Report - static.updatestar.net/dl/netsurveillance/NetSurveillance.zip

Report Overview

Visited public
2024-11-28 10:42:17
Tags
URL
static.updatestar.net/dl/netsurveillance/NetSurveillance.zip
Finishing URL
about:privatebrowsing
IP / ASN
109.199.124.234
#51167 Contabo GmbH
Title
about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

0

Threat Detection Systems

13

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
static.updatestar.net	unknown	2007-01-18	2012-09-30	2024-11-22	430 B	395 B	109.199.124.234
static.updatestar.com	unknown	2007-01-18	2012-11-01	2024-11-22	514 B	1.1 MB	109.199.124.234

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
static.updatestar.com/dl/netsurveillance/NetSurveillance.zip
IP
109.199.124.234
ASN
#0

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.1 MB (1138579 bytes)
Hash
a1e2ef82707fa00d57ca76e675bc3671
b07ab82b15be385f1cd4e4f2ee4103ea7b9d5978
74654e286d501ae4962a6031155e01f11e7bcb32b7126ce1e1c209f1821be6c2

Archive (61)

Filename

Md5

File type

Config.ini

c43e4c6e1aa7c483c0790de940db65c0

Microsoft Windows Autorun file

ConfigModule.dll

5cbe973f99a95ac7e2b9b6a4c264fcdc

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed, 3 sections

DllDeinterlace.dll

734654f3c6b732fad89fcc17f3816df1

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed, 3 sections

H264Play.dll

d8162f292b34017efdb2894d46ca25dc

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed, 3 sections

hikplaympeg4.dll

5279996256c63a8a48420f41128c2342

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed, 3 sections

hi_h264dec_w.dll

3b3fe802f6ce692568dcff60758cb81a

PE32 executable (DLL) (console) Intel 80386, for MS Windows, PECompact2 compressed, 3 sections

install.bat

ec25840b919678a37e9b47ed8732fb9f

DOS batch file, ASCII text, with CRLF line terminators

English.lang

01df9b2af47b6948440adb477f29726a

Unicode text, UTF-16, little-endian text

French.lang

b397fe4c69297f43d30d3edd4ed8e629

Unicode text, UTF-16, little-endian text

German.lang

7ca4a6b1d0d9a5e6af088073e4cab224

Unicode text, UTF-16, little-endian text

Greek.lang

728078e4e05ff73366fd18063bb0d314

Unicode text, UTF-16, little-endian text

Italian.lang

643c4b20b417af9270e1be0a88d370b6

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Japanese.lang

968915a36c220304a9f22b170b5b341e

Unicode text, UTF-16, little-endian text

Portugal.lang

ae3cc722892752cbf8c9209b9debde38

Unicode text, UTF-16, little-endian text

Russian.lang

a1199c2db9329326fa19d80c8c0ce4e8

Unicode text, UTF-16, little-endian text

SimpChinese.lang

120ee442ab5e919376e4f0a6edd55efc

Unicode text, UTF-16, little-endian text

Spanish.lang

43be28f824ab32f484d059e15017b101

Unicode text, UTF-16, little-endian text

Thai.lang

78ed99a11cc1dd50c0866fad43a47ee7

Unicode text, UTF-16, little-endian text

TradChinese.lang

f9ef2ab4f9ba6667c7b1e71d66a3514d

Unicode text, UTF-16, little-endian text

Turkey.lang

9b2f70e4365895f06047a478a539df24

Unicode text, UTF-16, little-endian text

NetSdk.dll

76cc987e633748c8554e439ac8f620ff

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed, 3 sections

NetSurveillance.ocx

c625672bd717ab418217b2679047a0de

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed, 3 sections

Password.dll

298b416236c0e50f70f2e4ec5a98d591

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed, 3 sections

PlayBack.dll

21c7b5921128be03c9e936225311ef9a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed, 3 sections

btn_color.JPG

6f1f4a1a8918f8b1a087bc9ad7f49865

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 24x122, components 3

btn_device.JPG

05387bbdedd4478e49f3aa82376ded26

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 24x122, components 3

btn_PTZ.JPG

d45f5c2620f02a4f28e687e6a880f4c8

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 24x122, components 3

color_config.ini

c4e5dd32811618e27f2808c653405a14

Generic INItialization configuration [MainButtons]

color_down.JPG

3569112c6701c65fae04b73dff15c9ef

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 172x251, components 3

color_normal.JPG

61e7dce8d6af8b247415f38a64019f54

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 172x250, components 3

device_config.ini

d2d8a7f3e8ba048c145ee8e1d2bc4d9f

Generic INItialization configuration [MainButtons]

Device_Down_En.JPG

b87b632bf6c708f351d2aab2158d04a2

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 172x245, components 3

dlg_bottom.bmp

8e0398447f763d1a6dffe9b9a31b74fc

PC bitmap, Windows 3.x format, 295 x 1 x 24, image size 890, resolution 2834 x 2834 px/m, cbSize 944, bits offset 54

dlg_left.bmp

3922bc82f80b75a354035d6ce926b6bc

PC bitmap, Windows 3.x format, 1 x 200 x 24, image size 802, resolution 2834 x 2834 px/m, cbSize 856, bits offset 54

dlg_right.bmp

ba5741095422793e29a8d2557d5657f4

PC bitmap, Windows 3.x format, 1 x 200 x 24, image size 802, resolution 2834 x 2834 px/m, cbSize 856, bits offset 54

dlg_top.bmp

504e47989be4145f95652df8b53728b4

PC bitmap, Windows 3.x format, 295 x 30 x 8, image size 8882, resolution 2834 x 2834 px/m, 118 important colors, cbSize 9408, bits offset 526

fullBK.JPG

b515566a8069f42dd43ccda8bc92baec

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 791x569, components 3

func.JPG

9bec4e57a7117121d932442d60f832c3

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 400x64, components 3

func_config.ini

78923b95418c0e03f494f54ef11cb32c

Generic INItialization configuration [MainButtons]

mp_channel.JPG

0c47ed6cd47314b14314e876dc08de0a

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x13, components 3

mp_channel_active.JPG

f915435003bbf7646769b86f539f636f

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x13, components 3

mp_thumb.JPG

019b6ef1743dd24a6d9a970979b65255

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 6x13, components 3

mp_thumb_active.JPG

9fc2d933e2daab1c5d5478e22c34b1b4

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 6x13, components 3

plcb_back.JPG

fbdf0f4fbd0cb907ea2dcb393bf64113

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x29, components 3

plcb_Disabled.JPG

7c0615df3f0bd8428bcadafb499ce9ba

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 422x29, components 3

plcb_normal.JPG

65d1721ee9836396b43ac0f7bae71bc4

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 422x29, components 3

plcb_over.JPG

ff5409b442314fa1a1de9e9ae3d033e9

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 422x29, components 3

ptz_config.ini

d1cfcb41594416ea08bb0c3493f165de

Generic INItialization configuration [MainButtons]

ptz_down.JPG

bba9217cfcc271cca24ffdba3b9e2481

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 172x477, components 3

ptz_normal.JPG

b800f381da8afc5716757244c1bcc4d3

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 172x477, components 3

replayer_config.ini

295ff5971a716833afd4116daa6afe5d

Generic INItialization configuration [MainButtons]

simpleBK.JPG

871bf03caa66acd1a3b2eb46a4a8528f

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 791x569, components 3

theme.ini

9b3b7d861033c3475257f09638951a9f

Generic INItialization configuration [Button0]

x1_01.JPG

8018a66fc8dc31aa3810a02e19c70a85

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 48x16, components 3

x1_03.JPG

147eda1c01c9027aadbe56578870b2eb

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 48x16, components 3

x1_05.JPG

f46c1f18823aee51d7dbfb623e6f0f24

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 48x16, components 3

StreamReader.dll

edd4713c052cc483886cac892e3958f0

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed, 3 sections

users.xml

5101bc6c33a463e537c55433dfd378dd

ASCII text, with very long lines (438), with CRLF line terminators

web.inf

4d2d2978299b140fdeab61adb4ea912a

Windows setup INFormation

WndManager.ocx

b5e235bba6f66b9b7a68ff334350784d

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed, 3 sections

Data.xml

af7af39267ea45be4735914e0987918e

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
VirusTotal	suspicious	VirusTotal - Scan result 1/66

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

static.updatestar.net/dl/netsurveillance/NetSurveillance.zip

109.199.124.234

301 Moved Permanently

185 B

URL User Request GET HTTP/1.1
static.updatestar.net/dl/netsurveillance/NetSurveillance.zip
IP
109.199.124.234:80
ASN
#0

File type
HTML document, ASCII text, with CRLF line terminators
Size
185 B (185 bytes)
Hash
7c211cda2d319f7b8774f46b3ffa697d
d266256cbcb79bfa064a4064ee85fe2d4e904320
9568d53ff4b8462bd95c8eaebd75707ad8977100a41fb798cf4deb5a5c1228a5

HTTP Headers

GET /dl/netsurveillance/NetSurveillance.zip HTTP/1.1
Host: static.updatestar.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
Location: https://static.updatestar.com/dl/netsurveillance/NetSurveillance.zip
Date: Thu, 28 Nov 2024 10:41:51 GMT
Content-Length: 185

static.updatestar.com/dl/netsurveillance/NetSurveillance.zip

109.199.124.234

200 OK

1.1 MB

URL User Request GET HTTP/2
static.updatestar.com/dl/netsurveillance/NetSurveillance.zip
IP
109.199.124.234:443
ASN
#0

Certificate
IssuerGlobalSign nv-sa
Subject*.updatestar.com
Fingerprint25:56:0B:E2:AE:DB:5C:E1:D3:69:54:7A:84:C3:04:E4:E6:6E:03:6E
ValidityThu, 25 Jul 2024 12:08:21 GMT - Tue, 26 Aug 2025 12:08:20 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.1 MB (1138579 bytes)
Hash
a1e2ef82707fa00d57ca76e675bc3671
b07ab82b15be385f1cd4e4f2ee4103ea7b9d5978
74654e286d501ae4962a6031155e01f11e7bcb32b7126ce1e1c209f1821be6c2

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/66

HTTP Headers

GET /dl/netsurveillance/NetSurveillance.zip HTTP/1.1
Host: static.updatestar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public,max-age=31536000
content-type: application/x-zip-compressed
last-modified: Tue, 25 Oct 2016 10:21:30 GMT
accept-ranges: bytes
etag: "a0696b8da92ed21:0"
date: Thu, 28 Nov 2024 10:41:51 GMT
content-length: 1138579
X-Firefox-Spdy: h2