Report - raw.githubusercontent.com/borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll

Report Overview

Visitedpublic

2025-01-22 17:59:04

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
raw.githubusercontent.com	35802	2014-02-06	2014-03-01	2025-01-22	529 B	227 kB	185.199.108.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-01-22	medium	raw.githubusercontent.com/borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll	Detect pe file that no import table

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

raw.githubusercontent.com/borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll

IP / ASN

185.199.108.133

#54113 FASTLY

File Overview

File TypePE32+ executable (DLL) (GUI) x86-64, for MS Windows

Size226 kB (226304 bytes)

MD5b79bfc18edf18370e426e94bf9e10592

SHA1de51bf6942f2ee8b2532bdf3c213907fe7dd9c84

SHA256d3a2d4ba16add4a2c961fc907355ac994dceedd4fb56aa1bc2d76b9bdef77bd8

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table
VirusTotal	malicious	VirusTotal - Scan result 27/72

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET raw.githubusercontent.com/borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll

185.199.108.133

200 OK

226 kB

URL

raw.githubusercontent.com/borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll

IP / ASN

185.199.108.133

#54113 FASTLY

Requested byN/A

Resource Info

File typePE32+ executable (DLL) (GUI) x86-64, for MS Windows

First Seen2023-09-27

Last Seen2025-04-27

Times Seen37

Size226 kB (226304 bytes)

MD5b79bfc18edf18370e426e94bf9e10592

SHA1de51bf6942f2ee8b2532bdf3c213907fe7dd9c84

SHA256d3a2d4ba16add4a2c961fc907355ac994dceedd4fb56aa1bc2d76b9bdef77bd8

Certificate Info

IssuerDigiCert Inc

Subject*.github.io

Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28

ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table
VirusTotal	malicious	VirusTotal - Scan result 27/72

HTTP Headers

GET /borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/octet-stream
etag: W/"f19572c5b6b6f72735da8a0de8303ca905c2d24aba3aa697bda4e2af4a00f432"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 6E28:134168:35B68D:375157:679131CF
accept-ranges: bytes
date: Wed, 22 Jan 2025 17:58:39 GMT
via: 1.1 varnish
x-served-by: cache-hel1410029-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1737568719.364847,VS0,VE212
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: a812d587c18b5b3c7414cc5545d8b0a34f988e4c
expires: Wed, 22 Jan 2025 18:03:39 GMT
source-age: 0
content-length: 226304
X-Firefox-Spdy: h2