Report - 01xitong.com/xiazai/xiaobai-3-v140.exe

Report Overview

Visitedpublic

2025-04-24 16:50:37

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
01xitong.com	unknown	unknown	No data	No data	506 B	2.3 MB	175.6.201.25
www.01xitong.com	unknown	unknown	No data	No data	510 B	2.3 MB	111.7.103.12

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-04-24	medium	www.01xitong.com/xiazai/xiaobai-3-v140.exe	Detect pe file that no import table

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

www.01xitong.com/xiazai/xiaobai-3-v140.exe

IP / ASN

111.7.103.12

#9808 China Mobile Communications Group Co., Ltd.

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

Size2.3 MB (2260510 bytes)

MD51794a388b911ca6ff04d9c01f5193519

SHA160b4da5aec5a3f5ba44fb24d353c8e416d123928

SHA25650f8faef542b57c4b782ec9329dacf8728d7855a4e93520034a433355e2ff3e8

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

GET 01xitong.com/xiazai/xiaobai-3-v140.exe

175.6.201.25

301 Moved Permanently

2.3 MB

URL User Request GET HTTPS

01xitong.com/xiazai/xiaobai-3-v140.exe

IP / ASN

175.6.201.25

#63838 Hengyang

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-10

Times Seen5753553

Size2.3 MB (2260510 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerTrustAsia Technologies, Inc.

Subject01xitong.com

FingerprintDF:CC:55:BE:EE:05:07:48:5E:6A:09:CA:10:98:34:76:DF:7A:41:48

ValidityTue, 04 Mar 2025 00:00:00 GMT - Mon, 02 Jun 2025 23:59:59 GMT

HTTP Headers

GET /xiazai/xiaobai-3-v140.exe HTTP/1.1
Host: 01xitong.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: Byte-nginx
Content-Type: text/html
Content-Length: 194
Connection: keep-alive
Date: Thu, 24 Apr 2025 16:50:06 GMT
Location: https://www.01xitong.com/xiazai/xiaobai-3-v140.exe
Via: cache58.yzmp,cache07.hyct
X-Bdcdn-Cache-Status: TCP_MISS,TCP_MISS
X-Request-Id: a28365080d91e695321afbfda33c90ab
X-Request-Ip: 91.90.42.154
X-Response-Cache: miss
X-Response-Cinfo: 91.90.42.154
X-Tt-Trace-Tag: id=5

GET www.01xitong.com/xiazai/xiaobai-3-v140.exe

111.7.103.12

200 OK

2.3 MB

URL User Request GET HTTPS

www.01xitong.com/xiazai/xiaobai-3-v140.exe

IP / ASN

111.7.103.12

#9808 China Mobile Communications Group Co., Ltd.

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

First Seen2025-04-24

Last Seen2025-04-24

Times Seen1

Size2.3 MB (2260510 bytes)

MD51794a388b911ca6ff04d9c01f5193519

SHA160b4da5aec5a3f5ba44fb24d353c8e416d123928

SHA25650f8faef542b57c4b782ec9329dacf8728d7855a4e93520034a433355e2ff3e8

Certificate Info

IssuerTrustAsia Technologies, Inc.

Subjectwww.01xitong.com

Fingerprint1E:F6:5E:D7:EF:0A:06:06:A6:66:F2:AD:D0:20:16:F1:D5:F1:63:E0

ValidityTue, 04 Mar 2025 00:00:00 GMT - Mon, 02 Jun 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table

HTTP Headers

GET /xiazai/xiaobai-3-v140.exe HTTP/1.1
Host: www.01xitong.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Byte-nginx
Content-Type: application/octet-stream
Content-Length: 34181120
Connection: keep-alive
Accept-Ranges: bytes
Age: 42393
Etag: "68031bd1-2099000"
Last-Modified: Sat, 19 Apr 2025 03:43:13 GMT
X-Bdcdn-Cache-Status: TCP_HIT
X-Request-Id: bab043e505716b4cbfb414722a29168d
X-Request-Ip: 91.90.42.154
X-Response-Cache: edge_hit
X-Response-Cinfo: 91.90.42.154
X-Tt-Trace-Tag: id=5
Date: Thu, 24 Apr 2025 16:50:08 GMT
via: cache26.zzcm13