Report - www.doom9.org/Soft21/SupportUtils/VFAPIConv-1.05-EN.zip

Report Overview

Visited public
2025-04-18 09:06:35
Tags
Submit Tags
URL
www.doom9.org/Soft21/SupportUtils/VFAPIConv-1.05-EN.zip
Finishing URL
about:privatebrowsing
IP / ASN
213.112.115.220
#2119 Telenor Norge AS
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.doom9.org	unknown	2000-09-26	2014-02-01	2025-04-09	523 B	485 kB	213.112.115.220

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.doom9.org/Soft21/SupportUtils/VFAPIConv-1.05-EN.zip
IP
213.112.115.220
ASN
#2119 Telenor Norge AS

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
485 kB (484770 bytes)
Hash
f6dfead3171841d5f23d72520ea3adbd
c38b4bdcd87e0b93cc1ddc82d1924c0fe65bda6d
c9e6a5089595951688fed271e6597696caa5c59420a338dcec734b6a63a6642a

Archive (7)

Filename

Md5

File type

Oemsetup.inf

b52c3242267434cd859c0568052a192e

ASCII text, with CRLF line terminators

Readme.txt

63da4c5a2d4a103e401d9752096a71d9

Non-ISO extended-ASCII text, with CRLF line terminators

VFAPIConv.exe

0e18dc1e718d0b528ded79adbdead15b

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

VFCodec.dll

bb7636cef5e0faf9f839081994dd45e3

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

vifp.inf

01720416b9690086b68d96cb797f1f9c

Windows setup INFormation

vifpset.bat

23b8a5ebb4ef782af047fc47f901e1b0

ASCII text, with CRLF line terminators

EN_Info.txt

63e17697c02399a55a86a0adbde6f17d

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Scans presence of the found strings using the in-house brute force method
YARAhub by abuse.ch	malware	Scans presence of the found strings using the in-house brute force method

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	GET www.doom9.org/Soft21/SupportUtils/VFAPIConv-1.05-EN.zip	213.112.115.220	200 OK	485 kB
URL User Request GET www.doom9.org/Soft21/SupportUtils/VFAPIConv-1.05-EN.zip IP 213.112.115.220:443 ASN #2119 Telenor Norge AS Certificate IssuerLet's Encrypt Subjectwww.doom9.org FingerprintA9:1C:33:1B:5A:E4:1D:1F:B6:66:9F:ED:57:AA:75:AC:7B:08:15:8D ValiditySat, 08 Mar 2025 09:34:11 GMT - Fri, 06 Jun 2025 09:34:10 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 485 kB (484770 bytes) Hash f6dfead3171841d5f23d72520ea3adbd c38b4bdcd87e0b93cc1ddc82d1924c0fe65bda6d c9e6a5089595951688fed271e6597696caa5c59420a338dcec734b6a63a6642a HTTP Headers GET /Soft21/SupportUtils/VFAPIConv-1.05-EN.zip HTTP/1.1 Host: www.doom9.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK strict-transport-security: max-age=15552000; includeSubDomains last-modified: Mon, 06 Jan 2003 09:25:08 GMT etag: "765a2-3b38d7792c500" accept-ranges: bytes content-length: 484770 content-type: application/zip date: Fri, 18 Apr 2025 09:06:13 GMT server: Apache X-Firefox-Spdy: h2`

GET www.doom9.org/Soft21/SupportUtils/VFAPIConv-1.05-EN.zip

213.112.115.220

200 OK

485 kB

URL User Request GET
www.doom9.org/Soft21/SupportUtils/VFAPIConv-1.05-EN.zip
IP
213.112.115.220:443
ASN
#2119 Telenor Norge AS

Certificate
IssuerLet's Encrypt
Subjectwww.doom9.org
FingerprintA9:1C:33:1B:5A:E4:1D:1F:B6:66:9F:ED:57:AA:75:AC:7B:08:15:8D
ValiditySat, 08 Mar 2025 09:34:11 GMT - Fri, 06 Jun 2025 09:34:10 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
485 kB (484770 bytes)
Hash
f6dfead3171841d5f23d72520ea3adbd
c38b4bdcd87e0b93cc1ddc82d1924c0fe65bda6d
c9e6a5089595951688fed271e6597696caa5c59420a338dcec734b6a63a6642a

HTTP Headers

GET /Soft21/SupportUtils/VFAPIConv-1.05-EN.zip HTTP/1.1
Host: www.doom9.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
strict-transport-security: max-age=15552000; includeSubDomains
last-modified: Mon, 06 Jan 2003 09:25:08 GMT
etag: "765a2-3b38d7792c500"
accept-ranges: bytes
content-length: 484770
content-type: application/zip
date: Fri, 18 Apr 2025 09:06:13 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (7)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers