Report - opencourse.kr/content/files/2024/05/pppwn-GUI-1.7.zip

Report Overview

Visitedpublic

2024-06-04 16:42:11

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
opencourse.kr	unknown	2023-01-18	2023-01-18 22:54:06	2024-04-13 10:21:36	507 B	16 MB	104.21.94.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

opencourse.kr/content/files/2024/05/pppwn-GUI-1.7.zip

IP / ASN

104.21.94.3

#13335 CLOUDFLARENET

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=store

Size16 MB (15653618 bytes)

MD5e254c35709db94f2b2e205bca10c48a0

SHA1796362879f35bee6be5f4f33ce835997d689deea

SHA256efc2be63cad461715706cc4f5b833478aa3f75891c5d918a3eabfe9a82b9d3be

Archive (3)

Modified	Filename	Size	MD5	File type
2024-05-13 16:01	PPPwn GUI 1.7.exe	5.3 MB	b30ac58118321a59c014ccc1a3e123e7	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 6 sections
2024-05-03 23:06	ReadMe.txt	57 B	744d39ea312a4ad6bb1331a9628c2b26	ASCII text, with CRLF line terminators
2024-05-13 18:18	Unpacked Version.zip	11 MB	1feb8abefecb413949d4bc562e2a00e7	Zip archive data, at least v2.0 to extract, compression method=store

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 38/68

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET opencourse.kr/content/files/2024/05/pppwn-GUI-1.7.zip

104.21.94.3

200 OK

16 MB

URL

opencourse.kr/content/files/2024/05/pppwn-GUI-1.7.zip

IP / ASN

104.21.94.3

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeZip archive data, at least v2.0 to extract, compression method=store

First Seen2024-06-03

Last Seen2024-10-06

Times Seen9

Size16 MB (15653618 bytes)

MD5e254c35709db94f2b2e205bca10c48a0

SHA1796362879f35bee6be5f4f33ce835997d689deea

SHA256efc2be63cad461715706cc4f5b833478aa3f75891c5d918a3eabfe9a82b9d3be

Certificate Info

IssuerGoogle Trust Services LLC

Subjectopencourse.kr

FingerprintFA:64:C4:E6:B3:47:4E:60:9B:20:81:DD:97:6F:73:8E:80:37:11:1B

ValidityMon, 06 May 2024 14:46:55 GMT - Sun, 04 Aug 2024 14:46:54 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 38/68

HTTP Headers

GET /content/files/2024/05/pppwn-GUI-1.7.zip HTTP/1.1
Host: opencourse.kr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 04 Jun 2024 16:41:42 GMT
content-type: application/zip
content-length: 15653618
cf-ray: 88e95f371ab656bd-OSL
cf-cache-status: HIT
accept-ranges: bytes
age: 90841
cache-control: public, max-age=31536000
etag: W/"eedaf2-18fb02f05e4"
last-modified: Sat, 25 May 2024 14:37:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y6cgfnUBZilxsL8FxcfyWHHUNLHNRNrmm%2B6JKzP5i5GzSZB6KgRYTGZFdpdBfFe3HPWU1DCkndRA7mz5A5i2AmRzAtaymq08Aas1dvdz5CWlVTV8Jd7NBbatS2TsDB9i"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2