Report - github.com/CoolCmd/TestMem5/releases/download/v0.13.1/TestMem5.7z

Report Overview

Visited public
2025-05-12 20:17:37
Tags
URL
github.com/CoolCmd/TestMem5/releases/download/v0.13.1/TestMem5.7z
Finishing URL
about:privatebrowsing
IP / ASN
140.82.121.4
#36459 GITHUB
Title
about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

0

Threat Detection Systems

4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2025-05-07	533 B	43 kB	140.82.121.3
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2025-05-07	968 B	39 kB	185.199.109.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
objects.githubusercontent.com/github-production-release-asset-2e65be/801486332/0c017eee-dfeb-480f-bc8a-09b101d9853e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250512%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250512T201705Z&X-Amz-Expires=300&X-Amz-Signature=8a2e2cd53ca985c760ac25465836466dfbefe469e4c4ebcd7ff710def7a844de&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DTestMem5.7z&response-content-type=application%2Foctet-stream
IP
185.199.109.133
ASN
#54113 FASTLY

File type
7-zip archive data, version 0.4
Size
38 kB (38235 bytes)
Hash
33b12c4e826bb552b0cfd71278960f42
bb10622f460e4c57a3f0c9c459f8bc0f5b1f4903
05ffb5bbaa0c2243bf25664049c7aa3615a77bd5036497ef845fc8ed50128c12

Archive (13)

Filename

Md5

File type

1usmus v3 @ 1usmus.cfg

efac6f62ab869f8a9d11d22e230aa3b2

ASCII text, with CRLF line terminators

Absolut @ anta777.cfg

532a4426416e24e8c58990ac58b6a614

ASCII text, with CRLF line terminators

DDR5 Intel @ anta777.cfg

dae7870e5a4546a8525e470e331a48f9

ASCII text, with CRLF line terminators

DDR5 Ryzen3D @ anta777.cfg

51fb4fe16c0c0a1fd7bd9a132b9b567c

ASCII text, with CRLF line terminators

Default @ serj.cfg

23720a6606bb5ad3236b703d128c557f

ASCII text, with CRLF line terminators

Extreme @ anta777.cfg

5be9357e52d53ade4c444614a87b1a85

ASCII text, with CRLF line terminators

Heavy @ anta777.cfg

b837a509f9fbf073f4c30436e05c3359

ASCII text, with CRLF line terminators

Super Light 2 @ anta777.cfg

b3c9ccbb03020370ee87ccfcb4ae4a33

ASCII text, with CRLF line terminators

Universal 2 @ LMhz.cfg

05391c4412b3a1fc030ac73dc9f589c8

ASCII text, with CRLF line terminators

TestMem5.url

4348a8e61f1de218b07d1cae7928658a

MS Windows 95 Internet shortcut text (URL=<https://github.com/CoolCmd/TestMem5>), ASCII text, with CRLF line terminators

MT0.dll

fee481bfa083210b39d622fc8f2c5b08

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

TM5.dll

41b370234d162d49fb3b9e289ad5a6f3

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

TM5.exe

8318780c1e4ca4e9d903cdd06947b910

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence
VirusTotal	suspicious	VirusTotal - Scan result 5/63

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

github.com/CoolCmd/TestMem5/releases/download/v0.13.1/TestMem5.7z

140.82.121.3

302 Found

38 kB

URL User Request GET
github.com/CoolCmd/TestMem5/releases/download/v0.13.1/TestMem5.7z
IP
140.82.121.3:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT

File type

Size
38 kB (38235 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /CoolCmd/TestMem5/releases/download/v0.13.1/TestMem5.7z HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 12 May 2025 20:17:05 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame,Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/801486332/0c017eee-dfeb-480f-bc8a-09b101d9853e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250512%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250512T201705Z&X-Amz-Expires=300&X-Amz-Signature=8a2e2cd53ca985c760ac25465836466dfbefe469e4c4ebcd7ff710def7a844de&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DTestMem5.7z&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
x-github-request-id: 1C40:1B1B9B:C5DF4:CBD36:68225740
X-Firefox-Spdy: h2

objects.githubusercontent.com/github-production-release-asset-2e65be/801486332/0c017eee-dfeb-480f-bc8a-09b101d9853e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250512%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250512T201705Z&X-Amz-Expires=300&X-Amz-Signature=8a2e2cd53ca985c760ac25465836466dfbefe469e4c4ebcd7ff710def7a844de&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DTestMem5.7z&response-content-type=application%2Foctet-stream

185.199.109.133

200 OK

38 kB

URL User Request GET
objects.githubusercontent.com/github-production-release-asset-2e65be/801486332/0c017eee-dfeb-480f-bc8a-09b101d9853e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250512%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250512T201705Z&X-Amz-Expires=300&X-Amz-Signature=8a2e2cd53ca985c760ac25465836466dfbefe469e4c4ebcd7ff710def7a844de&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DTestMem5.7z&response-content-type=application%2Foctet-stream
IP
185.199.109.133:443
ASN
#54113 FASTLY

Certificate
IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT

File type
7-zip archive data, version 0.4
Size
38 kB (38235 bytes)
Hash
33b12c4e826bb552b0cfd71278960f42
bb10622f460e4c57a3f0c9c459f8bc0f5b1f4903
05ffb5bbaa0c2243bf25664049c7aa3615a77bd5036497ef845fc8ed50128c12

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 5/63

HTTP Headers

GET /github-production-release-asset-2e65be/801486332/0c017eee-dfeb-480f-bc8a-09b101d9853e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250512%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250512T201705Z&X-Amz-Expires=300&X-Amz-Signature=8a2e2cd53ca985c760ac25465836466dfbefe469e4c4ebcd7ff710def7a844de&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DTestMem5.7z&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 09 Jul 2024 16:37:29 GMT
etag: "0x8DCA0356C460E0A"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c0d61ba5-e01e-006f-5420-13eba6000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 09 Jul 2024 16:37:29 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=TestMem5.7z
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
date: Mon, 12 May 2025 20:17:05 GMT
age: 6076
x-served-by: cache-iad-kiad7000028-IAD, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 1087, 1
x-timer: S1747081025.263875,VS0,VE2
content-length: 38235
X-Firefox-Spdy: h2