Report - da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_All

Report Overview

Submitted URL
da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_All_13.51.823.0.zip
IP
89.41.180.194
ASN
#25198 Interkvm Host Srl
Submitted
2024-04-20 13:10:35
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
da-4.xyz	unknown	2023-06-04	2023-06-04	2024-04-18	521 B	6.8 MB	89.41.180.194

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-20 13:10:06	medium	89.41.180.194	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_All_13.51.823.0.zip
IP
89.41.180.194
ASN
#25198 Interkvm Host Srl

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
6.8 MB (6767152 bytes)
Hash
44d4e70f00435aed9cbce0b165c4327a
c9cafc04a903bb5c0690ab03511c081ed937792e
0982d750f40da5846216b6e2034cdfe7af9777c0ea5aeb0bfe2d35b17de43413

Archive (22)

Filename

Md5

File type

DevManagerCore.dll

da2e38cf8ff24983115f3adf4ffd166b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

LVAFT.cfg

835c775a6871d2a2ea6fc343b6b4c9a2

data

LVUI2.dll

ba3658cec8f480bc0f73586bd1fa733f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

LVUI2RC.dll

e00c75cd57c2d4d2c577cef6518c78b2

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

LogiDPP.dll

7dd35a545c6dd6521e7840fd2eaf9662

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

LogiDPPApp.exe

482dee3a48422a1d545a0907ec32cdf1

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Repository.reg

d61937b3b6f0eb457f1c052ce49962ab

Windows Registry little-endian text (Win2K or above)

WUApp32.exe

d94963d90ccb77a9c00eca60d7a8d02e

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

lvPRO5c.inf

cc410e32ec8ecbc6b3cc790f8683dec3

Windows setup INFormation

lvPRO5s.inf

533d012998d3326c8542d4c24577b1e5

Windows setup INFormation

lvPRO5v.inf

e58be1978d5949a0de05dd7d2ebe22cf

Windows setup INFormation

lvWIAext.dll

8c0d9893228437372336ab3e70b382b8

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

lvbusflt.sys

4ad85e8c1b15e594afccb4f4f46cf1e2

PE32 executable (native) Intel 80386, for MS Windows, 6 sections

lvcodec2.dll

b8213f40ce0e635c9ff9910bd75ad026

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

lvcoinst.dll

7925abbe44437ce4ec22cef9979167c1

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

lvcoinst.ini

bcd7159b6f32f03f394dfbc9f925398f

ASCII text, with CRLF line terminators

lvpro5c.cat

3204725aa1723aff85337725de735ca0

DER Encoded PKCS#7 Signed Data

lvpro5s.cat

61e6b9c08f478d42617f2aa061d80550

DER Encoded PKCS#7 Signed Data

lvpro5v.cat

520ed3f49f42564dd84177a05233cca0

DER Encoded PKCS#7 Signed Data

lvrs.sys

ba1347822d01b2d29c14cf09663a6457

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

lvuvc.sys

e2c99d3b692ba2173114c9df79313b70

PE32 executable (native) Intel 80386, for MS Windows, 8 sections

resolution_13_0_0.xml

6af7938dfef94eae9db2bc1b1bcdabd5

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_All_13.51.823.0.zip	89.41.180.194	200 OK	6.8 MB
URL User Request GET HTTP/1.1 da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_All_13.51.823.0.zip IP 89.41.180.194:443 ASN #25198 Interkvm Host Srl Certificate IssuerLet's Encrypt Subjectda-4.xyz Fingerprint91:57:E2:93:DE:BB:C6:22:C5:82:A0:FC:3A:D6:83:C9:1E:2A:DA:02 ValidityMon, 12 Feb 2024 17:40:23 GMT - Sun, 12 May 2024 17:40:22 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 6.8 MB (6767152 bytes) Hash 44d4e70f00435aed9cbce0b165c4327a c9cafc04a903bb5c0690ab03511c081ed937792e 0982d750f40da5846216b6e2034cdfe7af9777c0ea5aeb0bfe2d35b17de43413 HTTP Headers GET /drv/common/Logitech_HD_Pro_Webcam_C910_All_13.51.823.0.zip HTTP/1.1 Host: da-4.xyz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Server: nginx-n.wtf/1.25.2 Date: Sat, 20 Apr 2024 13:10:06 GMT Content-Type: application/zip Content-Length: 6767152 Last-Modified: Wed, 26 Oct 2022 18:32:10 GMT Connection: keep-alive ETag: "63597d2a-674230" Accept-Ranges: bytes`

da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_All_13.51.823.0.zip

89.41.180.194

200 OK

6.8 MB

URL User Request GET HTTP/1.1
da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_All_13.51.823.0.zip
IP
89.41.180.194:443
ASN
#25198 Interkvm Host Srl

Certificate
IssuerLet's Encrypt
Subjectda-4.xyz
Fingerprint91:57:E2:93:DE:BB:C6:22:C5:82:A0:FC:3A:D6:83:C9:1E:2A:DA:02
ValidityMon, 12 Feb 2024 17:40:23 GMT - Sun, 12 May 2024 17:40:22 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
6.8 MB (6767152 bytes)
Hash
44d4e70f00435aed9cbce0b165c4327a
c9cafc04a903bb5c0690ab03511c081ed937792e
0982d750f40da5846216b6e2034cdfe7af9777c0ea5aeb0bfe2d35b17de43413

HTTP Headers

GET /drv/common/Logitech_HD_Pro_Webcam_C910_All_13.51.823.0.zip HTTP/1.1
Host: da-4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx-n.wtf/1.25.2
Date: Sat, 20 Apr 2024 13:10:06 GMT
Content-Type: application/zip
Content-Length: 6767152
Last-Modified: Wed, 26 Oct 2022 18:32:10 GMT
Connection: keep-alive
ETag: "63597d2a-674230"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (22)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers