Report - users.starpower.net/larch78/lathemaster/lathemaster_unreg.zip

Report Overview

Submitted URL
users.starpower.net/larch78/lathemaster/lathemaster_unreg.zip
IP
207.172.16.150
ASN
#6079 RCN-AS
Submitted
2024-05-05 06:45:29
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
users.starpower.net	unknown	1998-05-14	2013-08-30	2024-01-06	701 B	801 kB	207.172.16.150
www.starpower.net	unknown	1998-05-14	2013-01-23	2024-01-24	268 B	486 B	207.172.156.181
www.astound.com	220264	1996-09-18	2014-12-05	2024-04-02	346 B	67 kB	216.82.203.86

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
users.starpower.net/larch78/lathemaster/lathemaster_unreg.zip
IP
207.172.16.150
ASN
#6079 RCN-AS

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
800 kB (800346 bytes)
Hash
fc59d147a65ef5200c80ac9954b1b7e4
56f80d5b0b75a30720bbc5c6051551e1f409db52
cb2c372136b9ef08368fdf106bdef634cfd3538348639ecba5715cd7c56218e9

Archive (19)

Filename

Md5

File type

data.dti

32634c0a23eb33fb287cfe68213ca263

ASCII text, with CRLF line terminators

MSVBVM60.DLL

0ee070e83ea201fd9a1743fc725fc963

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 5 sections

sets.dat

0cb4334a85ca5624153aecd1ff3f5733

data

Lathemaster.exe

0dac5bf57512de2ae2114730ab8f088b

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

Lathemaster

25ed5b666e5c61018ebaba38912ba96f

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

Wedge.brh

385a1fffb055aeddfb3d37102931475f

ASCII text, with CRLF line terminators

circle.brh

79f3f588e11b1ca56507509e526af671

data

diag2.brh

ed869ef5aa8a3d8051234d1514910f4a

data

diag1.brh

2a005d78c4a30dfdb2be6bcd77f951a1

OpenPGP Secret Key

flat.brh

ab33083016fa6197a35630ba868de231

ASCII text, with CRLF line terminators

modes.html

d82437edb8713131f6bc8e3660ebf969

HTML document, ASCII text, with CRLF line terminators

man.html

7eee77b1316259de0c0bff45df96f5e9

HTML document, ASCII text, with CRLF line terminators

menu.html

974c037949c3572884cb9b6b3ea3488c

HTML document, ASCII text, with CRLF line terminators

lathe.html

bcb036f7d14ef5f8a00e07ac1d512aa8

HTML document, ASCII text, with CRLF line terminators

tools.html

af5eb616a883f0e802baf7311269c175

HTML document, ASCII text, with CRLF line terminators

lathework4.jpg

80cb6078f033749b4e76b4946991f0fa

JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 285x251, components 3

lathework2.jpg

8dfe0c34de79f4363f2198da94ce9090

JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 285x251, components 3

lathework3.jpg

30dfdd64c2ac5a0970faf6903e88376c

JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 285x251, components 3

lathework1.jpg

4d117102d6eb667d3d42af648d7cd9fa

JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 285x251, components 3

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (4)

	URL	IP	Response	Size
	users.starpower.net/	207.172.16.150		209 B
URL users.starpower.net/ IP 207.172.16.150:0 ASN #6079 RCN-AS File type HTML document, ASCII text Size 209 B (209 bytes) Hash 758668f952973377aad8db69bb890657 5122a036292f1abfc948f3b977c06ca00ee8e78e 398a100488611181fcfd8ce44458b20a930b9a89bd8471db4bde3809f2430ae5 HTTP Headers `GET / HTTP/1.1 Host: users.starpower.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 302 Found Date: Sun, 05 May 2024 06:45:06 GMT Server: Apache/2.4.56 (FreeBSD) PHP/8.0.28 mod_perl/2.0.12 Perl/v5.32.1 Location: http://www.starpower.net/ Content-Length: 209 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1`

	www.starpower.net/	207.172.156.181		299 B
URL www.starpower.net/ IP 207.172.156.181:0 ASN #6079 RCN-AS File type HTML document, ASCII text Size 299 B (299 bytes) Hash bbe459ffbde212a9dac2d7bd81283785 97ae00a48508c728aa559ed5f39d8cc717ec0c7a 576ee94d407855ec2759afc5b6007e8422131277dc2324907163092322092fa6 HTTP Headers `GET / HTTP/1.1 Host: www.starpower.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 301 Moved Permanently Date: Sun, 05 May 2024 06:35:49 GMT Server: Apache Location: https://www.astound.com/ Content-Length: 299 Content-Type: text/html; charset=iso-8859-1`

	www.astound.com/	216.82.203.86		67 kB
URL www.astound.com/ IP 216.82.203.86:0 ASN #7459 GRANDECOM-AS1 File type HTML document, ASCII text, with very long lines (4704) Size 67 kB (66748 bytes) Hash ee41225e4a0d541b6719340b4ddd9c95 e8bc5fe4f417a37759877fdcd7f079741b43eb21 c62d8082b55d535aee14f5f18fa521646b3bf2586136e26d71a701293fc65836 HTTP Headers `GET / HTTP/1.1 Host: www.astound.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK date: Sun, 05 May 2024 06:45:08 GMT server: ASTOUND vary: X-Forwarded-Proto,Accept-Encoding,User-Agent last-modified: Sun, 05 May 2024 04:01:05 GMT accept-ranges: bytes content-length: 66748 content-type: text/html; charset=UTF-8 content-encoding: gzip x-frame-options: SAMEORIGIN x-server: strafe x-client-ip: 91.90.42.154 strict-transport-security: max-age=16000000; includeSubDomains; preload;`

	users.starpower.net/larch78/lathemaster/lathemaster_unreg.zip	207.172.16.150		800 kB
URL User Request GET users.starpower.net/larch78/lathemaster/lathemaster_unreg.zip IP 207.172.16.150:0 ASN #6079 RCN-AS File type Zip archive data, at least v1.0 to extract, compression method=store Size 800 kB (800346 bytes) Hash fc59d147a65ef5200c80ac9954b1b7e4 56f80d5b0b75a30720bbc5c6051551e1f409db52 cb2c372136b9ef08368fdf106bdef634cfd3538348639ecba5715cd7c56218e9 HTTP Headers `GET /larch78/lathemaster/lathemaster_unreg.zip HTTP/1.1 Host: users.starpower.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Sun, 05 May 2024 06:45:09 GMT Server: Apache/2.4.56 (FreeBSD) PHP/8.0.28 mod_perl/2.0.12 Perl/v5.32.1 Last-Modified: Sat, 12 Jan 2002 20:42:18 GMT ETag: "c365a-397611447be80" Accept-Ranges: bytes Content-Length: 800346 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/zip`