Report Overview

  1. Submitted URL

    ftp.elf.stuba.sk/pub/pc/pack/unpack22.zip

  2. IP

    147.175.111.14

    ASN

    #2607 Zdruzenie pouzivatelov Slovenskej akademickej datovej siete

  3. Submitted

    2024-05-10 22:34:04

    Access

    public

  4. Website Title

    about:privatebrowsing

  5. Final URL

    about:privatebrowsing

  6. Tags

  7. urlquery detections

    No alerts detected

Detections

  2. urlquery

    0

  3. Network Intrusion Detection

    0

  4. Threat Detection Systems

    43

Domain Summary

Domain / FQDNRankRegisteredFirst SeenLast Seen
ftp.elf.stuba.skunknown2003-11-252012-07-012020-05-09

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected


OpenPhish

No alerts detected


PhishTank

No alerts detected


mnemonic secure dns

No alerts detected


Quad9 DNS

No alerts detected


ThreatFox

No alerts detected


Files detected

  1. URL

    ftp.elf.stuba.sk/pub/pc/pack/unpack22.zip

  2. IP

    147.175.111.14

  3. ASN

    #2607 Zdruzenie pouzivatelov Slovenskej akademickej datovej siete

  1. File type

    Zip archive data, at least v2.0 to extract, compression method=deflate

    Size

    891 kB (891306 bytes)

  2. Hash

    c7e3fce0100c7ccd81a435ea489af9e2

    e9c3b66af58bea9ea5431090d81c8c2fea1691df

  1. Archive (62)

    2. FilenameMd5File type
    Un-pack.exe
    e90be9993116d378d143339f334b41fb
    		MS-DOS executable, MZ for MS-DOS
    Un-pack.pif
    7fa51cfdd6cf0dddfd02f22311d92eac
    		Windows Program Information File for UN-PACK.EXE, icon=UN-PACK.ICO
    File_id.diz
    40f22af43f5258bd9c547d919932464c
    		ISO-8859 text, with CRLF line terminators
    Un-packe.dat
    8e4363160879774ace309f4b50b5c874
    		TTComp archive data, binary, 4K dictionary
    Ug2001.nfo
    8c07479bc2809cb6ffd2f582ebc6433d
    		ISO-8859 text, with CRLF line terminators
    Un-pack.ico
    41cd27e6b17daedcd0b645fceb7c1418
    		MS Windows icon resource - 1 icon, 32x32, 16 colors
    Un-pack.doc
    7b0018885a60d1fe59c33cfb3626ae5f
    		Non-ISO extended-ASCII text, with CRLF, NEL line terminators
    Un-pack.eng
    e1c14d2f5a6f8abdc1f80c3998366bd9
    		ISO-8859 text, with CRLF line terminators
    ExeTools.Com
    b3b8125b562272e29d94429c3f41130d
    		COM executable for DOS, aPack compressed
    UN-PACKL.EXE
    3afe918243ef23f44928a9f83a2d2843
    		MS-DOS executable, MZ for MS-DOS
    UN-PACKX.BAT
    1a323b1762c41a7287c27f388db3e2ae
    		ASCII text, with no line terminators
    Denood10.exe
    b50ca86dbb7a47a6905512bb2c29d59b
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Ugu_pe.exe
    2775b872cd0b0c395d9e753eab9c0cdf
    		PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections
    Deasp211.exe
    41f28ced5e5e644ff7a9a1dab7c30c12
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Untlck61.exe
    383dddabce7a116dbcb4beadfc97a966
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Vdp_10.exe
    a4ce08be4dc1e4cb478def84566de091
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    CASPR.INI
    e370f18780b2983b5b25d4af5a683c8c
    		Microsoft HTML Help Project
    Unpcwc.exe
    94f73a941ab6a89d49e537dd5ce36546
    		PE32 executable (console) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Anti3.exe
    11cf2ec84659beaa35c340d88f59c342
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Unpetite.exe
    2a6c9e70a2482864ea5e17fce0a1cebe
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Caspr2.dll
    f2d7ed3d8b28a9d85114448dde3253b8
    		PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 3 sections
    Deyoda12.exe
    5ce58114b3ac05438b6f22804a73d3d3
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Unpcgd07.exe
    e4329191ed9b7f3664979a2b113dfded
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Deyoda10.exe
    9508766c97ee14d97c9ef9587c3ae5aa
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Xcremove.exe
    976dc28a0f1161182cf356c42afe982d
    		MS-DOS executable, MZ for MS-DOS
    rebIT.dll
    c9882b5e6e0e59b14a92436dde33a554
    		PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Start.exe
    930b76994a960fcbf35df633ffbc327d
    		PE32 executable (console) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Unpecomp.exe
    75b272ab68d96a0dcc2340f814590a32
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Unnfo10.exe
    9482f79e962ac3dc9c74b9735b5f9518
    		PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
    Stn-wwpp.exe
    6e1775a848edc836c6eaea05534c85cb
    		PE32 executable (console) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Caspr1.dll
    af4bc8728a068938efdcbccfda72324f
    		PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections
    Ubjfnt13.exe
    ea42f8cf59592ba1584a74d51e9b715a
    		PE32 executable (console) Intel 80386, for MS Windows, 4 sections
    Antiaspk.exe
    038d3d4859a22fad9106e01d3fa5cd9d
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Untelock.exe
    fc2e000a9e9b5b3a106d0609b40a9b08
    		PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
    Unvgcryp.exe
    7fcf218ffb5eac78d0f09a29615247c8
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Xfse95.exe
    b36e6ad4f90fd3c856d0931b82dd78cf
    		MS-DOS executable, LE executable for MS Windows (VxD)
    Uring.dll
    c44356dec5b17d947176737304ff01ee
    		PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections
    Caspr.exe
    c2603ebbc09fa2df086f93c215c90f78
    		PE32 executable (console) Intel 80386, for MS Windows, 2 sections
    Realign.dll
    5eaa9f941cc8f7f2b461f4a9067145ca
    		PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Desoft9x.exe
    dfcbdac41eaa7820a09a6877a0e22e52
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Ahcr200.exe
    5bbead119a01471fdcc8b2096915af97
    		PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 3 sections
    Peunlck.exe
    b4fca6084e92b2a588909bd7bc06b470
    		PE32 executable (console) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Rad06.exe
    193c39bbdb254116d7bf79d29446774d
    		PE32 executable (GUI) Intel 80386, for MS Windows, 2 sections
    Untlck70.exe
    4d9790043a976d094da14ab97e553d5c
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Untlck71.exe
    f67215a8a620ed6ed89dd70a32bfce8e
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Un_penyc.exe
    7ead59ef6e9dad190bf351d4eec93ef1
    		MS-DOS executable, MZ for MS-DOS
    Untlck7b.exe
    d63e1f9381258b18439d7a1c00ec75f9
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Unpklite.exe
    22f8d7bce5bfa7115bd301d52d4c5ed4
    		MS-DOS executable, MZ for MS-DOS
    Depeprot.exe
    46351305f526d54167a299d47dc4282b
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Xpecrypt.exe
    ed5fa1b29366108549d5c1bd1b2fb8e8
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Unpcpeca.exe
    ed7d1639282db3034b8cd15037207f8b
    		MS-DOS executable, MZ for MS-DOS
    Unaspack.exe
    b40185a31e3b88fea7f4484395b744ec
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Desoftnt.exe
    dcaa013fe35c6fe02f33066d35100097
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Unpes.exe
    cc9b79097333b098bf747e949f287048
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Nckill10.exe
    8c82deb85e32f835338bff5c8771fee3
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Unpklite.txt
    b3f553c2256b34849be20e096cd8789e
    		ASCII text, with CRLF line terminators
    Guw32.exe
    59cc972e87f019df650f34d25b41783b
    		PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections
    Untlck60.exe
    8c21ba08e0033a2a70f22ca2b76e3925
    		PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
    Imprec.dll
    b0b4fdbd49479545c6cbce17c8e2e08c
    		PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 3 sections
    Deshrink.com
    2066fdaa4ae436721a0f3a18384e4e1c
    		DOS executable (COM), start instruction 0xe9160580 fd087405
    Asprotec.txt
    2770e692045cfd9b0964d5e40c64efea
    		ASCII text, with CRLF line terminators
    Examples.zip
    e2b6cd276a4000b6a3563a5a43dc7414
    		Zip archive data, at least v2.0 to extract, compression method=store

    Detections

    AnalyzerVerdictAlert
    Public Nextron YARA rulesmalware
    Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
    YARAhub by abuse.chmalware
    meth_get_eip
    VirusTotalmalicious
    VirusTotal - Scan result 21/64

JavaScript (0)

HTTP Transactions (1)

URLIPResponseSize
ftp.elf.stuba.sk/pub/pc/pack/unpack22.zip
147.175.111.14200 OK891 kB