Report - didierstevens.com/files/software/oledump-beta.zip

Report Overview

Visited public
2025-03-09 20:31:45
Tags
Submit Tags
URL
didierstevens.com/files/software/oledump-beta.zip
Finishing URL
about:privatebrowsing
IP / ASN
96.126.103.196
#63949 Akamai Connected Cloud
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
didierstevens.com	unknown	2006-06-12	2017-02-03	2025-03-05	517 B	81 kB	96.126.103.196

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
didierstevens.com/files/software/oledump-beta.zip
IP
96.126.103.196
ASN
#63949 Akamai Connected Cloud

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
81 kB (80602 bytes)
Hash
6b2f81410c9db409e55a05aeb2e8342b
3aa6d0654694bad7b89fb19a92f7301f8533ea8a
e80244c87e11e516f5d7245224828ba15c4079efe16582fe785d6e307c04b657

Archive (6)

Filename

Md5

File type

oledump.py

394bff16a3a5a20f80e5dd269760e748

Python script, ASCII text executable

test-embedded-exe.xls

cd65cfe5b0af8b7cce86aef858977a36

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: testuser1, Last Saved By: testuser1, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Aug 25 21:37:05 2014, Last Saved Time/Date: Mon Aug 25 21:37:59 2014, Security: 0

test-embedded-txt.xls

629a18b80e8644b8347e23b1fea09c41

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: testuser1, Last Saved By: testuser1, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Aug 25 21:38:25 2014, Last Saved Time/Date: Mon Aug 25 21:39:32 2014, Security: 0

test-vba-protected.xls

7ecd631c983c87b84b6adf59461c16ba

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: testuser1, Last Saved By: testuser1, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Aug 25 21:24:49 2014, Last Saved Time/Date: Mon Aug 25 22:07:38 2014, Security: 0

test-vba.xls

1d8cc133a92b9cf04b16000274c0c109

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: testuser1, Last Saved By: testuser1, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Aug 25 21:24:49 2014, Last Saved Time/Date: Mon Aug 25 21:26:09 2014, Security: 0

test-vba.xlsm

3bfe46f163853abba2c3eafb0888bcd9

Microsoft Excel 2007+

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 6/55

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET didierstevens.com/files/software/oledump-beta.zip

96.126.103.196

200 OK

81 kB

URL User Request GET
didierstevens.com/files/software/oledump-beta.zip
IP
96.126.103.196:443
ASN
#63949 Akamai Connected Cloud

Certificate
IssuerLet's Encrypt
Subjectdidierstevens.com
FingerprintE0:B1:EE:54:B1:37:BF:4E:99:2C:8D:FA:84:ED:9F:02:25:E2:A6:C2
ValidityMon, 03 Feb 2025 20:09:03 GMT - Sun, 04 May 2025 20:09:02 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
81 kB (80602 bytes)
Hash
6b2f81410c9db409e55a05aeb2e8342b
3aa6d0654694bad7b89fb19a92f7301f8533ea8a
e80244c87e11e516f5d7245224828ba15c4079efe16582fe785d6e307c04b657

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 6/55

HTTP Headers

GET /files/software/oledump-beta.zip HTTP/1.1
Host: didierstevens.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 09 Mar 2025 20:31:26 GMT
Server: Apache
Last-Modified: Tue, 26 Aug 2014 08:38:13 GMT
ETag: "46081-13ada-5018439590740"
Accept-Ranges: bytes
Content-Length: 80602
Connection: close
Content-Type: application/zip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (6)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers