Report - setup.pekora.zip/ProjectXPlayerLauncher.exe

Report Overview

Visitedpublic

2025-01-05 14:34:27

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
setup.pekora.zip	unknown	2024-12-16	2024-12-21	2025-01-04	497 B	706 kB	172.67.144.192

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-01-05	medium	pekora.zip	Sinkholed

ThreatFox

No alerts detected

File detected

URL

setup.pekora.zip/ProjectXPlayerLauncher.exe

IP / ASN

172.67.144.192

#13335 CLOUDFLARENET

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Size706 kB (705536 bytes)

MD5073f1916542ee2817c9760f0c0367334

SHA1ef41394d8ebcc6f157b2a5835236dfc4cdfff927

SHA2566a51fd09f20a918cb416a84716f91219d0af5d2d3b1ffe7d4075d97f4cac89cf

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 27/72

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET setup.pekora.zip/ProjectXPlayerLauncher.exe

172.67.144.192

200 OK

706 kB

URL

setup.pekora.zip/ProjectXPlayerLauncher.exe

IP / ASN

172.67.144.192

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

First Seen2024-12-21

Last Seen2025-05-16

Times Seen12

Size706 kB (705536 bytes)

MD5073f1916542ee2817c9760f0c0367334

SHA1ef41394d8ebcc6f157b2a5835236dfc4cdfff927

SHA2566a51fd09f20a918cb416a84716f91219d0af5d2d3b1ffe7d4075d97f4cac89cf

Certificate Info

IssuerGoogle Trust Services

Subjectdeb1fe9d.sni.cloudflaressl.com

Fingerprint3F:AE:A7:D1:1F:78:61:A6:6B:3F:88:59:3D:1F:C9:59:11:75:72:9F

ValidityWed, 18 Dec 2024 17:03:41 GMT - Tue, 18 Mar 2025 18:03:32 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
VirusTotal	malicious	VirusTotal - Scan result 27/72

HTTP Headers

GET /ProjectXPlayerLauncher.exe HTTP/1.1
Host: setup.pekora.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 Jan 2025 14:34:01 GMT
content-type: application/x-msdownload
content-length: 705536
etag: "073f1916542ee2817c9760f0c0367334"
last-modified: Wed, 18 Dec 2024 23:02:20 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4203
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CkndmnELTKqpPdKR1i%2Bk%2BHFbecIAOIVVxlLrLMCI1mk8u1xGt6brg9PomTinqXIOMS%2BaGEBY6uYsdXdiccCQzXFq3BIXYgr9cJ%2FbMs1uNevvX11iZjfO5wGCLeFhHfM4oHwH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fd42fd2382fb521-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=709&min_rtt=482&rtt_var=300&sent=6&recv=10&lost=0&retrans=0&sent_bytes=3241&recv_bytes=1137&delivery_rate=7661375&cwnd=253&unsent_bytes=0&cid=6965829da9c04d16&ts=46&x=0"
X-Firefox-Spdy: h2