAD-generic-6.0.9652.1-r2.7z&response-content-type=application%2Foctet-stream IP 185.199.111.133:443 ASN #54113 FASTLY Certificate IssuerDigiCert Inc Subject.github.io Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28 ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT File type 7-zip archive data, version 0.4 Size 19 MB (19164258 bytes) Hash 32b9ab1164a1239d0e0f7136beb67b76 84a7f66c069152387980f36c86111b8764dfc3db 29f013e930f11a9b88bc94922612f69c74de838f9b1ae15fc9c1e940f09f1b03 HTTP Headers GET /github-production-release-asset-2e65be/180331793/dbebd463-f177-4413-ba3f-77239080918e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240424%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240424T134747Z&X-Amz-Expires=300&X-Amz-Signature=d56e1ca541315321442b2252ff91c668a6d3cc04ea2a09b2a50004c7d813d9cd&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=180331793&response-content-disposition=attachment%3B%20filename%3DUnofficial-Realtek-UAD-generic-6.0.9652.1-r2.7z&response-content-type=application%2Foctet-stream HTTP/1.1 Host: objects.githubusercontent.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK content-type: application/octet-stream content-md5: MrmrEWShI50OD3E2vrZ7dg== last-modified: Mon, 22 Apr 2024 08:30:09 GMT etag: "0x8DC62A66BC51FB0" server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 924a0489-101e-0019-5e97-9461ee000000 x-ms-version: 2020-10-02 x-ms-creation-time: Mon, 22 Apr 2024 08:30:09 GMT x-ms-lease-status: unlocked x-ms-lease-state: available x-ms-blob-type: BlockBlob content-disposition: attachment; filename=Unofficial-Realtek-UAD-generic-6.0.9652.1-r2.7z x-ms-server-encrypted: true via: 1.1 varnish, 1.1 varnish accept-ranges: bytes age: 1164 date: Wed, 24 Apr 2024 13:47:48 GMT x-served-by: cache-iad-kcgs7200179-IAD, cache-hel1410031-HEL x-cache: HIT, HIT x-cache-hits: 34, 0 x-timer: S1713966468.877374,VS0,VE393 content-length: 19164258 X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (54)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers