Report - dl002.liqucn.com/600239e6cfa89c0cb02f8ab09a377d56/6815a32d/upload/2024/1506/s/system-ninja-portable-3.1.zip

Report Overview

Visited public
2025-05-03 05:15:27
Tags
URL
dl002.liqucn.com/600239e6cfa89c0cb02f8ab09a377d56/6815a32d/upload/2024/1506/s/system-ninja-portable-3.1.zip
Finishing URL
about:privatebrowsing
IP / ASN
61.170.80.223
#4812 China Telecom Group
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dl002.liqucn.com	unknown	2010-05-09	2022-06-03	2025-04-10	575 B	2.4 MB	61.170.77.51

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
dl002.liqucn.com/600239e6cfa89c0cb02f8ab09a377d56/6815a32d/upload/2024/1506/s/system-ninja-portable-3.1.zip
IP
61.170.77.51
ASN
#4812 China Telecom Group

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.4 MB (2362928 bytes)
Hash
e857302b4dfbbcadb93675ca1a00cd2f
918d3505a42eb8cf406891700116c4f2725cceea
ff8c761faf01490e9efef725b1aa9c26d1e978915a18cf4d4dc60f08e6fccb77

Archive (33)

Filename

Md5

File type

Readme-说明.htm

21172991bbc600d35ee1e8267a67f7af

HTML document, ISO-8859 text, with CRLF line terminators

System Ninja.exe

8b1acf31923e0173573c1893c2016c1a

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

preinstalled.ninjascript

85da17e5ea5690276733bf78c32199c2

ASCII text, with very long lines (1180), with no line terminators

winapp2.ini

a5fdc49448222d45acda902c20149145

ASCII text, with CRLF line terminators

SystemNotes.ninjaplugin.png

f7049af22797ac8a14e906247a0322c7

PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced

SystemNotes.ninjaplugin.dll

301fe07b5883541858e763a963c3f0c6

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

CleanSync.exe

4def4d94603a759b06cb7d527f6fec0f

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

license.rtf

5281bb91a0c3c8482bcd49818e255305

Rich Text Format data, version 1, ANSI, code page 1252, default language ID 3081

lang.Czech.locale

cbbb408e595eda3381dbb5b51111d8e1

Unicode text, UTF-8 text, with very long lines (387), with CRLF line terminators

lang.Brazilian.locale

55cbf0edf0d9ae987e01ad6085aff9de

Unicode text, UTF-8 (with BOM) text, with very long lines (339), with CRLF line terminators

lang.Dutch.locale

2cbe80c8af4ed1f770531f85f76515b6

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

lang.Russian.locale

e44624db52a27cccc48b45013fb19547

Unicode text, UTF-8 text, with very long lines (355), with CRLF line terminators

lang.French.locale

afb7444443d7272a140a2b7f558fa72c

Unicode text, UTF-8 (with BOM) text, with very long lines (325), with CRLF line terminators

lang.Finnish.locale

47f1e01fd107a9e4471b674f2cfcfc19

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

lang.Chinese (Simplified).locale

5c10d6933d9e5f0b063d5c310e185026

Unicode text, UTF-8 text, with CRLF line terminators

lang.Ukrainian.locale

65e7761e9e5ef9d63dccaf69afb80678

Unicode text, UTF-8 (with BOM) text, with very long lines (356), with CRLF line terminators

lang.Hungarian.locale

5b39d6dcd454e60358849cfea12307b6

Unicode text, UTF-8 text, with very long lines (371), with CRLF line terminators

lang.Turkish.locale

c3dcc211a6a019151b6e5a24df050c81

Unicode text, UTF-8 text, with very long lines (439), with CRLF line terminators

lang.German.locale

bd2b0ac39138f226380b5372489690f7

ISO-8859 text, with CRLF line terminators

systemninja.manifest

86d4bbd535532e0e231e3732b75599cc

ASCII text, with CRLF line terminators

lang.Italian.locale

94fd92d8fc62378798b544b1d82464ad

Unicode text, UTF-8 (with BOM) text, with very long lines (335), with CRLF line terminators

lang.Swedish.locale

393a6c226c2c099a32e1a03f2b518d9c

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

lang.Polski.locale

3667e3e3f655669e658c66208980b240

Unicode text, UTF-8 (with BOM) text, with very long lines (397), with CRLF line terminators

output_strings.false

d41d8cd98f00b204e9800998ecf8427e

lang.Vietnamese.locale

f5a8eb69ad302a3b5236cb14e46ca19d

data

lang.Norwegian.locale

a79b692f79c661cd2f688b57953cf82e

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

lang.Spanish.locale

c5a4ea6b86083ff52fe701f46706a16d

Unicode text, UTF-8 text, with very long lines (320), with CRLF line terminators

DevComponents.DotNetBar2.dll

d068ce38f5f9caed1e63ffb1169ede92

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 5 sections

ProcessManager.dll

e4df8ebbfd80c137a3d6736db0c55b97

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SystemAnalysis.dll

1423ac6bbb187fb7af4ad3eec88a8aae

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SoftwareUninstaller.dll

0e429ef9aa421dfd82bf832a809509f7

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Ninja.Hardware.dll

86de8a335f38899928d6489dd3932289

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

StartupManager.dll

f6f5c5686ca10ab29fd1ace94a8098fa

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	dl002.liqucn.com/600239e6cfa89c0cb02f8ab09a377d56/6815a32d/upload/2024/1506/s/system-ninja-portable-3.1.zip	61.170.77.51	200 OK	2.4 MB
URL User Request GET dl002.liqucn.com/600239e6cfa89c0cb02f8ab09a377d56/6815a32d/upload/2024/1506/s/system-ninja-portable-3.1.zip IP 61.170.77.51:443 ASN #4812 China Telecom Group Certificate IssuerGoogle Trust Services Subjectliqucn.com FingerprintC4:D6:52:BF:70:33:3B:77:C3:C0:64:C2:72:77:A9:DE:18:ED:94:A2 ValidityMon, 14 Apr 2025 01:35:34 GMT - Sun, 13 Jul 2025 01:35:33 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 2.4 MB (2362928 bytes) Hash e857302b4dfbbcadb93675ca1a00cd2f 918d3505a42eb8cf406891700116c4f2725cceea ff8c761faf01490e9efef725b1aa9c26d1e978915a18cf4d4dc60f08e6fccb77 HTTP Headers GET /600239e6cfa89c0cb02f8ab09a377d56/6815a32d/upload/2024/1506/s/system-ninja-portable-3.1.zip HTTP/1.1 Host: dl002.liqucn.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 OK Server: Tengine Content-Type: application/zip Content-Length: 2362928 Connection: keep-alive Date: Sat, 03 May 2025 05:01:35 GMT x-oss-request-id: 6815A32FF275553530BBA46C x-oss-cdn-auth: success Accept-Ranges: bytes ETag: "E857302B4DFBBCADB93675CA1A00CD2F" Last-Modified: Sun, 29 Dec 2024 23:38:19 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 16240823020860597367 x-oss-storage-class: Standard x-oss-server-time: 34 Via: cache14.l2cn8000[0,0,206-0,H], cache19.l2cn8000[2,0], ens-cache6.cn6020[30,30,200-0,M], ens-cache5.cn6020[39,0] Age: 799 Ali-Swift-Global-Savetime: 1746248495 X-Cache: MISS TCP_MISS dirn:-2:-2 mlen:2362928 X-Swift-SaveTime: Sat, 03 May 2025 05:14:54 GMT X-Swift-CacheTime: 31103201 Timing-Allow-Origin: * EagleId: 3daa4d1917462492949485033e

dl002.liqucn.com/600239e6cfa89c0cb02f8ab09a377d56/6815a32d/upload/2024/1506/s/system-ninja-portable-3.1.zip

61.170.77.51

200 OK

2.4 MB

URL User Request GET
dl002.liqucn.com/600239e6cfa89c0cb02f8ab09a377d56/6815a32d/upload/2024/1506/s/system-ninja-portable-3.1.zip
IP
61.170.77.51:443
ASN
#4812 China Telecom Group

Certificate
IssuerGoogle Trust Services
Subjectliqucn.com
FingerprintC4:D6:52:BF:70:33:3B:77:C3:C0:64:C2:72:77:A9:DE:18:ED:94:A2
ValidityMon, 14 Apr 2025 01:35:34 GMT - Sun, 13 Jul 2025 01:35:33 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.4 MB (2362928 bytes)
Hash
e857302b4dfbbcadb93675ca1a00cd2f
918d3505a42eb8cf406891700116c4f2725cceea
ff8c761faf01490e9efef725b1aa9c26d1e978915a18cf4d4dc60f08e6fccb77

HTTP Headers

GET /600239e6cfa89c0cb02f8ab09a377d56/6815a32d/upload/2024/1506/s/system-ninja-portable-3.1.zip HTTP/1.1
Host: dl002.liqucn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/zip
Content-Length: 2362928
Connection: keep-alive
Date: Sat, 03 May 2025 05:01:35 GMT
x-oss-request-id: 6815A32FF275553530BBA46C
x-oss-cdn-auth: success
Accept-Ranges: bytes
ETag: "E857302B4DFBBCADB93675CA1A00CD2F"
Last-Modified: Sun, 29 Dec 2024 23:38:19 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 16240823020860597367
x-oss-storage-class: Standard
x-oss-server-time: 34
Via: cache14.l2cn8000[0,0,206-0,H], cache19.l2cn8000[2,0], ens-cache6.cn6020[30,30,200-0,M], ens-cache5.cn6020[39,0]
Age: 799
Ali-Swift-Global-Savetime: 1746248495
X-Cache: MISS TCP_MISS dirn:-2:-2 mlen:2362928
X-Swift-SaveTime: Sat, 03 May 2025 05:14:54 GMT
X-Swift-CacheTime: 31103201
Timing-Allow-Origin: *
EagleId: 3daa4d1917462492949485033e

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (33)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers