Report - www.phoner.de/PhonerLite64.zip

Report Overview

Visitedpublic

2024-11-21 17:55:07

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
www.phoner.de	unknown	unknown	2012-05-30	2024-11-11	484 B	6.2 MB	217.160.0.28

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

www.phoner.de/PhonerLite64.zip

IP / ASN

217.160.0.28

#8560 IONOS SE

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size6.1 MB (6149866 bytes)

MD529b96f64b7eee7e0015f695d3b279e5a

SHA15db4cfb020b141f3fe150ed511df04c38b43f7a4

SHA25654ad009b16885e155b767af6179e38aae269c93c252316a35cf33dc3760dc2d2

Archive (13)

Modified	Filename	Size	MD5	File type
2021-12-20 11:02	CallWaiting.wav	16 kB	c88bbbf018c2327562742a5f9604858d	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 8000 Hz
2022-07-26 11:52	licencia.txt	1.9 kB	6a5616e80970eeb1f44dc8b2200f0033	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
2022-07-26 11:52	license.txt	1.7 kB	4e0a84a6cfe7ed31c67911fc90129118	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
2022-07-26 11:52	licen�a.txt	1.9 kB	2e80ba26ad14b38dc3ffae568ba8eb48	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
2022-07-26 11:52	lizenz.txt	1.8 kB	0983f16ab4107eb025ff9fb14a2ecf32	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
2024-11-11 09:59	PhonerLite.exe	9.3 MB	bb0e632767865146e6b7b3de2b893abc	PE32+ executable (GUI) x86-64, for MS Windows, 12 sections
2023-06-23 08:21	provider.ini	724 B	a6ed3ceba55a0a429a965f30eb8dfa8f	Generic INItialization configuration [sipgate DE]
2021-12-20 11:02	RingIn.wav	18 kB	1f0a66b2c2c625535bf487e0a8268ddb	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 8000 Hz
2021-12-20 11:02	RingInInternal.wav	16 kB	63def6439c8f078d295213cb6c3df646	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 8000 Hz
2024-11-11 10:00	sipper64.dll	6.5 MB	48ed944f41d436322c9f2a9325a3d9e7	PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections
2023-11-03 13:33	WebView2Loader.dll	139 kB	bceebc73cb9e3f239b99575c0d38951c	PE32+ executable (DLL) (console) x86-64, for MS Windows, 10 sections
2022-07-26 11:52	Ліцензія.txt	2.8 kB	6eebbadb283b9c6e5c81833fa6a62beb	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
2022-07-26 11:52	Лицензия.txt	3.1 kB	7aef885d9347eda320b68276317650f6	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects file containing Telegram Bot API
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 2/69

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET www.phoner.de/PhonerLite64.zip

217.160.0.28

200 OK

6.1 MB

URL

www.phoner.de/PhonerLite64.zip

IP / ASN

217.160.0.28

#8560 IONOS SE

Requested byN/A

Resource Info

File typeZip archive data, at least v2.0 to extract, compression method=deflate

First Seen2024-11-11

Last Seen2024-11-21

Times Seen3

Size6.1 MB (6149866 bytes)

MD529b96f64b7eee7e0015f695d3b279e5a

SHA15db4cfb020b141f3fe150ed511df04c38b43f7a4

SHA25654ad009b16885e155b767af6179e38aae269c93c252316a35cf33dc3760dc2d2

Certificate Info

IssuerDigiCert Inc

Subject*.phoner.de

Fingerprint8D:F8:3B:CE:69:A7:8F:8D:D4:E0:2E:15:40:DB:5C:E7:57:B1:8A:C9

ValidityTue, 03 Sep 2024 00:00:00 GMT - Thu, 18 Sep 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/69

HTTP Headers

GET /PhonerLite64.zip HTTP/1.1
Host: www.phoner.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/zip
content-length: 6149866
date: Thu, 21 Nov 2024 17:54:40 GMT
server: Apache
last-modified: Mon, 11 Nov 2024 09:01:15 GMT
etag: "5dd6ea-6269f57d63648"
accept-ranges: bytes
X-Firefox-Spdy: h2