Report - computers-lab.ru/files/winUSB.zip

Report Overview

Visited public
2024-03-30 08:59:42
Tags
URL
computers-lab.ru/files/winUSB.zip
Finishing URL
about:privatebrowsing
IP / ASN
45.130.41.29
#198610 Beget LLC
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
computers-lab.ru	unknown	2011-02-06	2012-07-12 09:29:08	2024-02-16 00:36:21	487 B	5.9 MB	45.130.41.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
computers-lab.ru/files/winUSB.zip
IP
45.130.41.29
ASN
#198610 Beget LLC

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
5.9 MB (5882759 bytes)
Hash
30e188e1749116c19426124f5d139ba8
a281da2c5b3155900c85e39aba470fcd0830e0ab
070af8b4afe25cf13d091985b70f1864f7c8f018b91ddb2a55b3ce903aea89a9

Archive (131)

Filename

Md5

File type

bootlace.com

d81e75a4c9efec40d63aa3b5a597c19d

ELF 32-bit

1.lst

34307d5e7f76473164708d2fff36cb8f

ASCII text, with CRLF line terminators

10.lst

176fadf821922588c64070e73c010231

ASCII text, with CRLF line terminators

2.lst

b4909741ec4c21050a55fa5d73566615

ASCII text, with CRLF line terminators

3.lst

75725e2d48e5d090a8c6dab82b3dfb34

ASCII text, with CRLF line terminators

4.lst

5a3407012e7e7ba581b04169c1f01f17

ASCII text, with CRLF line terminators

5.lst

55f8a576c06f40c46c92aa2b7b7be22b

ASCII text, with CRLF line terminators

6.lst

afdd4f3e8fd92fb9bc03b228ad334dc2

ASCII text, with CRLF line terminators

7.lst

c8ca97c5dfd096eeb3230b2d7f4733af

ASCII text, with CRLF line terminators

8.lst

78f75c8028e28a0f767621f9edc960c0

ASCII text, with CRLF line terminators

9.lst

52c9ca79d0fcf7b0251bdd5417628e8e

ASCII text, with CRLF line terminators

fd.lst

daf86a1b3ed1baacb6de792144726f23

ASCII text, with CRLF line terminators

ChangeLog_chenall.txt

d099099b30d816e81f9f901d28b738d9

Unicode text, UTF-8 text, with CRLF line terminators

ChangeLog_GRUB4DOS.txt

fc7e6c450354a678dde27b84095e30a3

ASCII text, with CRLF line terminators

default

344216a3d5b7ca4931468c46d2c91988

data

fbinst.exe

fe7dfb59807db9b5f73449ea782a32a3

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 5 sections

grldr

754179e6628c4ce6ddd98113eb53ebe2

DOS executable (COM), start instruction 0xeb3e8005 2039ffff

grldr-0-4-4

fcec9e82177c23864a91d896aef261df

DOS executable (COM), start instruction 0xeb3e8005 2039ffff

grldr.mbr

e7d4851a3578fcc656d0195f43651b0e

DOS/MBR boot sector

grub.exe

8ae36a230b97f775096811e8e5d73af9

Linux kernel x86 boot executable bzImage, version 2.6.13.1 (mdv@localhost) #1 Tue Sep 13 18:18:41 CST 2005, RO-rootFS, Normal VGA

grubinst.exe

72046f7aece80c67622cd97a27c89edd

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 5 sections

grubinst_gui.exe

266d81485e237c8dbf09a5176b15ab25

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 6 sections

grubinst_switches.txt

de88c9cd8573fc10ed0a5631532d1b68

ASCII text, with CRLF, LF line terminators

menu.lst

7678376c039175fba9686b8fd22f5cde

ASCII text, with CRLF line terminators

README_GRUB4DOS.txt

a274cb4846eb0965c4264a98efb42167

ASCII text, with CRLF line terminators

readme_grubinst.txt

0c3ec9e45310c8cdf9bbfbc6291b7eac

ASCII text, with CRLF line terminators

touchdrv.exe

01d33d5c6fe767e70ecd51fdf3fe878a

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 5 sections

ubcd4win.lst

04361b29d12f5faae35ad48cad3c4b85

ASCII text, with CRLF line terminators

usbdrive.tag

d41d8cd98f00b204e9800998ecf8427e

windefault

344216a3d5b7ca4931468c46d2c91988

data

winsetup.lst

8dfe7d1a49847cbcc68508950bae87cf

ASCII text, with CRLF line terminators

doNOTuseOnX64systems

d41d8cd98f00b204e9800998ecf8427e

DRVLOAD.EXE

c99a49215382177c560bd20327c7ffef

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

DRVLOAD.txt

1187899c466791ca132e0e9f62e1c7d4

ASCII text, with CRLF line terminators

dummydisk.sys

ee113269e49378710c96c5d1a6a3b438

PE32 executable (native) Intel 80386, for MS Windows, 5 sections

InstallStartDummyDisk.cmd

ace20f78894ae408d2eedf2036cc0e46

ASCII text, with CRLF line terminators

StopRemoveDummyDisk.cmd

a5d84d2c2dcc02b146dfad020790c1c6

ASCII text, with CRLF line terminators

bios.bin

44f7cd8f0dbac51baf35f5b4b4073d0f

data

fmod.dll

b8d0cce2ca1cc850c8c6f25a70d855e6

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

348102c7b22ab019db070bbe4782c058

ASCII text

common

119caeda61e0a7e48fd8c40a1ecf3f22

ASCII text

bd8fce58db92e610e58f6db28e983803

ASCII text

51a2b743c26719582d0e6a544d440651

ASCII text

de-ch

c1cd5c0fec0042556bbbc5679b9b6a0e

ASCII text

en-gb

3b25265e9841f6496ecdf0e8de52dda6

ASCII text

en-us

cfb9f43071f8043fabdcb510cc03823d

ASCII text

e3a53dc94314db592b2a58e3f0421219

ASCII text

c4c45dd30156cfa034e553afb59c260f

ASCII text

befdb7f17787df2c71fea6b594264665

ASCII text

d0c2b85190088a0e9f216a66fc9a836c

ASCII text

9f4cfcea9bcda36dcc3798d6b36c763a

ASCII text

fr-be

7ed395e3727f40040edd7500f6ba3ab9

ASCII text

fr-ca

d7efb654d7716155a03f5ef7e3de8974

ASCII text

fr-ch

f263af30b77214bd31075a8eab0c4d8a

ASCII text

6c6e3d5ab3d790bbf69f7b45f128c82d

ASCII text

f7b983dfbea84fc572dd4d5b4b4761f6

ASCII text

ff70d9dde291643cf3df24752c5a1cf2

ISO-8859 text

01309cbea6c8a9f9e8b73b3ea6279693

ASCII text

92ed969bde477ed77b7de93566d990d8

ASCII text

8ae26ec163397324edd9daf4ae0e3fc3

ASCII text

1def2f650c3907928c9f8b435ea773e0

ASCII text

2f32fb94d8d6152fd93cdf6a7beda64e

ASCII text

modifiers

20e46528eb0efded14e390db5e08bceb

ASCII text

9f48db9c42d503ec2b2761437f857dfa

ASCII text

nl-be

b667baa4c0743fe1cadba6d090b2cd83

ASCII text

01b3a19042cee7418ddf9d6a76d3e7a7

ASCII text

afc7b8dfcc0a58352fb7cc0c741fdfe7

ASCII text

992f51605dab5cfea7edebe70fe3e691

ASCII text

pt-br

b5f7190ba8b16d437447db719f2dc73f

ASCII text

d67dbf445ded048e9d231ca8e845fc13

ASCII text

dc7d7dc1ecb55c119f61a5fd52b6de39

ASCII text

ed2f7b52f81bd5fedd923f0737b139f7

ASCII text

140fdef82ae4079d600136da3f8288df

ASCII text

9d03bb64b58e924ed1baa22de63cbab7

ASCII text

libusb0.dll

b290325425b4004da6ac2e4ccd8b9f72

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 3 sections

LICENSE

b2bbb258ed2f33eb468aa2eb4c5adb3b

ASCII text

README-SDL.txt

13911ca3c926fc64780f9b8b7777a322

ASCII text

README.TXT

0e045f530a0b0655f857fee1a20fa14e

ISO-8859 text, with CRLF line terminators

qemu-system-x86_64.exe

2747247fe2dbc93d07dbf5d292b926fa

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 5 sections

qemu-x86_64.bat

63b0fbc95ccc40dc0524c72b66b84bb6

ASCII text, with CRLF line terminators

README-en.txt

2e8017f838bdca18874eac4fe51b803e

ASCII text, with CRLF line terminators

SDL.dll

31d86c35370d215a8ed12279cdccc88f

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections

StartFromUSB.bat

2533d1f774ab64dd23ff28a8322fd512

ASCII text, with no line terminators

test.img

cdc3658738b32c591e8ab49586697dfa

DOS/MBR boot sector, code offset 0x3c+2, OEM-ID "MSDOS5.0", reserved sectors 4, root entries 512, sectors 1953 (volumes <=32 MB), Media descriptor 0xf8, sectors/FAT 6, sectors/track 63, heads 1, hidden sectors 1, serial number 0xf0052436, unlabeled, FAT (12 bit)

vgabios-cirrus.bin

c9c90eb336f1ea1402a99c0e2993b1c3

BIOS (ia32) ROM Ext. IBM comp. Video (69*512) jmp 0x00ed

vgabios.bin

5773c09d18c8196ad41ffc26837010b8

BIOS (ia32) ROM Ext. IBM comp. Video (74*512) jmp 0x00ed

syslinux.exe

8d577529fcffadd0c70219b96f5488ae

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 5 sections

syslinux_old.exe

c1af92c7ec8bae703d57286d7244c703

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 5 sections

Thumbs.db

4c0b1e30b71d685f512c357a08b5b613

Composite Document File V2 Document, Cannot read section info

BOOTICE.EXE

a435dd9e89041c33a2e167fa955ac0c4

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

BOOTICE_0.75.EXE

c711472fe435696af0ea504f1132aac4

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

cygwin1.dll

af9801d354c3aed2a14034d7da2a949c

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 12 sections

DFHL.exe

5dd0ce747bcb9c54901d22b37b156736

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

DFHLlicense.txt

eb723b61539feef013de476e68b5c50a

ASCII text

HDHacker.exe

a032148c6cf693739069d4aa380d0c6f

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

HPUSBFW.EXE

42dfbeee4823e5e01ccb869333ae8d5e

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

mkisofs.exe

4774cd8145089bb1b9b3f27aa5d7ba7d

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 5 sections

MSVBVM60.DLL

f28eb5cbc3ca6d8c787f09f047d1f9c8

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 5 sections

PeToUSB.exe

0eda5fc6747e3a2fa128a791137186e0

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

PeToUSB.ini

c620a4a91ee6e5f017066d4b55fc05ce

ASCII text, with very long lines (697), with CRLF line terminators

plpbt.bin

2f9c97e5f66714a677d3bc6c6faf6436

Linux kernel x86 boot executable zImage, RW-rootFS,

Readme_RMPrepUSB.txt

6adf65a379790840a5866fa5fa746c8b

ASCII text, with CRLF line terminators

RMBootSect.txt

acf914e8b3b659d5cd06e4cf309344df

ASCII text, with CRLF line terminators

RMPARTUSB.exe

245098c4374120785a24868fcd81ce11

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

RMPARTUSB.exe.manifest

905729481037d2a6c2da34df570d381b

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

RMPartUSB.txt

a7e38ef77bad89701c16ec4154f0fcda

ASCII text, with CRLF line terminators

RMPrepUSB and RM Connect.pdf

e06d49151ddcb7383f8f048bdb7259b7

PDF document, version 1.4, 6 pages

RMPREPUSB.exe

440776b7ad0051c636138a1624dd15cd

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

RMPREPUSB.exe.manifest

af06eb778202a5a8ff25091ca480f160

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

RMPrepUSB.pdf

194cec6405dbfacac064155d9e3dc1df

PDF document, version 1.4, 13 pages

sync.exe

2c2adea7e93e689806a9a32059d7f641

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

SyncEula.txt

d22ff2cc70fa2eec94aaa6c6f49e6eb0

Non-ISO extended-ASCII text, with very long lines (518), with CRLF line terminators

mkisofs.exe

4774cd8145089bb1b9b3f27aa5d7ba7d

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 5 sections

MNT.EXE

949a7f297f35d3c067352b9b47f7cca2

PE32 executable (console) Intel 80386, for MS Windows, 6 sections

setup.ex_

6b15595359a3f5ce67e69d8ebd3c411d

Microsoft Cabinet archive data, Windows 2000/XP setup, 4635 bytes, 1 file, at 0x2c last modified Sun, Dec 05 2009 19:38:36 +A "setup.exe", number 1, 1 datablock, 0x1 compression

setup_dbg.ex_

612df3c2ab73ed6a3b66f67b89b312d2

Microsoft Cabinet archive data, Windows 2000/XP setup, 4640 bytes, 1 file, at 0x2c last modified Sun, Dec 05 2009 19:38:36 +A "setup_dbg.exe", number 1, 1 datablock, 0x1 compression

setup.ex_

c169f9c6f08fd57f71c8d8b5e64b3dd3

Microsoft Cabinet archive data, Windows 2000/XP setup, 2501 bytes, 1 file, at 0x2c last modified Sun, Dec 05 2009 19:38:50 +A "setup.exe", number 1, 1 datablock, 0x1 compression

setup_dbg.ex_

b2457f9b4f047a1d45a3569a27762218

Microsoft Cabinet archive data, Windows 2000/XP setup, 2505 bytes, 1 file, at 0x2c last modified Sun, Dec 05 2009 19:38:50 +A "setup_dbg.exe", number 1, 1 datablock, 0x1 compression

setup.c

a128c6a2cfd16b531ea9d7bb24a9f0d8

C source, ASCII text, with CRLF line terminators

setup.cmd

dee54fa01d4eaae2560610ae42e8c158

ASCII text, with CRLF line terminators

SETUP.EX_

36d2b4890355c96d9d0d8766d8ada5d4

Microsoft Cabinet archive data, Windows 2000/XP setup, 13614 bytes, 1 file, at 0x2c last modified Sun, Feb 25 2005 21:31:12 +A "setup.exe", number 1, 1 datablock, 0x1203 compression

UsbBootW.exe

30e0a58917b500adf9864aad392c04bd

PE32+ executable (console) x86-64, for MS Windows, 6 sections

UsbBootW.exe

1b0c6a1cfd18eec651324bd9b6546222

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

readme.txt

6431d1fcb8db31feb83588fc923e3762

ASCII text, with CRLF line terminators

UsbBootW.conf

7e026028117e807ea1dd6469766dc50b

Generic INItialization configuration [usbohci]

WinSetupFromUSB_1-0-beta6.exe

731a7b4f248964d0e81f56672ac136fd

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

MENU.LST

ce2d6208b079dc06e757b39d146406a2

ASCII text, with CRLF line terminators

splash.xpm.gz

01058fa9b5b7013bcddba22bd8a80577

gzip compressed data, from NTFS filesystem (NT)

XPpSP3.ISO

056b79cb4ceb39da2e1265dcb000aba5

ISO 9660 CD-ROM filesystem data 'WINSETUP'

SETUPLD1.BIN

b50e4a40b2e964990e82097e8523ceca

DOS executable (COM), start instruction 0xe9d501eb 04900000

SETUPLDR.BIN

4b614ec0d41947b17270be83df6e2c3f

DOS executable (COM), start instruction 0xe9d501eb 04900000

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	malicious	VirusTotal - Scan result 13/61

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

computers-lab.ru/files/winUSB.zip

45.130.41.29

200 OK

5.9 MB

URL User Request GET HTTP/2
computers-lab.ru/files/winUSB.zip
IP
45.130.41.29:443
ASN
#198610 Beget LLC

Certificate
IssuerLet's Encrypt
Subjectcomputers-lab.ru
FingerprintB1:82:E9:6C:B0:B0:E9:24:1C:F6:28:78:1C:07:FC:0D:A4:8F:7F:40
ValidityThu, 15 Feb 2024 10:02:08 GMT - Wed, 15 May 2024 10:02:07 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
5.9 MB (5882759 bytes)
Hash
30e188e1749116c19426124f5d139ba8
a281da2c5b3155900c85e39aba470fcd0830e0ab
070af8b4afe25cf13d091985b70f1864f7c8f018b91ddb2a55b3ce903aea89a9

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 13/61

HTTP Headers

GET /files/winUSB.zip HTTP/1.1
Host: computers-lab.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Sat, 30 Mar 2024 08:59:13 GMT
content-type: application/zip
content-length: 5882759
last-modified: Thu, 10 Jan 2013 13:19:57 GMT
etag: "50eebffd-59c387"
expires: Mon, 29 Apr 2024 08:59:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (131)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers