Report - static.dhsf.xqhuyu.com/box/Package/game.zip

Report Overview

Submitted URL
static.dhsf.xqhuyu.com/box/Package/game.zip
IP
47.246.44.238
ASN
#24429 Zhejiang Taobao Network Co.,Ltd
Submitted
2024-04-16 18:21:26
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
13

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
static.dhsf.xqhuyu.com	unknown	2018-03-02	2022-06-03	2024-04-15	497 B	8.3 MB	47.246.44.239
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-16	512 B	6.5 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
static.dhsf.xqhuyu.com/box/Package/game.zip
IP
47.246.44.239
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
8.3 MB (8302926 bytes)
Hash
342eaba8db5baa9e399c3b43341e6d54
9dae8b04eb94f866a8220f48b055319efc637449
ef42fba27773ff61af7618fe527170bb7885dfa4a38f45628c7b3662b095f03f

Archive (21)

Filename

Md5

File type

OpenAL32.dll

a14232149002f06e5ceeade23a9aae99

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections

cq.exe

650607f8d1dd649fcc60d0407cee9732

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

glew32.dll

2baa7b8f8641b7f2d5ba6a96f5e17ec7

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

iconv.dll

be6f159ded6aaa2b759bf15b6ea49584

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

libcocos2d.dll

bbda3df60831f8571b591b27a5e86ca6

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

libcrypto-1_1.dll

57e3f976ef5b9014d50769e44b65d1ec

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

libcurl.dll

eae8e05f56fdc8db17fdc66f72870b1f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

libmpg123.dll

c0d7c00c9e7177e92ea419d0b7e46a58

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

libogg.dll

44ce4eaa36252e28d60956806d1398c5

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

libssl-1_1.dll

02fb573512213260c77a79bcfe7609e2

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

libtiff.dll

fdaf4a360d40725fe31f3ae14f6df6fe

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

libvorbis.dll

e9753435441e4470d63d534f9150012f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

libvorbisfile.dll

3bc7bd15f2068ac03dc3f2ecbd65b65e

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

lua51.dll

f89f7cb8d992b8169d25469ae8813bfa

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

msvcp120.dll

fd5cabbe52272bd76007b68186ebaf00

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

msvcr100.dll

485628973bf9219dda161bfcad1378f3

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

msvcr110.dll

4ba25d2cbe1587a841dcfb8c8c4a6ea6

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

msvcr120.dll

034ccadc1c073e4216e9466b720f9849

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

sqlite3.dll

3c8458fcd76f99e6929c5acc8eace6f0

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

websockets.dll

68e13c02c9e08d1b9165465489c6099e

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

zlib1.dll

da8bde1e71113f6f03b4e850b0b8be7b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 1/64

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

static.dhsf.xqhuyu.com/box/Package/game.zip

47.246.44.239

200 OK

8.3 MB

URL User Request GET HTTP/2
static.dhsf.xqhuyu.com/box/Package/game.zip
IP
47.246.44.239:443
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Certificate
IssuerDigiCert, Inc.
Subject*.dhsf.xqhuyu.com
FingerprintC2:51:01:CF:65:61:85:79:45:5F:CE:4E:77:84:95:6F:F9:98:AA:F3
ValidityTue, 10 Oct 2023 00:00:00 GMT - Mon, 28 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
8.3 MB (8302926 bytes)
Hash
342eaba8db5baa9e399c3b43341e6d54
9dae8b04eb94f866a8220f48b055319efc637449
ef42fba27773ff61af7618fe527170bb7885dfa4a38f45628c7b3662b095f03f

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/64

HTTP Headers

GET /box/Package/game.zip HTTP/1.1
Host: static.dhsf.xqhuyu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Tengine
content-type: application/zip
content-length: 8302926
date: Mon, 15 Apr 2024 07:47:02 GMT
x-oss-request-id: 661CDB762851783036EF29A3
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "342EABA8DB5BAA9E399C3B43341E6D54"
last-modified: Thu, 21 Jul 2022 07:44:05 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8647799232914083780
x-oss-storage-class: Standard
content-md5: NC6rqNtbqp45nDtDNB5tVA==
x-oss-server-time: 14
ali-swift-global-savetime: 1713167222
via: cache16.l2de2[502,502,200-0,M], cache14.l2de2[504,0], ens-cache3.se2[0,1,200-0,H], ens-cache17.se2[3,0]
age: 124434
x-cache: HIT TCP_HIT dirn:10:142826604
x-swift-savetime: Mon, 15 Apr 2024 07:47:02 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
timing-allow-origin: *
eagleid: 2ff62ca517132916564668447e
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

5.8 kB

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
gzip compressed data, max speed, from Unix
Size
5.8 kB (5759 bytes)
Hash
52a1e40d3746c76b0167007994950370
6c5838f16f22c0778bc428242b26ca65bf64683c
5ca94e7f36b9452fe67eeaf4a9898c2003278f9f9151c572b2cc6178afff781a

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 18:21:15 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=L9rtyUensH6JKMIXUMl3J9Xwldy3aDH2pxaFUOBnlo4gau-860nhjEPoUt5Eyygh5C5tXYzD06L2FZPjn59hRp3wG17IXvjty3Yisf6YryOYSbn1GAAtG9DJuufj9aHp
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2