Report - www.rankingtactics.com/wp-content/uploads/zimmwriter_alternative

Report Overview

Submitted URL
www.rankingtactics.com/wp-content/uploads/zimmwriter_alternative_version.zip
IP
137.220.63.62
ASN
#20473 AS-CHOOPA
Submitted
2024-04-17 12:50:43
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.rankingtactics.com	unknown	2021-05-27	2021-06-21	2023-11-21	530 B	18 MB	137.220.63.62

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.rankingtactics.com/wp-content/uploads/zimmwriter_alternative_version.zip
IP
137.220.63.62
ASN
#20473 AS-CHOOPA

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
18 MB (17835333 bytes)
Hash
b815cc6a139fc560b904613d2849606c
2a38dd65d754d5317c16cb3a13e7481a107b37c1
66b045b5a6edb1f5fedfeb675400a11645856999279a6af3868c9b75cdffa913

Archive (19)

Filename

Md5

File type

curl-ca-bundle.crt

1363ae92d22e83c42a7f82ab6c5b0711

Unicode text, UTF-8 text

curl.exe

a006f28eadca91b9a8a20a62134a2baa

PE32 executable (console) Intel 80386, for MS Windows, 7 sections

libcurl.def

4e1de1b02e4bb7cec04e6ea5edd501af

ASCII text

libcurl.dll

7b51cda6406c2e3f3207c4fc0789f7e7

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

curl-ca-bundle.crt

1363ae92d22e83c42a7f82ab6c5b0711

Unicode text, UTF-8 text

curl.exe

a76354e3c1b539695b2544964f1ebbfa

PE32+ executable (console) x86-64, for MS Windows, 7 sections

libcurl-x64.def

4e1de1b02e4bb7cec04e6ea5edd501af

ASCII text

libcurl-x64.dll

5b3317e6e68deb00140099778b80964c

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

curl-ca-bundle.crt

1363ae92d22e83c42a7f82ab6c5b0711

Unicode text, UTF-8 text

instructions.txt

de861cb0d64976f0b5a075422998f510

ASCII text, with very long lines (324), with CRLF line terminators

libcurl-x64.dll

5b3317e6e68deb00140099778b80964c

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

libcurl.dll

7b51cda6406c2e3f3207c4fc0789f7e7

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

license.pdf

60eb5a55d5b63974b6c84d0232f0b8e6

PDF document, version 1.7, 8 pages

license_additional.txt

04e055b65c0b117a6658b3e05ae954f7

ASCII text, with very long lines (754), with CRLF line terminators

sqlite3.dll

d0110f6c934822d54311ec7d4dd0f883

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

sqlite3_x64.dll

839c51d9c8acea126077fc251a7d23a8

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

zimmwriter.exe

f891e622e244fee29c5297cc924aca08

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

_WebP_x64.dll

2d33ce4154a8c09dc00d49e39e22bdeb

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections

_WebP_x86.dll

878f99be8fe9cd16969e219afdb7c049

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip
Public InfoSec YARA rules	malware	Identifies compiled AutoIT script (as EXE).
VirusTotal	suspicious	VirusTotal - Scan result 9/63

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.rankingtactics.com/wp-content/uploads/zimmwriter_alternative_version.zip

137.220.63.62

200 OK

18 MB

URL User Request GET HTTP/2
www.rankingtactics.com/wp-content/uploads/zimmwriter_alternative_version.zip
IP
137.220.63.62:443
ASN
#20473 AS-CHOOPA

Certificate
IssuerLet's Encrypt
Subjectwww.rankingtactics.com
Fingerprint1C:5A:A8:C7:4B:46:6C:CF:F0:87:EC:33:8E:12:40:8B:5E:93:03:3C
ValidityThu, 11 Apr 2024 23:01:54 GMT - Wed, 10 Jul 2024 23:01:53 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
18 MB (17835333 bytes)
Hash
b815cc6a139fc560b904613d2849606c
2a38dd65d754d5317c16cb3a13e7481a107b37c1
66b045b5a6edb1f5fedfeb675400a11645856999279a6af3868c9b75cdffa913

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 9/63

HTTP Headers

GET /wp-content/uploads/zimmwriter_alternative_version.zip HTTP/1.1
Host: www.rankingtactics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 12:50:09 GMT
content-type: application/zip
content-length: 17835333
last-modified: Wed, 17 Apr 2024 03:14:05 GMT
etag: "661f3e7d-1102545"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (19)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers