Report - d1.udashi.com/soft/xzgj/3839/%E6%85%95%E8%AF%BE%E7%BD%91%E8%A7%86%E9%A2%91%E8%A7%A3%E6%9E%90%E5%B7%A5%E5%85%B7

Report Overview

Visitedpublic

2024-02-08 12:25:26

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
d1.udashi.com	unknown	2012-07-30	2016-03-30 20:11:50	2024-02-07 15:32:56	489 B	1.7 MB	61.243.13.103

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-02-08 12:25:04	high	61.243.13.103	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP
2024-02-08 12:25:04	low	61.243.13.103	Client IP	ET INFO EXE - Served Attached HTTP

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-02-08	medium	d1.udashi.com/soft/xzgj/3839/%E6%85%95%E8%AF%BE%E7%BD%91%E8%A7%86%E9%A2%91%E8%A7%A3%E6%9E%90%E5%B7%A5%E5%85%B7_2015.exe	meth_get_eip

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

d1.udashi.com/soft/xzgj/3839/%E6%85%95%E8%AF%BE%E7%BD%91%E8%A7%86%E9%A2%91%E8%A7%A3%E6%9E%90%E5%B7%A5%E5%85%B7_2015.exe

IP / ASN

61.243.13.103

#4837 CHINA UNICOM China169 Backbone

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Size1.7 MB (1724416 bytes)

MD531ad360b106bdc1e2e55073f1412fac4

SHA1a67c373f3f6a4c03e2e018c3ae5065e8f8a041d9

SHA25625914a593caf810eb419371a0510b45ada39a19f34c3a2e96cfc87e4df555375

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	malicious	VirusTotal - Scan result 57/72

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET d1.udashi.com/soft/xzgj/3839/%E6%85%95%E8%AF%BE%E7%BD%91%E8%A7%86%E9%A2%91%E8%A7%A3%E6%9E%90%E5%B7%A5%E5%85%B7_2015.exe

61.243.13.103

200 OK

1.7 MB

URL

d1.udashi.com/soft/xzgj/3839/%E6%85%95%E8%AF%BE%E7%BD%91%E8%A7%86%E9%A2%91%E8%A7%A3%E6%9E%90%E5%B7%A5%E5%85%B7_2015.exe

IP / ASN

61.243.13.103

#4837 CHINA UNICOM China169 Backbone

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

First Seen2023-04-08

Last Seen2024-08-21

Times Seen141

Size1.7 MB (1724416 bytes)

MD531ad360b106bdc1e2e55073f1412fac4

SHA1a67c373f3f6a4c03e2e018c3ae5065e8f8a041d9

SHA25625914a593caf810eb419371a0510b45ada39a19f34c3a2e96cfc87e4df555375

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	malicious	VirusTotal - Scan result 57/72
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP
suricata	low	ET INFO EXE - Served Attached HTTP

HTTP Headers

GET /soft/xzgj/3839/%E6%85%95%E8%AF%BE%E7%BD%91%E8%A7%86%E9%A2%91%E8%A7%A3%E6%9E%90%E5%B7%A5%E5%85%B7_2015.exe HTTP/1.1
Host: d1.udashi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Wed, 30 Nov 2016 10:12:22 GMT
Etag: a67c373f3f6a4c03e2e018c3ae5065e8f8a041d9
Content-Type: application/x-msdownload
Content-Disposition: attachment; filename*="UTF-8''%E6%85%95%E8%AF%BE%E7%BD%91%E8%A7%86%E9%A2%91%E8%A7%A3%E6%9E%90%E5%B7%A5%E5%85%B7_2015.exe"
Content-Length: 1724416
Accept-Ranges: bytes
X-NWS-LOG-UUID: 10517049927572415466
Connection: keep-alive
Server: Lego Server
Date: Thu, 08 Feb 2024 12:25:03 GMT
X-Cache-Lookup: Cache Hit