Report - files.softpaz.com/software/dsfok-dariusz-stanislawek/32/dsfok-dariusz-stanislawek.zip

Report Overview

Visited public
2025-05-06 02:58:12
Tags
URL
files.softpaz.com/software/dsfok-dariusz-stanislawek/32/dsfok-dariusz-stanislawek.zip
Finishing URL
about:privatebrowsing
IP / ASN
144.76.184.2
#24940 Hetzner Online GmbH
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
files.softpaz.com	unknown	unknown	No data	No data	553 B	79 kB	144.76.184.2

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
files.softpaz.com/software/dsfok-dariusz-stanislawek/32/dsfok-dariusz-stanislawek.zip
IP
144.76.184.2
ASN
#24940 Hetzner Online GmbH

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
78 kB (78208 bytes)
Hash
b5dea5c91451621fe1af1c7e5d571b27
4dd1282484a8866e5daf51a629ff942beedab9b2
3b74669eca5593e1877912ebb69fc528fb2b2f3e7c645b17b508d67fac380d1b

Archive (17)

Filename

Md5

File type

dsfi.exe

ac6452d574385b83841428f3acec5160

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections

rsz.exe

68c05d18ab28a737eae68ee29d6143e1

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections

fsz.exe

809b77937d06dad8e4dc40288e2b72c3

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections

esd.exe

86c225b75bceadb782cd8da00da6275a

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections

dsfo.exe

f3893a14cdac3abf90cd05ecfc190886

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections

Flip_nfo.txt

8d3fc5eb91b25f574cd1765104d0b290

ASCII text, with CRLF line terminators

Flip.exe

97b95e7b2ac564c05376108562336d2e

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections

dsmask.exe

008650208aaf2d3db85eeed3bcaff93e

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections

dsbind.exe

6b268291b2927bb530089758416085c1

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections

readme.txt

2820ee40a941a149ec24fdd6b370e09c

ASCII text, with CRLF line terminators

DOS Prompt Here NT.inf

ccec9b2883f8d797f6368feae3d1431f

Windows setup INFormation

vlm.exe

c12a0d91303d7f7fed7b1530498f818e

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections

dsfo.exe

4501498415fcd972511d59c94255694e

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections

flip.exe

90753210eecaee62344c712608a53705

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections

msk.exe

c30d614677541d0dfe8706f36a9f3e3f

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections

eds.exe

ee8fe85a11cd9354f3a28494ab4f3a22

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections

xdl.exe

a88d53bb7042d7ceb6b7beb954d0be72

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Public Nextron YARA rules	malware	Detects an XORed URL in an executable
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Public Nextron YARA rules	malware	Detects an XORed URL in an executable
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Public Nextron YARA rules	malware	Detects an XORed URL in an executable
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
VirusTotal	suspicious	VirusTotal - Scan result 7/67

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

files.softpaz.com/software/dsfok-dariusz-stanislawek/32/dsfok-dariusz-stanislawek.zip

144.76.184.2

200 OK

78 kB

URL User Request GET
files.softpaz.com/software/dsfok-dariusz-stanislawek/32/dsfok-dariusz-stanislawek.zip
IP
144.76.184.2:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectfiles.softpaz.com
FingerprintF1:05:1F:28:00:F4:D1:DB:66:6E:8D:FD:48:66:1E:57:D4:1C:90:E5
ValidityWed, 26 Feb 2025 11:57:02 GMT - Tue, 27 May 2025 11:57:01 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
78 kB (78208 bytes)
Hash
b5dea5c91451621fe1af1c7e5d571b27
4dd1282484a8866e5daf51a629ff942beedab9b2
3b74669eca5593e1877912ebb69fc528fb2b2f3e7c645b17b508d67fac380d1b

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 7/67

HTTP Headers

GET /software/dsfok-dariusz-stanislawek/32/dsfok-dariusz-stanislawek.zip HTTP/1.1
Host: files.softpaz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-disposition: attachment; filename="dsfok-dariusz-stanislawek.zip"
etag: "13180-58a7bec5-809013e;;;"
last-modified: Sat, 18 Feb 2017 03:25:57 GMT
content-type: application/zip
content-length: 78208
accept-ranges: bytes
date: Tue, 06 May 2025 02:57:40 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (17)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers