Report - neszetools.hu/content/download/winaero-tweaker/Winaero%20Tweaker%201.63.0.0%20Portable.zip

Report Overview

Visited public
2025-04-15 21:09:17
Tags
Submit Tags
URL
neszetools.hu/content/download/winaero-tweaker/Winaero%20Tweaker%201.63.0.0%20Portable.zip
Finishing URL
about:privatebrowsing
IP / ASN
217.144.56.151
#62449 Sybell Informatika Kft
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
neszetools.hu	unknown	2011-08-25	2015-12-29	2025-04-15	558 B	4.7 MB	217.144.56.151

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
neszetools.hu/content/download/winaero-tweaker/Winaero%20Tweaker%201.63.0.0%20Portable.zip
IP
217.144.56.151
ASN
#62449 Sybell Informatika Kft

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
4.7 MB (4667366 bytes)
Hash
9f4244068e16540c07bc81ecb248cc05
fffcf3b082a228f12666fc1e892c926e0d650b79
6274f0733f0e01f424e8794e8fef0b4e05fa10451642e2b9244ba42e5326b669

Archive (9)

Filename

Md5

File type

Elevator.exe

3452b73bfd48a180a241cd23f9c847b5

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

no_tab_explorer.exe

fb6e5bd898e6d6369f29a3fe0eda0198

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

Third-party licenses.txt

5e421690b40cd6bb401d166f98879d35

ASCII text, with CRLF line terminators

WinaeroBe�ll�t�sok.ini

7d29ff152f13b5db7940d43755a8e257

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

WinaeroControls.dll

08dff3b716f7382929f613439cf9e835

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

WinaeroTweaker.exe

99c3342a209d92e537879699108f8288

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

WinaeroTweakerHelper.exe

8e0aec38406afacff9487529add32c74

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

WinaeroTweaker_i386.dll

bb3935caccea6dc73487045c7640ae7a

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections

WinaeroTweaker_x86_64.dll

70eeb04906d68a88c75f81d14f0ebf0a

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects ConfuserEx packed file
Public Nextron YARA rules	malware	Detects ConfuserEx packed file
Public Nextron YARA rules	malware	Detects ConfuserEx packed file
VirusTotal	suspicious	VirusTotal - Scan result 3/67

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET neszetools.hu/content/download/winaero-tweaker/Winaero%20Tweaker%201.63.0.0%20Portable.zip

217.144.56.151

200 OK

4.7 MB

URL User Request GET
neszetools.hu/content/download/winaero-tweaker/Winaero%20Tweaker%201.63.0.0%20Portable.zip
IP
217.144.56.151:443
ASN
#62449 Sybell Informatika Kft

Certificate
IssuerLet's Encrypt
Subject*.neszetools.hu
FingerprintC3:8D:91:9B:D3:89:B7:1B:F6:8A:04:D2:75:D6:00:D3:BD:AD:73:1F
ValidityTue, 01 Apr 2025 03:29:07 GMT - Mon, 30 Jun 2025 03:29:06 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
4.7 MB (4667366 bytes)
Hash
9f4244068e16540c07bc81ecb248cc05
fffcf3b082a228f12666fc1e892c926e0d650b79
6274f0733f0e01f424e8794e8fef0b4e05fa10451642e2b9244ba42e5326b669

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/67

HTTP Headers

GET /content/download/winaero-tweaker/Winaero%20Tweaker%201.63.0.0%20Portable.zip HTTP/1.1
Host: neszetools.hu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=2592000
expires: Thu, 15 May 2025 21:08:53 GMT
content-type: application/zip
last-modified: Wed, 03 Jul 2024 15:00:51 GMT
accept-ranges: bytes
content-length: 4667366
date: Tue, 15 Apr 2025 21:08:53 GMT
server: LiteSpeed
x-ua-compatible: IE=Edge,chrome=1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (9)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers