Report - shopsite.erp321.com/setup/plugin/assistant/drivers/DriverManager.exe

Report Overview

Visitedpublic

2025-04-23 05:23:16

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
shopsite.erp321.com	unknown	2014-05-08	2022-07-11	2025-04-21	536 B	607 kB	217.198.191.72

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-04-23	medium	shopsite.erp321.com/setup/plugin/assistant/drivers/DriverManager.exe	files - file ~tmp01925d3f.exe

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

shopsite.erp321.com/setup/plugin/assistant/drivers/DriverManager.exe

IP / ASN

217.198.191.72

#21859 ZEN-ECN

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Size606 kB (606208 bytes)

MD5bc9b9f9a6ce488dc0650982ab0c9174f

SHA131961cb6513833250acef357a008b3681cb7b6f0

SHA2568b56a0f148cee4c6c74e4cf07a5a848402a2cd2f7f7aace46d050f292480026f

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET shopsite.erp321.com/setup/plugin/assistant/drivers/DriverManager.exe

217.198.191.72

200 OK

606 kB

URL

shopsite.erp321.com/setup/plugin/assistant/drivers/DriverManager.exe

IP / ASN

217.198.191.72

#21859 ZEN-ECN

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

First Seen2023-11-24

Last Seen2025-04-30

Times Seen34

Size606 kB (606208 bytes)

MD5bc9b9f9a6ce488dc0650982ab0c9174f

SHA131961cb6513833250acef357a008b3681cb7b6f0

SHA2568b56a0f148cee4c6c74e4cf07a5a848402a2cd2f7f7aace46d050f292480026f

Certificate Info

IssuerDigiCert, Inc.

Subject*.erp321.com

FingerprintDA:67:FE:AF:D3:E1:E1:78:DD:93:85:FF:EF:5D:0B:26:75:BE:5A:D3

ValidityMon, 08 Jul 2024 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

HTTP Headers

GET /setup/plugin/assistant/drivers/DriverManager.exe HTTP/1.1
Host: shopsite.erp321.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/octet-stream
Content-Length: 606208
Connection: keep-alive
Date: Wed, 23 Apr 2025 05:22:45 GMT
x-oss-request-id: 68087925EAC5D23432DB0440
Accept-Ranges: bytes
ETag: "BC9B9F9A6CE488DC0650982AB0C9174F"
Last-Modified: Mon, 23 Oct 2023 01:20:18 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8259041134946509848
x-oss-storage-class: Standard
x-oss-meta-upload: AliYunOssRepository
Cache-Control: No-Cache
Content-MD5: vJufmmzkiNwGUJgqsMkXTw==
x-oss-server-time: 11
cache-via: cache.n104-166-141-012.bdcdn-defra02
X-Dsa-Origin-Status: 200
X-Bdsa-Cache-Status: MISS
Cache-Via-Status: cache.n104-166-141-012.bdcdn-defra02(MISS)
X-Bdsa-Cache-Tm: 0-0
via: n104-166-141-002.bdcdn-defra02.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 17453857655b9f2b76b29c4360225662862153cc38
server-timing: cdn-cache;desc=MISS, origin;dur=975, edge;dur=0
Access-Control-Allow-Origin: *