Report - reqrypt.org/download/WinDivert-2.2.2-A.zip

Report Overview

Visited public
2024-02-21 08:33:43
Tags
URL
reqrypt.org/download/WinDivert-2.2.2-A.zip
Finishing URL
about:privatebrowsing
IP / ASN
104.21.5.43
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

0

Threat Detection Systems

12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
reqrypt.org	unknown	2010-12-16	2013-11-30 04:35:23	2024-02-11 01:12:47	496 B	406 kB	104.21.5.43

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
reqrypt.org/download/WinDivert-2.2.2-A.zip
IP
104.21.5.43
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
405 kB (405137 bytes)
Hash
61198c660fd46657ea6d1657515b3505
074f75d98f8d2fd2ce71e3cf5257b09182f59d36
63cb41763bb4b20f600b6de04e991a9c2be73279e317d4d82f237b150c5f3f15

Archive (31)

Filename

Md5

File type

README

eab72c3ecd782b3d4bffb52d330f911b

ASCII text

windivert.h

35b5cd3b17b74a42794ae8e225a3f0aa

C source, ASCII text

VERSION

02fdf3f1762145f951adfd96fe659271

ASCII text

netdump.exe

7836f4756f1032e388f3896ea7beaf2a

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections

windivertctl.exe

f883b97640e6b33febbbfb0ff94ecfd0

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections

WinDivert64.sys

89ed5be7ea83c01d0de33d3519944aa5

PE32+ executable (native) x86-64, for MS Windows, 8 sections

passthru.exe

5eec715dd8c1a9c3e320ded11ed17b8d

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections

test.exe

52525cb63add9ce69335f7d959a36d8c

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections

socketdump.exe

dd375ee80beef096463aa99b8e8e47ed

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections

streamdump.exe

5c488a7e05680a85dac8c94c2e2267f4

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections

netfilter.exe

61936a989c535a2e6b859a48341e9bcf

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections

webfilter.exe

cee7942f83c9a7c859fe11ffd485c70d

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections

WinDivert.dll

387b5f1334fe717221295b18203cd70c

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections

flowtrack.exe

5df4e7a1eed42ec6d327b700793d3ef7

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections

WinDivert.lib

5dd0c88eb9fe0090b257aed5b98771af

current ar archive

WinDivert32.sys

451ec31152318d1249f41aed387dd262

PE32 executable (native) Intel 80386, for MS Windows, 6 sections

WinDivert.html

d76c2fae3ffdf9cda0b1e225cc4bb85d

HTML document, ASCII text

LICENSE

bbd7a5894dfb29429e01764c2b3e6265

ASCII text

netdump.exe

fd94c5951c30518fa5b0a7ac3ec9ebba

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

windivertctl.exe

3d852c90b9cdc17e82e2787a9dd8af83

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

WinDivert64.sys

89ed5be7ea83c01d0de33d3519944aa5

PE32+ executable (native) x86-64, for MS Windows, 8 sections

passthru.exe

804079e2862ac068052e648d9568cdc8

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

test.exe

4525b1bec4190e392b94ce714ed593c4

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

socketdump.exe

b21a1d6821b1607befaf849801bc93ed

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

streamdump.exe

aa8d50fdb242248fa0cce85409010d21

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

netfilter.exe

7d920f868f55511c79d57be18fb87e40

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

webfilter.exe

d72c445d4aaa51639394fd5b23f429b4

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

WinDivert.dll

b2014d33ee645112d5dc16fe9d9fcbff

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

flowtrack.exe

eeb5920d5a9fa3c365d22b14d508f290

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

WinDivert.lib

5fe307f87206e2f05c5bde29e418badb

current ar archive

CHANGELOG

1b148008658f014a89e15a5cbc727128

ASCII text

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Public Nextron YARA rules	malware	Detects WinDivert User-Mode packet capturing driver
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Public Nextron YARA rules	malware	Detects WinDivert User-Mode packet capturing driver
VirusTotal	suspicious	VirusTotal - Scan result 8/64

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

reqrypt.org/download/WinDivert-2.2.2-A.zip

104.21.5.43

200 OK

405 kB

URL User Request GET HTTP/2
reqrypt.org/download/WinDivert-2.2.2-A.zip
IP
104.21.5.43:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectreqrypt.org
Fingerprint5E:BB:14:07:08:F6:6A:B0:F8:A7:96:E6:D1:DD:5A:8D:FD:E0:4B:0D
ValidityWed, 03 Jan 2024 12:24:54 GMT - Tue, 02 Apr 2024 12:24:53 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
405 kB (405137 bytes)
Hash
61198c660fd46657ea6d1657515b3505
074f75d98f8d2fd2ce71e3cf5257b09182f59d36
63cb41763bb4b20f600b6de04e991a9c2be73279e317d4d82f237b150c5f3f15

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 8/64

HTTP Headers

GET /download/WinDivert-2.2.2-A.zip HTTP/1.1
Host: reqrypt.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 21 Feb 2024 08:33:17 GMT
content-type: application/zip
content-length: 405137
etag: "2137030036"
last-modified: Tue, 20 Sep 2022 23:42:31 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tjrRRi3YRJ52eKZBmvByO0IdvRG1SdwYhAD8B%2FSpZ1Nhh1r2gFnsB26KJ4CUDDu5Th%2B4HvYjZ5RR3jehH5kv7Sl6TEQtpmhc9d1ukvn7rVX%2BePsopB6cDViq%2Ff0oQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 858da4c07a03b512-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2