Report - download.winandoffice.com/Volume/office/2024/PT/Office_2024_PT

Report Overview

Visitedpublic

2025-01-14 01:18:20

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
download.winandoffice.com	unknown	2019-10-14	2020-09-11	2025-01-11	527 B	2.9 MB	199.85.209.82

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-01-14	medium	download.winandoffice.com/Volume/office/2024/PT/Office_2024_PT_64Bits.exe	Detects an SFX archive with automatic script execution

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

download.winandoffice.com/Volume/office/2024/PT/Office_2024_PT_64Bits.exe

IP / ASN

199.85.209.82

#22612 NAMECHEAP-NET

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

Size2.9 MB (2941216 bytes)

MD54bf723b056ad9203ad0d2c916f33c361

SHA122d61038d3d40c8971ce8220a1b09428dddd80fe

SHA25631a28ad7b513318790cdb875ea8bda8c0b9f4662bc909c06fea27c0c270414da

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects an SFX archive with automatic script execution
VirusTotal	suspicious	VirusTotal - Scan result 1/70

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET download.winandoffice.com/Volume/office/2024/PT/Office_2024_PT_64Bits.exe

199.85.209.82

200 OK

2.9 MB

URL

download.winandoffice.com/Volume/office/2024/PT/Office_2024_PT_64Bits.exe

IP / ASN

199.85.209.82

#22612 NAMECHEAP-NET

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

First Seen2025-01-14

Last Seen2025-05-26

Times Seen3

Size2.9 MB (2941216 bytes)

MD54bf723b056ad9203ad0d2c916f33c361

SHA122d61038d3d40c8971ce8220a1b09428dddd80fe

SHA25631a28ad7b513318790cdb875ea8bda8c0b9f4662bc909c06fea27c0c270414da

Certificate Info

IssuerLet's Encrypt

Subjectdownload.winandoffice.com

FingerprintE2:37:6D:0A:B5:D2:60:DF:C6:47:42:24:1A:23:38:7B:CA:7D:D6:E9

ValiditySun, 05 Jan 2025 21:30:48 GMT - Sat, 05 Apr 2025 21:30:47 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects an SFX archive with automatic script execution
VirusTotal	suspicious	VirusTotal - Scan result 1/70

HTTP Headers

GET /Volume/office/2024/PT/Office_2024_PT_64Bits.exe HTTP/1.1
Host: download.winandoffice.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jan 2025 01:17:55 GMT
Content-Type: application/octet-stream
Content-Length: 2941216
Last-Modified: Sat, 28 Sep 2024 18:42:54 GMT
Connection: keep-alive
ETag: "66f84e2e-2ce120"
Accept-Ranges: bytes