Report - cloudfile.kanmogroup.com/ZK.zip

Report Overview

Submitted URL
cloudfile.kanmogroup.com/ZK.zip
IP
119.2.43.123
ASN
#38524 Laxo Global Akses, PT
Submitted
2024-05-08 12:29:31
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cloudfile.kanmogroup.com	unknown	unknown	No data	No data	485 B	672 kB	119.2.43.123

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cloudfile.kanmogroup.com/ZK.zip
IP
119.2.43.123
ASN
#38524 Laxo Global Akses, PT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
672 kB (672207 bytes)
Hash
8117e98011edf7d274c109ffa4baa3ca
a3eb66c2342e4a57d6b463610e5dc186a3a01c9b
0eb603f4d1e9211061ed484fac6dc28cb00ab411671b408c1c9ec98219ae5d8b

Archive (11)

Filename

Md5

File type

commpro.dll

7037777770a4dd0f436350fda9b81e78

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

comms.dll

afd6cbbcf279bd8408f41a39f2e6a444

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

interop.zkemkeeper.bak.dll

0dec2cb45dcd809c933edbe12b7d4bf9

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

interop.zkemkeeper.dll

174a913c644c892ab1dd7a8d39344733

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

plce.dll

022f52d935120bed647bd800993a4072

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

rscagent.dll

ea6eed5cc534322b5a043f1b55ea26b3

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

rscomm.dll

36d83b0bc7002bc0a6226d05c75a2579

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

tcpcomm.dll

64f824e8c023ce678817bb89831f6095

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

usbcomm.dll

292b817a8c059b2c03030a8e1f80074d

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

zkemkeeper.dll

a0f287509b7fade7855eb0e03822dfba

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

zkemsdk.dll

10bf02eb21bdc247698cf4e2b81e4f17

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	cloudfile.kanmogroup.com/ZK.zip	119.2.43.123	200 OK	672 kB
URL User Request GET HTTP/1.1 cloudfile.kanmogroup.com/ZK.zip IP 119.2.43.123:443 ASN #38524 Laxo Global Akses, PT Certificate IssuerSectigo Limited Subject.kanmogroup.com FingerprintD7:CC:CA:31:C2:97:4F:09:B3:26:72:C7:1C:34:1B:E8:81:C5:07:23 ValidityWed, 02 Aug 2023 00:00:00 GMT - Mon, 12 Aug 2024 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 672 kB (672207 bytes) Hash 8117e98011edf7d274c109ffa4baa3ca a3eb66c2342e4a57d6b463610e5dc186a3a01c9b 0eb603f4d1e9211061ed484fac6dc28cb00ab411671b408c1c9ec98219ae5d8b HTTP Headers `GET /ZK.zip HTTP/1.1 Host: cloudfile.kanmogroup.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/x-zip-compressed Last-Modified: Tue, 04 Sep 2018 12:54:28 GMT Accept-Ranges: bytes ETag: "2224956a4e44d41:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Wed, 08 May 2024 12:28:38 GMT Content-Length: 672207`

cloudfile.kanmogroup.com/ZK.zip

119.2.43.123

200 OK

672 kB

URL User Request GET HTTP/1.1
cloudfile.kanmogroup.com/ZK.zip
IP
119.2.43.123:443
ASN
#38524 Laxo Global Akses, PT

Certificate
IssuerSectigo Limited
Subject*.kanmogroup.com
FingerprintD7:CC:CA:31:C2:97:4F:09:B3:26:72:C7:1C:34:1B:E8:81:C5:07:23
ValidityWed, 02 Aug 2023 00:00:00 GMT - Mon, 12 Aug 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
672 kB (672207 bytes)
Hash
8117e98011edf7d274c109ffa4baa3ca
a3eb66c2342e4a57d6b463610e5dc186a3a01c9b
0eb603f4d1e9211061ed484fac6dc28cb00ab411671b408c1c9ec98219ae5d8b

HTTP Headers

GET /ZK.zip HTTP/1.1
Host: cloudfile.kanmogroup.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/x-zip-compressed
Last-Modified: Tue, 04 Sep 2018 12:54:28 GMT
Accept-Ranges: bytes
ETag: "2224956a4e44d41:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 08 May 2024 12:28:38 GMT
Content-Length: 672207

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (11)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers