Report - performai.evilleaker.com/manual/download/files/chusan_segatools_1_0_3_4_by_fufubot_team_release_by_evil

Report Overview

Visitedpublic

2025-02-01 16:58:34

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
performai.evilleaker.com	unknown	2023-11-18	2025-01-26	2025-01-26	581 B	370 kB	185.199.110.153

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

performai.evilleaker.com/manual/download/files/chusan_segatools_1_0_3_4_by_fufubot_team_release_by_evil_chinese.zip

IP / ASN

185.199.110.153

#54113 FASTLY

File Overview

File TypeZip archive data, at least v1.0 to extract, compression method=store

Size369 kB (369325 bytes)

MD56d783a2450b257a77124d09bd0db9fdb

SHA1682326fae65123401287aba5c525b43d284afd29

SHA2565707939679a97ee0da5358d5c3407b99fb091f541709da075dda77f31ebabfb3

Archive (21)

Modified	Filename	Size	MD5	File type
2024-12-01 18:55	aime2x.dll	34 kB	b72af87f2c57d6085611535b07bb17d6	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections
2024-12-01 18:55	aimeio.dll	37 kB	a127da2637a7d0d055f9a0dd58b794e4	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections
2022-12-01 04:19	aimeio_yubideck.dll	11 kB	627b5ddb71ba6a7cf1d3cf6be0597acc	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections
2024-12-01 18:55	brokenithm.dll	15 kB	5f13a1bfc4cf8350f6cd0a00eac96caa	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections
2024-12-01 18:55	chuniio-mux.dll	33 kB	23c537a9f2aadf282a1f6bcede9f349f	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections
2024-12-01 18:55	chuniio.dll	14 kB	8738f387112714ecca411a7e46be57a9	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections
2024-12-01 18:55	chusanamhook.dll	612 kB	cb8be0ecab5037deb7865239c105c14f	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections
2024-12-01 18:55	chusanhook.dll	571 kB	0620f90be9baac4414f65f6e100141f3	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections
2022-09-30 05:58	config_hook.json	174 B	992cdd70d3e69a43dc111c3b953b8444	JSON text data
2024-12-01 18:55	billing.pub	162 B	c8bd6174e2da1beae0d94498571c9d09	data
2024-12-01 18:55	ca.crt	817 B	8bac3ec5e141a706c12c76fdd29646c8	Certificate, Version=3
2024-12-01 22:19	duolinguo.dll	12 kB	df0ca5b198701ac460987a9d2f1a7b4a	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections
2024-12-01 18:55	inject_x64.exe	24 kB	8d7b5607c50bed66e8d8a9f61aceaed6	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections
2024-12-01 18:55	inject_x86.exe	20 kB	44392c4dc62c7383f168753abf03be43	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections
2024-12-01 19:07	readme.txt	6.7 kB	abc84a7ca98948eb44124855818d590c	Unicode text, UTF-8 text, with CRLF line terminators
2024-12-01 21:10	segatools.ini	4.8 kB	02012942b3fb5f46f0d1386cfbe06047	ASCII text
2024-12-01 18:55	start.bat	828 B	a80a0bd1dce3005be4ab6aa1a8a5b22f	DOS batch file, ASCII text
2024-12-01 17:33	StavonaIO.dll	37 kB	115d7d08a6e44634665bcd2f9d37cff6	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections
2022-10-01 14:08	tasoller.dll	226 kB	a0b7bd56ec0915befff3dd7ff62f7045	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections
2024-12-01 14:34	tasoller_plus.dll	162 kB	d27306a64c75c65fc9016449e9516253	PE32 executable (DLL) (console) Intel 80386, for MS Windows, 18 sections
2022-12-01 04:19	yubideck.dll	26 kB	c13f8c64cebadbdc013f7fe1c2960aea	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	malicious	VirusTotal - Scan result 23/68

JavaScript (0)

HTTP Transactions (1)

	URL	IP	Response	Size