Report - xz.927game.com/pc/hraqtclj

Report Overview

Visitedpublic

2025-05-16 17:42:48

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
xz.927game.com	unknown	2014-05-10	2024-05-04	2025-03-12	1.9 kB	2.2 MB	61.164.242.163

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-05-16 17:42:24	high	61.164.242.163	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe?eqvips=wirgd2

IP / ASN

61.164.242.163

#136190 JINHUA, ZHEJIANG Province, P.R.China.

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

Size2.2 MB (2225317 bytes)

MD54db2077283f050bebb12f9d73688d6da

SHA1c91ba68ab441265df1b31ca1eabf044635ae324e

SHA256d2836b428af34b038c3d81d80001fcc1bc59af2fb5dbf3204617981b75762871

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 39/70

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe	ScriptElement	664 B	2025-05-16	2025-05-16
URL xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe IP / ASN 61.164.242.163 #136190 JINHUA, ZHEJIANG Province, P.R.China. Introduced by ScriptElement Embedded true Resource Info First Seen 2025-05-16 Last Seen 2025-05-16 Times Seen 1 Size 664 B (664 bytes) MD5 104926a4ef58be05ad43992cacb82b2c SHA1 9a60db585ed5fe1a5935cd6da19f4bbabc044fcd SHA256 f8884fcf385ec7b5c0eb4f1bcb99c21a42e385f36823791391ba4dffb161cf02 Format Code Loading...

	xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe	Eval	71 B	2025-05-16	2025-05-16
URL xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe IP / ASN 61.164.242.163 #136190 JINHUA, ZHEJIANG Province, P.R.China. Introduced by Eval Embedded false Resource Info First Seen 2025-05-16 Last Seen 2025-05-16 Times Seen 1 Size 71 B (71 bytes) MD5 0513e4fb6716029c58f8ab43e7123e00 SHA1 29430798f67395b6bcfa1ee31c938e779a44a629 SHA256 98190805450f6d0bc6075027909b9343546034d5d364438f95b948eff0d60690 Format Code Loading...

	xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe	Eval	15 B	2025-05-16	2025-05-16
URL xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe IP / ASN 61.164.242.163 #136190 JINHUA, ZHEJIANG Province, P.R.China. Introduced by Eval Embedded false Resource Info First Seen 2025-05-16 Last Seen 2025-05-16 Times Seen 1 Size 15 B (15 bytes) MD5 6fb6964b6541e61caf2329b4935539a8 SHA1 c1ae4b6e68db0df8d75f528040f6f43e3070e1e4 SHA256 2799dc3b87d93cc806037952836374ade2ca62840038d1237e7ee78ebc771bed Format Code Loading...

	xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe	Eval	49 B	2025-05-16	2025-05-16
URL xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe IP / ASN 61.164.242.163 #136190 JINHUA, ZHEJIANG Province, P.R.China. Introduced by Eval Embedded false Resource Info First Seen 2025-05-16 Last Seen 2025-05-16 Times Seen 1 Size 49 B (49 bytes) MD5 bc9a2195d699a6e9a336e35e08079f3e SHA1 3b47663545ced8e158abf095482c93766e5e4fa9 SHA256 12412dda7f32c0b302bf59bbef58de4b9cc9659c44815cd8b38bec9680a2c993 Format Code Loading...

HTTP Transactions (4)

URL IP Response Size

GET xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe?eqvips=wirgd2

61.164.242.163

200 OK

2.2 MB

URL

xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe?eqvips=wirgd2

IP / ASN

61.164.242.163

#136190 JINHUA, ZHEJIANG Province, P.R.China.

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

First Seen2025-05-16

Last Seen2025-05-16

Times Seen1

Size2.2 MB (2225317 bytes)

MD54db2077283f050bebb12f9d73688d6da

SHA1c91ba68ab441265df1b31ca1eabf044635ae324e

SHA256d2836b428af34b038c3d81d80001fcc1bc59af2fb5dbf3204617981b75762871

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 39/70
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP

HTTP Headers

GET /pc/hraqtclj_64v5.0.1.1.exe?eqvips=wirgd2 HTTP/1.1
Host: xz.927game.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Thu, 25 Jul 2024 03:43:47 GMT
Accept-Ranges: bytes
ETag: "d396feda44deda1:0"
Server: Microsoft-IIS/10.0
Date: Fri, 16 May 2025 17:42:23 GMT
Content-Length: 2225317

GET xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe

61.164.242.163

200 OK

922 B

URL

xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe

IP / ASN

61.164.242.163

#136190 JINHUA, ZHEJIANG Province, P.R.China.

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (922), with no line terminators

First Seen2025-05-16

Last Seen2025-05-16

Times Seen1

Size922 B (922 bytes)

MD5b0a218de3eb2f03bd9288c82e1b611f4

SHA16c06a393af4ce5b6c4e079e462268fb9f0b1a35e

SHA2560f7778856f5e83788348c9491b03a645df2c30c1d490febdc7d33c19fccfd14f

HTTP Headers

GET /pc/hraqtclj_64v5.0.1.1.exe HTTP/1.1
Host: xz.927game.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 922
Pragma: no-cache
Cache-control: no-store

GET xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe?eqvips=wirgd2

0.0.0.0

0 B

URL

xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe?eqvips=wirgd2

IP / ASN

0.0.0.0

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606177

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP

HTTP Headers

GET /pc/hraqtclj_64v5.0.1.1.exe?eqvips=wirgd2 HTTP/1.1
Host: xz.927game.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET xz.927game.com/favicon.ico

61.164.242.163

404 Not Found

1.2 kB

URL

xz.927game.com/favicon.ico

IP / ASN

61.164.242.163

#136190 JINHUA, ZHEJIANG Province, P.R.China.

Requested byhttp://xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with CRLF line terminators

First Seen2025-04-07

Last Seen2025-08-01

Times Seen897

Size1.2 kB (1163 bytes)

MD5b95f02d7712377499e60763a74069631

SHA12a6ea7a8c7353bddd6bd7b487842da1feaa525cf

SHA2565da10042a026a0612186de79cd45da85dfb2e2d71e5749f92f10ae9f91871f68

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: xz.927game.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xz.927game.com/pc/hraqtclj_64v5.0.1.1.exe
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
Date: Fri, 16 May 2025 17:42:19 GMT
Content-Length: 1163