Report - da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_All

Report Overview

Submitted URL
da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_All_13.1.1021.0.zip
IP
89.41.180.194
ASN
#25198 Interkvm Host Srl
Submitted
2024-04-20 13:10:36
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
da-4.xyz	unknown	2023-06-04	2023-06-04	2024-04-18	521 B	7.5 MB	89.41.180.194

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-20 13:10:07	medium	89.41.180.194	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_All_13.1.1021.0.zip
IP
89.41.180.194
ASN
#25198 Interkvm Host Srl

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
7.5 MB (7465209 bytes)
Hash
1b3fe6ee29f02c129514401019c9614c
9225350bc4c91c6b4c15d9709f10bf9f87a75073
f8d8690e00cbe3108ec3198a3242160fa47f0e3402beef9ea644f32a90be0b69

Archive (25)

Filename

Md5

File type

DevManagerCore.dll

34e0b690eeee5241036cb869d073958b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

LVAFT.cfg

835c775a6871d2a2ea6fc343b6b4c9a2

data

LVUI2.dll

baea03bc8d6752b1568573a6c8b125a6

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

LVUI2RC.dll

a6c6583ebb4fda658e204b3edb04f79a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

LogiDPP.dll

38d0e324831bf91128e614268034f659

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

LogiDPPApp.exe

799a360bf1900ace8e903d0609eae99e

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Repository.reg

e19be28990f4e6d2f63774c0eca66583

Windows Registry little-endian text (Win2K or above)

Resolution.xml

2cadc36d6bad6a405e78430166d57a84

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

WUApp32.exe

7fb03d7dbfb0f2ab39dcae3a94814cbf

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

lvPRO5c.inf

0380eea0268ea2f5a0b11cb4aeb24f76

Windows setup INFormation

lvPRO5s.inf

7795bdd2a9b4b50f09573249aaef1fda

Windows setup INFormation

lvPRO5v.inf

9d4b60201e5c54d045350b8bcc976704

Windows setup INFormation

lvWIAext.dll

a5401c52b86d029a077f452fcbbee64d

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

lvbusflt.sys

710e0b82196c5e1f3407ea0b97c715ef

PE32 executable (native) Intel 80386, for MS Windows, 6 sections

lvcodec2.dll

4522295564a69018c6e69b1d005ada5d

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

lvcoinst.dll

42b4e51f642d8ba677586e79c745f244

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

lvcoinst.ini

85ab59411ce928b9e08fad937c165e22

ASCII text, with CRLF line terminators

lvpopflt.sys

cbf0bf6af73a704211bbb52efacaa8a0

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

lvpro5c.cat

09fc0e24851d6fa15f90f592e536aada

DER Encoded PKCS#7 Signed Data

lvpro5s.cat

d891e11102bfb05fa1db1bc17e35a186

DER Encoded PKCS#7 Signed Data

lvpro5v.cat

314c30950f1c626a5c90853ef2139a58

DER Encoded PKCS#7 Signed Data

lvrs.sys

6917b407dbec11b3a078abfc2ec2ac7c

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

lvselsus.sys

227e30912d5db820bde18418f5b9be01

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

lvuvc.sys

44876e70e07e9a653bbe423dbfa35a1a

PE32 executable (native) Intel 80386, for MS Windows, 8 sections

lvuvcflt.sys

d59274041bbdbfbecd05b92c0c28b51f

PE32 executable (native) Intel 80386, for MS Windows, 6 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_All_13.1.1021.0.zip	89.41.180.194	200 OK	7.5 MB
URL User Request GET HTTP/1.1 da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_All_13.1.1021.0.zip IP 89.41.180.194:443 ASN #25198 Interkvm Host Srl Certificate IssuerLet's Encrypt Subjectda-4.xyz Fingerprint91:57:E2:93:DE:BB:C6:22:C5:82:A0:FC:3A:D6:83:C9:1E:2A:DA:02 ValidityMon, 12 Feb 2024 17:40:23 GMT - Sun, 12 May 2024 17:40:22 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 7.5 MB (7465209 bytes) Hash 1b3fe6ee29f02c129514401019c9614c 9225350bc4c91c6b4c15d9709f10bf9f87a75073 f8d8690e00cbe3108ec3198a3242160fa47f0e3402beef9ea644f32a90be0b69 HTTP Headers GET /drv/common/Logitech_HD_Pro_Webcam_C910_All_13.1.1021.0.zip HTTP/1.1 Host: da-4.xyz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Server: nginx-n.wtf/1.25.2 Date: Sat, 20 Apr 2024 13:10:07 GMT Content-Type: application/zip Content-Length: 7465209 Last-Modified: Wed, 26 Oct 2022 18:54:48 GMT Connection: keep-alive ETag: "63598278-71e8f9" Accept-Ranges: bytes`

da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_All_13.1.1021.0.zip

89.41.180.194

200 OK

7.5 MB

URL User Request GET HTTP/1.1
da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_All_13.1.1021.0.zip
IP
89.41.180.194:443
ASN
#25198 Interkvm Host Srl

Certificate
IssuerLet's Encrypt
Subjectda-4.xyz
Fingerprint91:57:E2:93:DE:BB:C6:22:C5:82:A0:FC:3A:D6:83:C9:1E:2A:DA:02
ValidityMon, 12 Feb 2024 17:40:23 GMT - Sun, 12 May 2024 17:40:22 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
7.5 MB (7465209 bytes)
Hash
1b3fe6ee29f02c129514401019c9614c
9225350bc4c91c6b4c15d9709f10bf9f87a75073
f8d8690e00cbe3108ec3198a3242160fa47f0e3402beef9ea644f32a90be0b69

HTTP Headers

GET /drv/common/Logitech_HD_Pro_Webcam_C910_All_13.1.1021.0.zip HTTP/1.1
Host: da-4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx-n.wtf/1.25.2
Date: Sat, 20 Apr 2024 13:10:07 GMT
Content-Type: application/zip
Content-Length: 7465209
Last-Modified: Wed, 26 Oct 2022 18:54:48 GMT
Connection: keep-alive
ETag: "63598278-71e8f9"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (25)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers