Report - download.sysinternals.com/files/RAMMap.zip

Report Overview

Visitedpublic

2025-05-06 06:50:41

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
download.sysinternals.com	317209	unknown	No data	No data	510 B	688 kB	13.107.246.53

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

download.sysinternals.com/files/RAMMap.zip

IP / ASN

13.107.246.53

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size687 kB (687327 bytes)

MD52a730bb3cb813286d872ac6a754ffebd

SHA11385669404022211e34010c1395509fda3ebe36f

SHA256691fa6a7e43babc26e37f9d65a74e7e1ea17eb3d4440141aa7eab6cd5b4c39a9

Archive (4)

Modified	Filename	Size	MD5	File type
2022-05-11 16:49	RAMMap.exe	678 kB	f8c7e41d1fbe9bee01fb44244087ae86	PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
2022-05-11 16:49	RAMMap64.exe	363 kB	633470671cc8035b945f7ccad2cd4024	PE32+ executable (GUI) x86-64, for MS Windows, 7 sections
2022-05-11 16:49	RAMMap64a.exe	380 kB	1de68434548372c7d3eb79b3f10fca3e	PE32+ executable (GUI) Aarch64, for MS Windows, 6 sections
2022-05-11 16:49	Eula.txt	7.5 kB	8c24c4084cdc3b7e7f7a88444a012bfc	Unicode text, UTF-8 (with BOM) text, with very long lines (518), with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 1/65

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET download.sysinternals.com/files/RAMMap.zip

13.107.246.53

200 OK

687 kB

URL User Request GET HTTPS

download.sysinternals.com/files/RAMMap.zip

IP / ASN

13.107.246.53

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byN/A

Resource Info

File typeZip archive data, at least v2.0 to extract, compression method=deflate

First Seen2023-08-10

Last Seen2025-05-23

Times Seen75

Size687 kB (687327 bytes)

MD52a730bb3cb813286d872ac6a754ffebd

SHA11385669404022211e34010c1395509fda3ebe36f

SHA256691fa6a7e43babc26e37f9d65a74e7e1ea17eb3d4440141aa7eab6cd5b4c39a9

Certificate Info

IssuerMicrosoft Corporation

Subject*.sysinternals.com

FingerprintE4:33:54:9F:7F:97:4C:4B:A2:35:F0:6C:83:E2:8F:4D:0A:11:87:B3

ValidityMon, 28 Apr 2025 22:59:32 GMT - Thu, 23 Apr 2026 22:59:32 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/65

HTTP Headers

GET /files/RAMMap.zip HTTP/1.1
Host: download.sysinternals.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 06 May 2025 06:50:08 GMT
content-type: application/x-zip-compressed
content-length: 687327
last-modified: Wed, 11 May 2022 17:27:37 GMT
etag: 0x8DA33738B669279
x-ms-request-id: 44eb5819-501e-0035-0666-bab0db000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref: 20250506T065008Z-16c476b8794xrsn6hC1SVGwd4w0000000bx0000000005gtf
x-fd-int-roxy-purgeid: 11
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2