Report - raw.githubusercontent.com/xjnhzaj12b2/TrungADS/refs/heads/main/FileNL10.5.zip

Report Overview

Visited public
2025-05-14 00:22:47
Tags
URL
raw.githubusercontent.com/xjnhzaj12b2/TrungADS/refs/heads/main/FileNL10.5.zip
Finishing URL
about:privatebrowsing
IP / ASN
185.199.108.133
#54113 FASTLY
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
raw.githubusercontent.com	35802	2014-02-06	2014-03-01	2025-05-07	545 B	10 MB	185.199.108.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
raw.githubusercontent.com/xjnhzaj12b2/TrungADS/refs/heads/main/FileNL10.5.zip
IP
185.199.108.133
ASN
#54113 FASTLY

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
10 MB (10388779 bytes)
Hash
65ee4b6073ca4437c950bec921738b28
2df4fb32f178cf7e6a36475e547f82a4b3e9c025
b62e28e7f450c18275a5c316d5fd66d6f6e7ce71cf044e29f3505c344475542c

Archive (37)

Filename

Md5

File type

_ssl.pyd

8f7c200970927741ce8a2bad7d0b8847

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

_uuid.pyd

8cd9d8119b9b38c64d57a7b87d239a07

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

_zoneinfo.pyd

702ba061f9fb7b9fc43e54c607dee0fb

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

edge.com

2983869ff9818d47515aaab06807acc9

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

libcrypto-1_1.dll

5829cda43cac0f04b8501d892a89cf59

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

libffi-8.dll

74d2b5e0120a6faae57042a9894c4430

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

libssl-1_1.dll

ca3f5e1496fc9af4edc9dc585e29c8fe

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

loader.bin

27430df9b4d24ebb5ad0845a4201768c

data

loader_encrypted.bin

83a9bcbb6fafeca0af0fe0b6257f7c57

data

oledlg.dll

48228ded3a66d62e63be8fd923f69308

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 18 sections

pyexpat.pyd

3c97ceb3fa49dcb4f21a8855faedac6f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

python.cat

77132b2720a8a259313f58d86532f81a

DER Encoded PKCS#7 Signed Data

python.exe

9d331f4374f62b8d6c19970681030f95

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

python3.dll

5f1af3f2396e33c79bb5db70af3fa181

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

python311._pth

d7f4f557051dffb5cc93ecfb24a965a8

ASCII text, with CRLF line terminators

python311.dll

68193b0ed6bb05e7bf70e380852a4e58

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

python311.zip

d88df7e41b525c52b7f14981669cbc41

Zip archive data, at least v2.0 to extract, compression method=deflate

run.py

683176fc946e4bf50c40246e09e7d756

Python script, ASCII text executable, with CRLF line terminators

run.vbs

5e8990c4c4f9dfce60a8e47eb53015a8

ASCII text, with CRLF line terminators

select.pyd

c66138b2b77c84caf681979e9d45cedb

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

sqlite3.dll

affc83f5e537a59265f7ec779419b0f1

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

unicodedata.pyd

cd76fab95cac1616bc385a71faafa09a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

vcruntime140.dll

81b11024a8ed0c9adfd5fbf6916b133c

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

winsound.pyd

4339e80f506248a276e5e8f9cf73f3e4

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

_asyncio.pyd

959b1d6e389d91d8825ffdfc80d5cb2b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

_bz2.pyd

70ca7d29ac5f6a8e0cfaa3501e1aee2c

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

_ctypes.pyd

5d21f0a0f73b4bd8237fc5b970fdd5cc

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

_decimal.pyd

869ad0f3f86a1934de64af388cab9876

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

_elementtree.pyd

e6f77fe3456367aae304634626669fd6

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

_hashlib.pyd

2b1d9619090883d3529b6ebe52a3a4fc

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

_lzma.pyd

20514c4b7bf23f8993f76d00ec0dfdd4

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

_msi.pyd

fb451cb014ceb153cc614980df1c7884

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

_multiprocessing.pyd

7436706aa30910f0145ccee2bfd51310

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

_overlapped.pyd

49ed67c8475cb23054654dbce47f5e98

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

_queue.pyd

188619ea2cc75374eef0ba8bd6f34f8a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

_socket.pyd

539eea75b5a032a9887329a5dc0c51a4

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

_sqlite3.pyd

fdacc6a3f2574ac94ef668ab05a413a9

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
Elastic Security YARA Rules	malware	Windows.Trojan.Donutloader
YARAhub by abuse.ch	malware	Detect pe file that no import table
VirusTotal	malicious	VirusTotal - Scan result 19/62

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET raw.githubusercontent.com/xjnhzaj12b2/TrungADS/refs/heads/main/FileNL10.5.zip

185.199.108.133

200 OK

10 MB

URL User Request GET
raw.githubusercontent.com/xjnhzaj12b2/TrungADS/refs/heads/main/FileNL10.5.zip
IP
185.199.108.133:443
ASN
#54113 FASTLY

Certificate
IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
10 MB (10388779 bytes)
Hash
65ee4b6073ca4437c950bec921738b28
2df4fb32f178cf7e6a36475e547f82a4b3e9c025
b62e28e7f450c18275a5c316d5fd66d6f6e7ce71cf044e29f3505c344475542c

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 19/62

HTTP Headers

GET /xjnhzaj12b2/TrungADS/refs/heads/main/FileNL10.5.zip HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
etag: W/"f61c4b56bef0a0e91f2bc07dc54dd816c9af0be4932c7d237745f5a0f1b94ae1"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 0B9D:24DADA:3BB44:4A66F:6823E233
accept-ranges: bytes
date: Wed, 14 May 2025 00:22:11 GMT
via: 1.1 varnish
x-served-by: cache-hel1410031-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1747182131.236564,VS0,VE414
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 4c323f59c4c835c710a64bc53d47133572dcc913
expires: Wed, 14 May 2025 00:27:11 GMT
source-age: 0
content-length: 10388779
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (37)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers