Report - dw48.malavida.com/dwn/fa4e900e46c94f8e1c37d4e3035a094ce96acad76883c3a403e066a1acb9429e/SpotifySetup.exe

Report Overview

Visitedpublic

2023-10-20 22:38:05

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
dw48.malavida.com	unknown	2001-05-31	2021-09-16 14:05:50	2023-10-19 22:31:40	559 B	1.0 MB	5.145.168.46

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-10-20	medium	dw48.malavida.com/dwn/fa4e900e46c94f8e1c37d4e3035a094ce96acad76883c3a403e066a1acb9429e/SpotifySetup.exe	files - file ~tmp01925d3f.exe

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

dw48.malavida.com/dwn/fa4e900e46c94f8e1c37d4e3035a094ce96acad76883c3a403e066a1acb9429e/SpotifySetup.exe

IP / ASN

5.145.168.46

#39020 Comvive Servidores S.L.

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows\012- data

Size1.0 MB (1020896 bytes)

MD546bcefb2f70d685447726682b0287f29

SHA1966ae35d79c25dee8113e2ae2a9ea7be91f10871

SHA2566153474cc24b61459869b02a96fcbff619544ebb085584514d5acb76b4fc78bb

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 3/70

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET dw48.malavida.com/dwn/fa4e900e46c94f8e1c37d4e3035a094ce96acad76883c3a403e066a1acb9429e/SpotifySetup.exe

5.145.168.46

200 OK

1.0 MB

URL

dw48.malavida.com/dwn/fa4e900e46c94f8e1c37d4e3035a094ce96acad76883c3a403e066a1acb9429e/SpotifySetup.exe

IP / ASN

5.145.168.46

#39020 Comvive Servidores S.L.

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows\012- data

First Seen2023-08-17

Last Seen2023-10-21

Times Seen13

Size1.0 MB (1020896 bytes)

MD546bcefb2f70d685447726682b0287f29

SHA1966ae35d79c25dee8113e2ae2a9ea7be91f10871

SHA2566153474cc24b61459869b02a96fcbff619544ebb085584514d5acb76b4fc78bb

Certificate Info

IssuerSectigo Limited

Subject*.malavida.com

FingerprintDD:AD:14:1C:69:D1:86:8F:20:49:51:28:42:E5:20:08:49:C8:28:B2

ValidityMon, 12 Jun 2023 00:00:00 GMT - Thu, 11 Jul 2024 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 3/70

HTTP Headers

GET /dwn/fa4e900e46c94f8e1c37d4e3035a094ce96acad76883c3a403e066a1acb9429e/SpotifySetup.exe HTTP/1.1
Host: dw48.malavida.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 20 Oct 2023 22:37:48 GMT
server: Apache
accept-ranges: bytes
cache-control: public
x-robots-tag: noindex
last-modified: Tue, 29 Aug 2023 16:52:02 GMT
content-length: 1020896
content-type: application/x-dosexec
X-Firefox-Spdy: h2