Report - download.kobobooks.com/desktop/1/KoboSetup.exe

Report Overview

Visitedpublic

2024-12-16 11:35:31

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
download.kobobooks.com	unknown	2009-08-06	2012-12-11	2024-12-09	502 B	95 kB	172.64.150.46

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-12-16	medium	download.kobobooks.com/desktop/1/KoboSetup.exe	Detect files is `SliverFox` malware

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

download.kobobooks.com/desktop/1/KoboSetup.exe

IP / ASN

172.64.150.46

#13335 CLOUDFLARENET

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections

Size94 kB (94437 bytes)

MD55748a856c505f6d0ff85af0a7125ac2c

SHA1f2e3494560beadd07e6fe57950dba97fb481b867

SHA25616c8afc8b8483a948cd465477e8354ba1ecd2f8bea374bfb574338ca3414524f

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files is `SliverFox` malware

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET download.kobobooks.com/desktop/1/KoboSetup.exe

172.64.150.46

200 OK

94 kB

URL

download.kobobooks.com/desktop/1/KoboSetup.exe

IP / ASN

172.64.150.46

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections

First Seen2024-12-16

Last Seen2024-12-16

Times Seen1

Size94 kB (94437 bytes)

MD55748a856c505f6d0ff85af0a7125ac2c

SHA1f2e3494560beadd07e6fe57950dba97fb481b867

SHA25616c8afc8b8483a948cd465477e8354ba1ecd2f8bea374bfb574338ca3414524f

Certificate Info

IssuerGoogle Trust Services

Subjectdownload.kobobooks.com

FingerprintA3:14:81:48:99:66:B6:2F:90:5A:DF:F6:58:46:48:56:3B:01:70:27

ValidityMon, 18 Nov 2024 14:00:46 GMT - Sun, 16 Feb 2025 14:00:45 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files is `SliverFox` malware

HTTP Headers

GET /desktop/1/KoboSetup.exe HTTP/1.1
Host: download.kobobooks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 16 Dec 2024 11:35:06 GMT
content-type: application/octet-stream
content-length: 38843784
etag: "deb4a8c64528a38ffe98c0c3e8ef81e7-3"
last-modified: Mon, 08 Nov 2021 13:56:15 GMT
x-amz-meta-s3cmd-attrs: atime:1636379773/ctime:1636379773/gid:401605121/gname:domain%5Eusers/md5:9692a159b2b3d8381e9b886d35e6e421/mode:33188/mtime:1636379773/uid:401606372/uname:gcyre
x-amz-version-id: AAAAAAAAAAP8Oe4-SySa0gDeAAAA48wQAAAAAAAAAAEA3gAAAUb3FQDEAAAAAAABAAAAAAAAAC4AZmRlc2t0b3AvMS9Lb2JvU2V0dXAuZXhl
cf-cache-status: MISS
expires: Mon, 16 Dec 2024 15:35:06 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
set-cookie: __cf_bm=BHzAgzpQrQ.x50IjiZYNjqew.1Nbf1_RlDr._272.yw-1734348906-1.0.1.1-CM..GJ1pqIuhuTXteg0o35AG71thKFguxBySxZ_oX21k6mhYVALvaiLUIen2wei2lLJ0ULv5c9Z78exc9L_ngw; path=/; expires=Mon, 16-Dec-24 12:05:06 GMT; domain=.kobobooks.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2e5e35e8625699-OSL
X-Firefox-Spdy: h2