Report - www.goforprink.com/prinkgest/install/install.zip

Report Overview

Visited public
2024-07-01 06:31:36
Tags
URL
www.goforprink.com/prinkgest/install/install.zip
Finishing URL
about:privatebrowsing
IP / ASN
185.43.44.65
#61047 SAS Kalanda
Title
about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

0

Threat Detection Systems

13

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-29 18:13:04	2.6 kB	7.1 kB	23.36.76.226
www.goforprink.com	unknown	2012-01-30	2017-06-21 01:40:25	2022-08-01 08:45:25	418 B	18 MB	185.43.44.65

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.goforprink.com/prinkgest/install/install.zip
IP
185.43.44.65
ASN
#61047 SAS Kalanda

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
18 MB (18028467 bytes)
Hash
0c1c2d4c712a1bd548dbec1264cfee64
d05916e98ba20ce90ad10cc09da6596b92ef6b8f
1a6c331ef15cbd2c52c24ddff59bde1896ea3ae03bd5506ac3fff6d5bd66f411

Archive (20)

Filename

Md5

File type

INST.WXF

cd7a026d57e8fc24d41aa5e4ef0c1374

data

ServeursWeb.wdk

6455df892bcdb04a351c3b3bd0d6cfd3

data

WD200COM.DLL

fd400580db219062a49799b1eca7ec0a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

WD200HF.DLL

82a279a271ee828559ee883e0c2bd096

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

WD200IMG.DLL

bfb7da508df532cca0330d86bdf9cd89

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

WD200MAT.DLL

782fc392aba97fd0927a0b61493b50a4

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

WD200OBJ.DLL

3e34df162ed258f07afa9535352db604

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

WD200OLE.DLL

c557c826e571a22de60f08d9501f9aa4

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

WD200PNT.DLL

93086fd851521dac4500548e2d1eaf2e

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

WD200RPL.DLL

a387c282a9dac6e8e1996bfc61636c28

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

WD200STD.DLL

343654bf4e98cbd9cbcde812f33723e7

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

WD200UNI.DLL

4444010c311411a39ea6411fc16b9ef4

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

WD200VM.DLL

5b0c337dca22da45c4f360e3eb28f3fe

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

WD200ZIP.DLL

22495c9738ba028ef29575646aa81928

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

WDMetabase.dll

18eb1ee590865f85148ce2a3b427e02d

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

WDMOD200.dll

ef26a30550ab7568357980ba18df7ed0

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

WDSetup.EXE

2436e8373452ceec767da6b283ddecb0

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

WDSetupFont.ttf

1bf71be111189e76987a4bb9b3115cb7

TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 30 names, Macintosh, Digitized data copyright � 2010-2011, Google Corporation.Open Sans LightRegularAscender - Open S

WDSetupFontLicence.txt

d273d63619c9aeaf15cdaf76422c4f87

ASCII text, with CRLF line terminators

WDUPDATE.NET

c8a35120ff7038d8e3be5d111a6959e1

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (9)

	URL	IP	Response	Size
	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash b7dbdd91e33b4b40b990affe38907ed8 8c1dc814dfd071e0c4dcfc0f5429eb7c221d609a 842512e65717b866647d52bc726c962cc42c7e2027c53a2b5b79d7b86d2e50fc HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "842512E65717B866647D52BC726C962CC42C7E2027C53A2B5B79D7B86D2E50FC" Last-Modified: Sun, 30 Jun 2024 13:53:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7808 Expires: Mon, 01 Jul 2024 08:41:12 GMT Date: Mon, 01 Jul 2024 06:31:04 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash f6d043d7b5e98906db1fe2695e98859c 154db889ef567d2839bb7eaa15818cd546495b4f f4fcc79261acda8e1cb81b9fc6524ee560b60740b0cf8107308dc82750dc079a HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "F4FCC79261ACDA8E1CB81B9FC6524EE560B60740B0CF8107308DC82750DC079A" Last-Modified: Sat, 29 Jun 2024 23:47:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=12882 Expires: Mon, 01 Jul 2024 10:05:46 GMT Date: Mon, 01 Jul 2024 06:31:04 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash cbf18fc0b8495e9002d75d18377ee564 26efedcb55b771589d559b798261c86a87c0b313 3358d5f916c82bb4d1a67b717d2a280302e3f54a687893b0c2556c93616cbdfb HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "3358D5F916C82BB4D1A67B717D2A280302E3F54A687893B0C2556C93616CBDFB" Last-Modified: Sat, 29 Jun 2024 16:21:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=17199 Expires: Mon, 01 Jul 2024 11:17:43 GMT Date: Mon, 01 Jul 2024 06:31:04 GMT Connection: keep-alive`

	www.goforprink.com/prinkgest/install/install.zip	185.43.44.65	200 OK	18 MB
URL User Request GET HTTP/1.1 www.goforprink.com/prinkgest/install/install.zip IP 185.43.44.65:80 ASN #61047 SAS Kalanda File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 18 MB (18028467 bytes) Hash 0c1c2d4c712a1bd548dbec1264cfee64 d05916e98ba20ce90ad10cc09da6596b92ef6b8f 1a6c331ef15cbd2c52c24ddff59bde1896ea3ae03bd5506ac3fff6d5bd66f411 HTTP Headers `GET /prinkgest/install/install.zip HTTP/1.1 Host: www.goforprink.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/x-zip-compressed Last-Modified: Fri, 02 Jun 2017 19:41:43 GMT Accept-Ranges: bytes ETag: "c24d843d8dbd21:0" Server: Microsoft-IIS/7.0 X-Powered-By: ASP.NET Date: Mon, 01 Jul 2024 06:31:04 GMT Content-Length: 18028467`

	r10.o.lencr.org/	2.23.172.201		504 B
URL r10.o.lencr.org/ IP 2.23.172.201:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash c4b71305103f33b56dd398fb1f3fa9fe 6237cf96ced2a5d69a73769180ae8250221727ea 4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34" Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7077 Expires: Mon, 01 Jul 2024 08:29:04 GMT Date: Mon, 01 Jul 2024 06:31:07 GMT Connection: keep-alive`

	r10.o.lencr.org/	2.23.172.201		504 B
URL r10.o.lencr.org/ IP 2.23.172.201:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash c4b71305103f33b56dd398fb1f3fa9fe 6237cf96ced2a5d69a73769180ae8250221727ea 4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34" Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7077 Expires: Mon, 01 Jul 2024 08:29:04 GMT Date: Mon, 01 Jul 2024 06:31:07 GMT Connection: keep-alive`

	r10.o.lencr.org/	2.23.172.201		504 B
URL r10.o.lencr.org/ IP 2.23.172.201:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash c4b71305103f33b56dd398fb1f3fa9fe 6237cf96ced2a5d69a73769180ae8250221727ea 4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34" Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7077 Expires: Mon, 01 Jul 2024 08:29:04 GMT Date: Mon, 01 Jul 2024 06:31:07 GMT Connection: keep-alive`

	r10.o.lencr.org/	2.23.172.201		504 B
URL r10.o.lencr.org/ IP 2.23.172.201:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash c4b71305103f33b56dd398fb1f3fa9fe 6237cf96ced2a5d69a73769180ae8250221727ea 4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34" Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7077 Expires: Mon, 01 Jul 2024 08:29:04 GMT Date: Mon, 01 Jul 2024 06:31:07 GMT Connection: keep-alive`

	r10.o.lencr.org/	2.23.172.201		504 B
URL r10.o.lencr.org/ IP 2.23.172.201:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash c4b71305103f33b56dd398fb1f3fa9fe 6237cf96ced2a5d69a73769180ae8250221727ea 4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34" Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7077 Expires: Mon, 01 Jul 2024 08:29:04 GMT Date: Mon, 01 Jul 2024 06:31:07 GMT Connection: keep-alive`