Report - www.nirsoft.net/utils/injecteddll.zip

Report Overview

Visited public
2024-09-26 23:41:07
Tags
URL
www.nirsoft.net/utils/injecteddll.zip
Finishing URL
about:privatebrowsing
IP / ASN
107.190.138.58
#33182 DIMENOC
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-26 18:37:25	1.3 kB	3.5 kB	23.33.119.27
www.nirsoft.net	147497	2004-08-26	2012-05-22 00:43:35	2024-09-26 01:40:16	491 B	37 kB	107.190.138.58
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-26 18:37:24	981 B	2.7 kB	23.33.119.57

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.nirsoft.net/utils/injecteddll.zip
IP
107.190.138.58
ASN
#33182 DIMENOC

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
37 kB (37100 bytes)
Hash
a2b4eb3b157fd12bc8e624df46d848fa
46b8b2a8edd31747fd3051ebf3ccec4ba3003398
8f601d8d92b4c28b64a756b447157834e510fb8b471210b2881ca810470bc4bb

Archive (3)

Filename

Md5

File type

InjectedDLL.exe

4121a6fde7a1532d45eeda0d06197fa2

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

InjectedDLL.chm

14abf6aa1e537a453f374b4d2425a26d

MS Windows HtmlHelp Data

readme.txt

786146146a0443cd3380252140aa1c58

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/67

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b6ecb6018a51380d08a47460236a395c
1ce7fe77c21188624302a660a289fe1ce6e7a9e4
ec876edd163ea26b47c9b862c795844f5dd01452095287ea5cd920e3b512672a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EC876EDD163EA26B47C9B862C795844F5DD01452095287EA5CD920E3B512672A"
Last-Modified: Wed, 25 Sep 2024 21:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14355
Expires: Fri, 27 Sep 2024 03:39:56 GMT
Date: Thu, 26 Sep 2024 23:40:41 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
a3930a88784fe653b2ec25e240074298
d2409345400ec01552850d6c48868450ff7512e6
42e5cee42bd074645a594dc518c9d95d8b21ecaf889e3cd003613b90090c6dd1

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "42E5CEE42BD074645A594DC518C9D95D8B21ECAF889E3CD003613B90090C6DD1"
Last-Modified: Thu, 26 Sep 2024 16:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3472
Expires: Fri, 27 Sep 2024 00:38:33 GMT
Date: Thu, 26 Sep 2024 23:40:41 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3103fb1d1a919eb0d7b8a9d179fc0697
5f40ca033f1637117fafa094cb334a3d7a0bd8bb
21d190a1353e17aa721c3f3b5860a6dc765559c9a2c1bede3028e571e4e8b5d8

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "21D190A1353E17AA721C3F3B5860A6DC765559C9A2C1BEDE3028E571E4E8B5D8"
Last-Modified: Thu, 26 Sep 2024 14:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3305
Expires: Fri, 27 Sep 2024 00:35:46 GMT
Date: Thu, 26 Sep 2024 23:40:41 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c5df97c10e9a37c02e8e12b302465464
b0d9b31bb7dd48f11b58e6f1833798e45dc5a862
350fb41eb348dc3b30943b357e089a3cd9dcc9670285c29485ba02a38ebcbc15

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "350FB41EB348DC3B30943B357E089A3CD9DCC9670285C29485BA02A38EBCBC15"
Last-Modified: Wed, 25 Sep 2024 02:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2835
Expires: Fri, 27 Sep 2024 00:27:57 GMT
Date: Thu, 26 Sep 2024 23:40:42 GMT
Connection: keep-alive

www.nirsoft.net/utils/injecteddll.zip

107.190.138.58

200 OK

37 kB

URL User Request GET HTTP/1.1
www.nirsoft.net/utils/injecteddll.zip
IP
107.190.138.58:443
ASN
#33182 DIMENOC

Certificate
IssuerLet's Encrypt
Subjectextension.nirsoft.net
Fingerprint33:87:B2:96:41:18:2F:04:A4:40:FE:F9:99:EC:9C:95:96:85:A8:1C
ValidityThu, 22 Aug 2024 09:53:48 GMT - Wed, 20 Nov 2024 09:53:47 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
37 kB (37100 bytes)
Hash
a2b4eb3b157fd12bc8e624df46d848fa
46b8b2a8edd31747fd3051ebf3ccec4ba3003398
8f601d8d92b4c28b64a756b447157834e510fb8b471210b2881ca810470bc4bb

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/67

HTTP Headers

GET /utils/injecteddll.zip HTTP/1.1
Host: www.nirsoft.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 26 Sep 2024 23:40:42 GMT
Server: Apache
Last-Modified: Sat, 27 May 2006 05:48:20 GMT
Accept-Ranges: bytes
Content-Length: 37100
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
64108df12984593f36170f27e6fb80f2
6754152a60740508014d3d1f98750e881548eaa8
32226a3dd41116178dae22f6632d404aa1f57d0e87e6a8da6c16c82ac41884d0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "32226A3DD41116178DAE22F6632D404AA1F57D0E87E6A8DA6C16C82AC41884D0"
Last-Modified: Thu, 26 Sep 2024 16:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5997
Expires: Fri, 27 Sep 2024 01:20:41 GMT
Date: Thu, 26 Sep 2024 23:40:44 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
64108df12984593f36170f27e6fb80f2
6754152a60740508014d3d1f98750e881548eaa8
32226a3dd41116178dae22f6632d404aa1f57d0e87e6a8da6c16c82ac41884d0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "32226A3DD41116178DAE22F6632D404AA1F57D0E87E6A8DA6C16C82AC41884D0"
Last-Modified: Thu, 26 Sep 2024 16:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5997
Expires: Fri, 27 Sep 2024 01:20:41 GMT
Date: Thu, 26 Sep 2024 23:40:44 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
64108df12984593f36170f27e6fb80f2
6754152a60740508014d3d1f98750e881548eaa8
32226a3dd41116178dae22f6632d404aa1f57d0e87e6a8da6c16c82ac41884d0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "32226A3DD41116178DAE22F6632D404AA1F57D0E87E6A8DA6C16C82AC41884D0"
Last-Modified: Thu, 26 Sep 2024 16:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5997
Expires: Fri, 27 Sep 2024 01:20:41 GMT
Date: Thu, 26 Sep 2024 23:40:44 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (3)

Detections

JavaScript (0)

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash