Report - spdflashtool.com/wp-content/uploads/SPD_Factory_Tool

Report Overview

Visited public
2025-01-25 17:40:55
Tags
Submit Tags
URL
spdflashtool.com/wp-content/uploads/SPD_Factory_Tool_R25.20.3901.zip
Finishing URL
about:privatebrowsing
IP / ASN
104.21.38.140
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
spdflashtool.com	398889	2016-06-26	2016-08-13	2025-01-21	522 B	9.9 MB	172.67.223.46

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
spdflashtool.com/wp-content/uploads/SPD_Factory_Tool_R25.20.3901.zip
IP
172.67.223.46
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
9.9 MB (9872626 bytes)
Hash
1fa5fb0ae19a60fc415892d1451fd3a8
a0be0784868a1d62050ec8484dd95aefbf961f49
7dcfaac34f6ba0485fb27e96145c83c814461f14ebc4c5fc5a3a865f94974abe

Archive (34)

Filename

Md5

File type

7z.dll

3804a90729d2e2339c8e1e5899dfc840

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

7z.exe

096442ee840396e1f33492c3e464169b

PE32 executable (console) Intel 80386, for MS Windows, 6 sections

BinPack.ini

71737f2d7153223e89d104651b96cf01

ASCII text, with CRLF line terminators

BMAConfig.xml

2949fd78843d0eb1679fe9422c328500

XML 1.0 document, ASCII text, with CRLF line terminators

BMAFrame9.dll

fc5c3516b81459899bb974523349d275

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

BMError.ini

5beb1c42f4f1b040890ce10ad960345e

ASCII text, with CRLF line terminators

BMFileType.ini

04d9009d1a0448e2b2d78552a638247c

Generic INItialization configuration [FDL1]

BMPlatform9.dll

947a2aa9ba83752bbaac2bd7805921de

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

BMTimeout.ini

1a4d26057e8f9c0313b9cb8d88bc41b3

Generic INItialization configuration [Interval]

Channel.ini

e890f609e984093f66d4facd171cc10d

Generic INItialization configuration [Settings]

Channel9.dll

1c69f3c9c42565c385dbfa17e4066d1f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

CmdDloader.exe

31e33346710a3e13e502ee0eaf42f5ed

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

CmdDloader.ini

13eab93bc39065d34126b3fcc52e0e0f

ASCII text, with CRLF line terminators

Codec.dll

3ddd550c085c3f7310da65c255ab81cc

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Credits.txt

0d214efa1ebef8c18ae64d2ce971ba49

ASCII text, with CRLF line terminators

Download Latest Version.url

ec6ca90ec1744d91b6b63497e309b010

Generic INItialization configuration [InternetShortcut]

Download.url

e85316fd8894e3517f2eac144995bb2b

Generic INItialization configuration [InternetShortcut]

FactoryDownload.exe

b4f8917feb0fff4ce6f2ffe26e3f2e8a

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

FactoryDownload.ini

d8fb93d8f4dd7d2385699457944c192b

Generic INItialization configuration [Selection]

fdl_bkmark.bmp

5f1731c55145d0ab066a7c1febc3e9b2

PC bitmap, Windows 3.x format, 230 x 55 x 32, resolution 2834 x 2834 px/m, cbSize 50656, bits offset 54

How to Use.url

52549c364116c48604f0dc97f6476503

Generic INItialization configuration [InternetShortcut]

iSpLog.dll

6cd1dba68e925d6ceb8b9ec4e8fb315a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

iSpLog.ini

23ceee71fc43f10b24713c1c42e6dfa6

Generic INItialization configuration [Options]

LiveUpdatesDLL.dll

cc2b0edbd232c57c18b6b7f7e5a31492

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

LiveUpdatesDLL.ini

45ea13c524102a0a661815104ab1efb0

Generic INItialization configuration [FileList]

MCPType.ini

5df0b73cf62004b32762f901808197a7

Generic INItialization configuration [MCPTypeList]

PhaseCheck.ini

5e499353af8ee3087022c3432a4afa3b

Windows setup INFormation

PortHound.dll

faad38019b339a9f587f0e71b82b4086

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ProcessFlow.dll

d2e3cb578e4db231417684ac4f0134dd

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ProcessFlowSetting.ini

b3ffc8f1362456ea1817e95211480ef3

Generic INItialization configuration [SERVER]

SecBinPack9.dll

4dd4642e694b11e0762cfc4ce0f65416

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Sparce2Raw.dll

30cade7da2e1615011cdbda8288351f4

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

SprdMes.ini

9125a935ff559690f85acb10a600547c

ASCII text, with CRLF line terminators

SprdMesApp.dll

74b68d5f7739f6ea8d4ff3fadecf8016

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	GET spdflashtool.com/wp-content/uploads/SPD_Factory_Tool_R25.20.3901.zip	172.67.223.46	200 OK	9.9 MB
URL User Request GET HTTP/2 spdflashtool.com/wp-content/uploads/SPD_Factory_Tool_R25.20.3901.zip IP 172.67.223.46:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectspdflashtool.com Fingerprint6C:07:AA:01:30:B3:F8:9F:27:30:66:7B:AF:1E:40:CF:E5:86:00:1E ValidityMon, 16 Dec 2024 11:35:42 GMT - Sun, 16 Mar 2025 12:34:16 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 9.9 MB (9872626 bytes) Hash 1fa5fb0ae19a60fc415892d1451fd3a8 a0be0784868a1d62050ec8484dd95aefbf961f49 7dcfaac34f6ba0485fb27e96145c83c814461f14ebc4c5fc5a3a865f94974abe HTTP Headers GET /wp-content/uploads/SPD_Factory_Tool_R25.20.3901.zip HTTP/1.1 Host: spdflashtool.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Sat, 25 Jan 2025 17:40:27 GMT content-type: application/zip content-length: 9872626 etag: "96a4f2-662388c0-c4685;;;" last-modified: Sat, 20 Apr 2024 09:20:00 GMT x-turbo-charged-by: LiteSpeed cache-control: max-age=14400 cf-cache-status: HIT age: 13 accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=haJg%2B5XBCSQVw2NDPQ6dk%2BIOYSPOZTGcqqvKeyRnkHQCURfihUIczBnqW5vQIE8w2b1bAaPORFMBwBtMdOzeJ4thPLBeWayrKi16%2B4rcx4NmepfpLHYZTYlIaGdvq%2FHP1mZ1"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding strict-transport-security: max-age=15552000; includeSubDomains; preload x-content-type-options: nosniff server: cloudflare cf-ray: 907a0c65ef350b02-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=500&min_rtt=460&rtt_var=128&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3212&recv_bytes=1154&delivery_rate=7121311&cwnd=253&unsent_bytes=0&cid=cb16d8efab7b82dc&ts=31&x=0" X-Firefox-Spdy: h2

GET spdflashtool.com/wp-content/uploads/SPD_Factory_Tool_R25.20.3901.zip

172.67.223.46

200 OK

9.9 MB

URL User Request GET HTTP/2
spdflashtool.com/wp-content/uploads/SPD_Factory_Tool_R25.20.3901.zip
IP
172.67.223.46:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectspdflashtool.com
Fingerprint6C:07:AA:01:30:B3:F8:9F:27:30:66:7B:AF:1E:40:CF:E5:86:00:1E
ValidityMon, 16 Dec 2024 11:35:42 GMT - Sun, 16 Mar 2025 12:34:16 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
9.9 MB (9872626 bytes)
Hash
1fa5fb0ae19a60fc415892d1451fd3a8
a0be0784868a1d62050ec8484dd95aefbf961f49
7dcfaac34f6ba0485fb27e96145c83c814461f14ebc4c5fc5a3a865f94974abe

HTTP Headers

GET /wp-content/uploads/SPD_Factory_Tool_R25.20.3901.zip HTTP/1.1
Host: spdflashtool.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Jan 2025 17:40:27 GMT
content-type: application/zip
content-length: 9872626
etag: "96a4f2-662388c0-c4685;;;"
last-modified: Sat, 20 Apr 2024 09:20:00 GMT
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: HIT
age: 13
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=haJg%2B5XBCSQVw2NDPQ6dk%2BIOYSPOZTGcqqvKeyRnkHQCURfihUIczBnqW5vQIE8w2b1bAaPORFMBwBtMdOzeJ4thPLBeWayrKi16%2B4rcx4NmepfpLHYZTYlIaGdvq%2FHP1mZ1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 907a0c65ef350b02-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=500&min_rtt=460&rtt_var=128&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3212&recv_bytes=1154&delivery_rate=7121311&cwnd=253&unsent_bytes=0&cid=cb16d8efab7b82dc&ts=31&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (34)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers