Report - mksoftcdnhp.yesky.com/6875e397/e4489045ea98b84ba60bb53ae8ab2013/extract/712511552/423648/setup.exe

Report Overview

Visitedpublic

2025-07-15 06:46:24

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
mksoftcdnhp.yesky.com	unknown	2000-01-12	2023-01-21	2025-07-12	566 B	3.2 MB	27.221.125.159

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-07-15	medium	mksoftcdnhp.yesky.com/6875e397/e4489045ea98b84ba60bb53ae8ab2013/extract/712511552/423648/setup.exe	Scans presence of the found strings using the in-house brute force method

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

mksoftcdnhp.yesky.com/6875e397/e4489045ea98b84ba60bb53ae8ab2013/extract/712511552/423648/setup.exe

IP / ASN

27.221.125.159

#4837 CHINA UNICOM China169 Backbone

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

Size3.2 MB (3202760 bytes)

MD545bd9d66f284ce4f063974b140d59326

SHA136d37285be4a9be17a078dc2938c0c1e7261506a

SHA25672955dd1e5fb2fb664d192217e3b6cc4f033b43d5aab117e2cd96f82ab64e135

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Scans presence of the found strings using the in-house brute force method
VirusTotal	suspicious	VirusTotal - Scan result 8/57

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET mksoftcdnhp.yesky.com/6875e397/e4489045ea98b84ba60bb53ae8ab2013/extract/712511552/423648/setup.exe

27.221.125.159

200 OK

3.2 MB

URL

mksoftcdnhp.yesky.com/6875e397/e4489045ea98b84ba60bb53ae8ab2013/extract/712511552/423648/setup.exe

IP / ASN

27.221.125.159

#4837 CHINA UNICOM China169 Backbone

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

First Seen2025-07-15

Last Seen2025-07-15

Times Seen1

Size3.2 MB (3202760 bytes)

MD545bd9d66f284ce4f063974b140d59326

SHA136d37285be4a9be17a078dc2938c0c1e7261506a

SHA25672955dd1e5fb2fb664d192217e3b6cc4f033b43d5aab117e2cd96f82ab64e135

Certificate Info

IssuerDigiCert Inc

Subject*.yesky.com

Fingerprint40:DC:45:43:8F:B0:95:35:BD:4B:29:CA:13:26:E4:55:E5:9B:51:E5

ValidityMon, 13 Jan 2025 00:00:00 GMT - Wed, 21 Jan 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Scans presence of the found strings using the in-house brute force method
VirusTotal	suspicious	VirusTotal - Scan result 8/57

HTTP Headers

GET /6875e397/e4489045ea98b84ba60bb53ae8ab2013/extract/712511552/423648/setup.exe HTTP/1.1
Host: mksoftcdnhp.yesky.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 15 Jul 2025 06:45:49 GMT
content-type: application/x-msdownload
content-length: 3202760
expires: Tue, 01 Jul 2025 12:05:22 GMT
last-modified: Wed, 19 Mar 2025 16:05:51 GMT
etag: "45bd9d66f284ce4f063974b140d59326"
age: 1449627
accept-ranges: bytes
content-md5: Rb2dZvKEzk8GOXSxQNWTJg==
x-bce-content-crc32: 1887807830
x-bce-debug-id: 7GLoT6mM6a78mPcGLz/Fj7b/jLNqnNr8WRGR5O5g9RMeRwe1zZca1h7InP7xsMk7RfxLeOyFlg0DIWfePlBBng==
x-bce-flow-control-type: -1
x-bce-is-transition: false
x-bce-request-id: 3ee2eb12-5089-4ac5-863a-4f20c604ba2c
x-bce-storage-class: STANDARD
ohc-global-saved-time: Sat, 28 Jun 2025 12:05:22 GMT
ohc-cache-hit: jnuncache58 [2], czix95 [1]
ohc-file-size: 3202760
x-cache-status: HIT
X-Firefox-Spdy: h2