Report - disk-tool.com/download/mde/mde-free-portable.zip

Report Overview

Submitted URL
disk-tool.com/download/mde/mde-free-portable.zip
IP
97.74.237.214
ASN
#398101 GO-DADDY-COM-LLC
Submitted
2024-04-18 02:38:10
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
disk-tool.com	unknown	2013-06-19	2014-03-09	2024-04-11	502 B	16 MB	97.74.237.214

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
disk-tool.com/download/mde/mde-free-portable.zip
IP
97.74.237.214
ASN
#398101 GO-DADDY-COM-LLC

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
16 MB (16533540 bytes)
Hash
ed51c9b300d70839c7cd595620e8d5be
208c395118d23702ac1ea10b6bc0600d50b62bd8
31fad29cd47acb82b74d8aa137ee423ada14c7f17715aa483e7a94edbed44073

Archive (64)

Filename

Md5

File type

core.dll

e5dc349bdbca74f02b896d133d595e3a

Zip archive data, at least v1.0 to extract, compression method=store

core2.dll

9624d6114f7269c3bceb63fdc830fc4c

Zip archive data, at least v2.0 to extract, compression method=deflate

dm.api

1f69760bcbd1d3bb2c8769bf522096fc

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

dm.exe

040f1de70be0de933a89cf76f8509957

PE32+ executable (GUI) x86-64, for MS Windows, 9 sections

ARJ.lng

abd7185153591031ec9fe73d4bcbab9f

data

BGR.lng

206af5b888bdc4fd97da6afe8894fd6e

data

CHS.lng

31b424ce65de120ed7cb7be9fe24b870

data

CHT.lng

518c3891c1fae5609b90df4dad0a039c

data

CSY.lng

cce8d89297001f31f982adc82b497cc1

data

DEU.lng

1949b9daf5682d897e9fc1b397389aa3

data

ELL.lng

d4e10cbf65d68ad50ec06c7b974560d3

data

ENG.lng

1451371a4a3a952f0572d30a69ecf2a0

data

ESP.lng

0173569bbd6b4d8d5992d9e336430bf5

data

FIN.lng

3751f91c7b7bad30ae6cfe3a81a5282a

data

FRA.lng

18c07d14a46b2a01ed260cf4ecb0bd74

data

HEB.lng

b301d26340968a161305b5f0a33ee996

data

HRV.lng

7399fd85b6f20e36348531f7e557b284

data

HUN.lng

656348d7ce156b3819067538e91b416f

data

ITA.lng

2c8ef900941c03ec62c1a4f0ad49fbd4

data

JPN.lng

73017bdea9fb7704f96a3529d6b7ae4d

data

KOR.lng

647a65313622c0bce578027aac2def26

data

NLD.lng

7f0344c83914e05c72be35df2462bfa7

data

NOR.lng

cfcbecfb3e13aa6a98ce0ad6d6671901

data

PLK.lng

22333ce331e15fd0faba936d94ce8533

data

PTG.lng

b716d2af583ef86d8f6ff282456efc2c

data

ROM.lng

995e5c5ccdc28abe1a41e7f067aa5cd5

data

RUS.lng

9bdf29048a472f3b96df5aad4b4ced38

data

SLV.lng

aa025d9b822c565e00545290e0636dec

data

SVE.lng

8fb44a8d9587ad1cf31b0bfedd819ba7

data

TRK.lng

1f5fdb3d477432af4732dcb32076719d

data

UKR.lng

b3209179bf6c45bbae2ce45e00ebce8c

data

readme.url

1f4e63ff86d638c7bbbffada786f7116

ASCII text, with CRLF line terminators

core.dll

e5dc349bdbca74f02b896d133d595e3a

Zip archive data, at least v1.0 to extract, compression method=store

core2.dll

9624d6114f7269c3bceb63fdc830fc4c

Zip archive data, at least v2.0 to extract, compression method=deflate

dm.api

aaa77537079d45e03a30290a69de6438

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

dm.exe

76a4e1c4688e540b290b0267b7723c14

PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections

ARJ.lng

abd7185153591031ec9fe73d4bcbab9f

data

BGR.lng

206af5b888bdc4fd97da6afe8894fd6e

data

CHS.lng

31b424ce65de120ed7cb7be9fe24b870

data

CHT.lng

518c3891c1fae5609b90df4dad0a039c

data

CSY.lng

cce8d89297001f31f982adc82b497cc1

data

DEU.lng

1949b9daf5682d897e9fc1b397389aa3

data

ELL.lng

d4e10cbf65d68ad50ec06c7b974560d3

data

ENG.lng

1451371a4a3a952f0572d30a69ecf2a0

data

ESP.lng

0173569bbd6b4d8d5992d9e336430bf5

data

FIN.lng

3751f91c7b7bad30ae6cfe3a81a5282a

data

FRA.lng

18c07d14a46b2a01ed260cf4ecb0bd74

data

HEB.lng

b301d26340968a161305b5f0a33ee996

data

HRV.lng

7399fd85b6f20e36348531f7e557b284

data

HUN.lng

656348d7ce156b3819067538e91b416f

data

ITA.lng

2c8ef900941c03ec62c1a4f0ad49fbd4

data

JPN.lng

73017bdea9fb7704f96a3529d6b7ae4d

data

KOR.lng

647a65313622c0bce578027aac2def26

data

NLD.lng

7f0344c83914e05c72be35df2462bfa7

data

NOR.lng

cfcbecfb3e13aa6a98ce0ad6d6671901

data

PLK.lng

22333ce331e15fd0faba936d94ce8533

data

PTG.lng

b716d2af583ef86d8f6ff282456efc2c

data

ROM.lng

995e5c5ccdc28abe1a41e7f067aa5cd5

data

RUS.lng

9bdf29048a472f3b96df5aad4b4ced38

data

SLV.lng

aa025d9b822c565e00545290e0636dec

data

SVE.lng

8fb44a8d9587ad1cf31b0bfedd819ba7

data

TRK.lng

1f5fdb3d477432af4732dcb32076719d

data

UKR.lng

b3209179bf6c45bbae2ce45e00ebce8c

data

readme.url

1f4e63ff86d638c7bbbffada786f7116

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence
VirusTotal	suspicious	VirusTotal - Scan result 2/61

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

disk-tool.com/download/mde/mde-free-portable.zip

97.74.237.214

200 OK

16 MB

URL User Request GET HTTP/1.1
disk-tool.com/download/mde/mde-free-portable.zip
IP
97.74.237.214:443
ASN
#398101 GO-DADDY-COM-LLC

Certificate
IssuerGoDaddy.com, Inc.
Subjectdisk-tool.com
Fingerprint23:E7:03:C3:61:15:7A:FE:B1:D2:4F:E0:6E:42:3E:21:13:2E:31:BE
ValiditySun, 29 Oct 2023 06:09:58 GMT - Fri, 29 Nov 2024 06:09:58 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
16 MB (16533540 bytes)
Hash
ed51c9b300d70839c7cd595620e8d5be
208c395118d23702ac1ea10b6bc0600d50b62bd8
31fad29cd47acb82b74d8aa137ee423ada14c7f17715aa483e7a94edbed44073

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/61

HTTP Headers

GET /download/mde/mde-free-portable.zip HTTP/1.1
Host: disk-tool.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 02:37:37 GMT
Server: Apache
Last-Modified: Thu, 11 Apr 2024 09:54:25 GMT
Accept-Ranges: bytes
Content-Length: 16533540
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (64)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers