Report - www.morkoskhalaf.com/ankhtech/Toolbox/Tweaks.exe

Report Overview

Visitedpublic

2024-12-30 14:20:20

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
www.morkoskhalaf.com	unknown	2020-03-24	2023-03-28	2023-03-28	502 B	610 kB	104.21.90.214

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

www.morkoskhalaf.com/ankhtech/Toolbox/Tweaks.exe

IP / ASN

104.21.90.214

#13335 CLOUDFLARENET

File Overview

File Type7-zip archive data, version 0.4

Size609 kB (609033 bytes)

MD5d3b4b4e86177e8db07fa2594d792a8aa

SHA1893f17d914dcc0627c5d2068fe17f501f675078e

SHA2561d5ad6f089cd8b0a912872fcc9c440e5d76c52de6b4ab5a5e0ca9c1df90e0409

Archive (16)

Modified	Filename	Size	MD5	File type
2023-12-07 20:43	ActCheck.bat	21 kB	67c9648fb8aafeafb0c4932c4a7693c5	ASCII text, with very long lines (361), with CRLF line terminators
2021-11-12 08:52	Activate_Windows_Photo_Viewer.reg	28 kB	b083ee8e2da4099509b35ca612cceea4	Windows Registry little-endian text (Win2K or above)
2024-12-24 15:02	pkey.txt	4.9 kB	374a52820bbe07516b9c1ec16d72d24e	ASCII text, with very long lines (4860), with CRLF line terminators
2019-10-09 20:01	revouninstallerpro5.lic	66 kB	8462a9b69c76a9603a4143d51fbc201e	data
2023-09-15 16:55	Smadavx64.reg	266 B	1ba01e5da3ab531c59d7a99e5a4e2947	Windows Registry little-endian text (Win2K or above)
2023-02-07 12:08	Add_Take_Ownership.reg	4.0 kB	57960ab7d086057a63ff1dd93d491ff2	Windows Registry little-endian text (Win2K or above)
2023-10-13 13:02	CleanOffice.txt	1.3 kB	e26af0413350bfb88fdb0d5cbded8596	ASCII text, with CRLF line terminators
2022-02-13 17:08	KMS.xml	3.5 kB	672791216f102bdb76fb550adb0ea923	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
2019-10-09 12:14	Hash.reg	3.6 kB	30fee4c3f420a7d7cd4dc23ca2e2f90d	Windows Registry little-endian text (Win2K or above)
2024-02-16 15:13	IAS.cmd	32 kB	f9a5ab68258deddf28f0d936d0ee00aa	DOS batch file, ASCII text, with very long lines (324), with CRLF line terminators
2024-12-19 11:11	MAS_AIO.cmd	449 kB	92cc8f1f67a875563d1299e7dd7b5723	DOS batch file, ASCII text, with very long lines (311), with CRLF line terminators
2023-12-08 15:06	run.bat	144 kB	95c66d1c6b68d200688fe4ceffbf0d32	exported SGML document, Non-ISO extended-ASCII text, with CRLF line terminators
2021-11-09 13:07	SafeMode.reg	4.2 kB	d7f56743aa26f28dd825aa6b5ea4a438	Windows Registry little-endian text (Win2K or above)
2024-12-24 20:51	version.dll	414 kB	682f8677112feeaeb0a6b268d21a8551	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 9 sections
2021-09-23 07:27	x64.dll	21 kB	a8f669ab8fad00bd193a82b8f62e7660	PE32+ executable (DLL) (native) x86-64, for MS Windows, 5 sections
2021-09-23 07:27	x86.dll	17 kB	fee7e8f5472041f6b2c0e5d8f8d0da45	PE32 executable (DLL) (native) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
ClamAV	malicious	Win.Trojan.Generic-10036804-0

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET www.morkoskhalaf.com/ankhtech/Toolbox/Tweaks.exe

104.21.90.214

200 OK

609 kB

URL

www.morkoskhalaf.com/ankhtech/Toolbox/Tweaks.exe

IP / ASN

104.21.90.214

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File type7-zip archive data, version 0.4

First Seen2024-12-30

Last Seen2025-02-05

Times Seen3

Size609 kB (609033 bytes)

MD5d3b4b4e86177e8db07fa2594d792a8aa

SHA1893f17d914dcc0627c5d2068fe17f501f675078e

SHA2561d5ad6f089cd8b0a912872fcc9c440e5d76c52de6b4ab5a5e0ca9c1df90e0409

Certificate Info

IssuerGoogle Trust Services

Subjectwww.morkoskhalaf.com

Fingerprint42:06:78:BE:4C:AF:F7:0A:10:EB:79:6F:1D:37:0F:2C:B0:BF:ED:FB

ValidityFri, 01 Nov 2024 17:55:08 GMT - Thu, 30 Jan 2025 17:55:07 GMT

Detections

Analyzer	Verdict	Alert
ClamAV	malicious	Win.Trojan.Generic-10036804-0

HTTP Headers

GET /ankhtech/Toolbox/Tweaks.exe HTTP/1.1
Host: www.morkoskhalaf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 30 Dec 2024 14:19:56 GMT
content-type: application/octet-stream
content-length: 609033
cache-control: max-age=31536000
last-modified: Fri, 27 Dec 2024 12:52:56 GMT
etag: "e1979405e58db1:0"
x-powered-by: ASP.NET
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WJRkGkh1LlG3oC%2Bu28OwAOC9ANXQA996uRrrG8vwCAZ9gUf9l8LGMKjwkMv0TItheufqRQsRTjM3Uu4uq29TI2EoDIyP7OVr%2F1uGXxDM8RUX7xiDXN71%2Fapjf2Axi1ETMXHcpQIlag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fa2aae68fc5b4ed-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=532&min_rtt=447&rtt_var=206&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3276&recv_bytes=1274&delivery_rate=7144736&cwnd=254&unsent_bytes=0&cid=78f508ed574eb5a2&ts=1056&x=0"
X-Firefox-Spdy: h2