Report - www.mofaga.gov.np/downloads/nepali

Report Overview

Visited public
2024-12-03 23:17:54
Tags
URL
www.mofaga.gov.np/downloads/nepali_romanised.zip
Finishing URL
about:privatebrowsing
IP / ASN
202.45.146.148
#45353 NITC: IT Agency of Government of Nepal
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.mofaga.gov.np	unknown	unknown	2019-01-02	2024-11-09	502 B	672 kB	202.45.146.148

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.mofaga.gov.np/downloads/nepali_romanised.zip
IP
202.45.146.148
ASN
#45353 NITC: IT Agency of Government of Nepal

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
672 kB (671778 bytes)
Hash
5ca1d404ae4c1c01b343047fb5a2ea71
2ead3bbcd63cdf5558aa3298ac642fd04c0290ef
03ae57e6509312c1597d4ac58b5a2053d081577d21755f3c0d10b2412d6ef524

Archive (11)

Filename

Md5

File type

Roman.dll

cf83e4ef7814fbb8307104405eb35867

PE32+ executable (DLL) (native) x86-64, for MS Windows, 3 sections

Roman.dll

9f8ba9babba64c08ed34faec97d6ae98

PE32 executable (DLL) (native) Intel 80386, for MS Windows, 3 sections

Roman.dll

3623b54965e1519f36c971884b2a9dc8

PE32+ executable (DLL) (native) Intel Itanium, for MS Windows, 3 sections

keyboardlayout-romanized.gif

2cb325b9424591a4e47628dceaf3dcb7

GIF image data, version 89a, 680 x 308

keyboardlayout-romanized.tif

2e8cec904485eee0aabb129f646c4fd4

TIFF image data, little-endian, direntries=21, height=1284, bps=266, compression=LZW, PhotometricInterpretation=CMYK, width=2832

Thumbs.db

fef8baaf5b779506210645bdf3efea4e

Composite Document File V2 Document, Cannot read section info

Roman_amd64.msi

ba74b842503fe61ce444544a50af87ff

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 0, Title: Nepali Unicode Romanized Layout, Keywords: Custom, Keyboard, Installer, MSI, database, MSKLC, Revision Number: {94560F54-A8E0-4031-9BAA-A2CF33696DBF}, Last Saved By: user, Last Printed: Sun Nov 20 11:07:34 2011, Last Saved Time/Date: Sun Nov 20 11:07:34 2011, Comments: Nepali Unicode Romanized Layout, Author: user, Template: x64;1033, Name of Creating Application: Keyboard Layout Creator 1.4, Subject: Keyboard Layout Creator 1.4, Number of Pages: 200, Number of Words: 0, Number of Characters: 0, Security: 2, Create Time/Date: Sun Nov 20 11:07:34 2011, Total Editing Time: Sun Nov 20 11:07:34 2011

Roman_i386.msi

3d837a17c234274a02c5701a37a5deb2

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 0, Title: Nepali Unicode Romanized Layout, Keywords: Custom, Keyboard, Installer, MSI, database, MSKLC, Revision Number: {DBACCBE5-BABD-42E6-A198-656EAB3F2B65}, Last Saved By: user, Last Printed: Sun Nov 20 11:07:33 2011, Last Saved Time/Date: Sun Nov 20 11:07:33 2011, Comments: Nepali Unicode Romanized Layout, Author: user, Template: Intel;1033, Name of Creating Application: Keyboard Layout Creator 1.4, Subject: Keyboard Layout Creator 1.4, Number of Pages: 200, Number of Words: 0, Number of Characters: 0, Security: 2, Create Time/Date: Sun Nov 20 11:07:33 2011, Total Editing Time: Sun Nov 20 11:07:33 2011

Roman_ia64.msi

0cff760f6f7ab4888ac508d203b06bbd

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 0, Title: Nepali Unicode Romanized Layout, Keywords: Custom, Keyboard, Installer, MSI, database, MSKLC, Revision Number: {C03DDEB3-2DA8-4964-AC9C-506868654240}, Last Saved By: user, Last Printed: Sun Nov 20 11:07:34 2011, Last Saved Time/Date: Sun Nov 20 11:07:34 2011, Comments: Nepali Unicode Romanized Layout, Author: user, Template: Intel64;1033, Name of Creating Application: Keyboard Layout Creator 1.4, Subject: Keyboard Layout Creator 1.4, Number of Pages: 200, Number of Words: 0, Number of Characters: 0, Security: 2, Create Time/Date: Sun Nov 20 11:07:34 2011, Total Editing Time: Sun Nov 20 11:07:34 2011

setup.exe

211ee1b6b3d8a0572333bbfd0c47cc12

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Roman.dll

25d921e424ae4554f313e4afa5d22e70

PE32 executable (DLL) (native) Intel 80386, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	Detect pe file that no import table
VirusTotal	suspicious	VirusTotal - Scan result 1/66

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.mofaga.gov.np/downloads/nepali_romanised.zip

202.45.146.148

200 OK

672 kB

URL User Request GET HTTP/2
www.mofaga.gov.np/downloads/nepali_romanised.zip
IP
202.45.146.148:443
ASN
#45353 NITC: IT Agency of Government of Nepal

Certificate
IssuerLet's Encrypt
Subjectmofaga.gov.np
Fingerprint6F:AE:C3:2D:B6:90:26:67:0F:17:3F:8B:5D:6B:48:D2:7A:91:FF:6B
ValidityFri, 18 Oct 2024 02:20:28 GMT - Thu, 16 Jan 2025 02:20:27 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
672 kB (671778 bytes)
Hash
5ca1d404ae4c1c01b343047fb5a2ea71
2ead3bbcd63cdf5558aa3298ac642fd04c0290ef
03ae57e6509312c1597d4ac58b5a2053d081577d21755f3c0d10b2412d6ef524

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/66

HTTP Headers

GET /downloads/nepali_romanised.zip HTTP/1.1
Host: www.mofaga.gov.np
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 03 Dec 2024 15:27:30 GMT
content-type: application/zip
content-length: 671778
last-modified: Thu, 18 May 2023 10:48:35 GMT
etag: "64660283-a4022"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (11)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers