Report - download.wdc.com/windlg/WinDlg

Report Overview

Visited public
2024-12-21 08:33:40
Tags
Submit Tags
URL
download.wdc.com/windlg/WinDlg_124.zip
Finishing URL
about:privatebrowsing
IP / ASN
108.157.229.78
#16509 AMAZON-02
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
download.wdc.com	858494	1992-05-15	2012-07-26	2024-12-20	492 B	924 kB	143.204.55.66

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
download.wdc.com/windlg/WinDlg_124.zip
IP
143.204.55.66
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
923 kB (923401 bytes)
Hash
e700c77206c50bf205360e0e6d7a734d
f3e14c5b1653dc5820fce5b79d2726b70a0bdb0f
b73cf8d8cc36430e8fef6f9a4db8ce49be53392c681e602af483c8129d6af053

Archive (7)

Filename

Md5

File type

WinDlg.exe

7965a705310c1904d9c1fd385ed8c948

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

disk16.dll

0b8697984988125a81ae3773d4772c1e

MS-DOS executable, NE for MS Windows 3.x (4.0) (DLL or font)

disk32.dll

5de1eb9b2d43a4c8ed7fecd180b08ee0

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

help.htm

6b561f6149537bc2fd07119e3d6a4c18

HTML document, ISO-8859 text, with CRLF line terminators

setup.exe

7d951724ddff5f69c5be2216f9cb06c8

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

smart.htm

37054d4bb991a88facf071135b67e18f

HTML document, Non-ISO extended-ASCII text, with CRLF line terminators

WinDlg.txt

39a59c1aa5ff6ff59f472bfdc83ec23e

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Scans presence of the found strings using the in-house brute force method
VirusTotal	suspicious	VirusTotal - Scan result 1/65

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET download.wdc.com/windlg/WinDlg_124.zip

143.204.55.66

200 OK

923 kB

URL User Request GET HTTP/1.1
download.wdc.com/windlg/WinDlg_124.zip
IP
143.204.55.66:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectdownload.wdc.com
FingerprintBC:EB:75:AD:7A:74:33:9D:55:9A:EE:41:44:E7:A7:04:A1:33:36:DC
ValidityTue, 11 Jun 2024 00:00:00 GMT - Thu, 10 Jul 2025 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
923 kB (923401 bytes)
Hash
e700c77206c50bf205360e0e6d7a734d
f3e14c5b1653dc5820fce5b79d2726b70a0bdb0f
b73cf8d8cc36430e8fef6f9a4db8ce49be53392c681e602af483c8129d6af053

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/65

HTTP Headers

GET /windlg/WinDlg_124.zip HTTP/1.1
Host: download.wdc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/zip
Content-Length: 923401
Connection: keep-alive
Date: Sat, 21 Dec 2024 08:33:15 GMT
Last-Modified: Wed, 27 Apr 2016 21:50:56 GMT
ETag: "e700c77206c50bf205360e0e6d7a734d"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 0RjSiI45nIzeyd3Wib4AfKcsVB7-o6hZYxos5Dn8ngrWmXNrkLS9qQ==

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (7)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers