Report - dr-dl-4.xyz/drv/old/NTx64-Laser-ML-1660-drp.zip

Report Overview

Submitted URL
dr-dl-4.xyz/drv/old/NTx64-Laser-ML-1660-drp.zip
IP
89.41.180.203
ASN
#25198 Interkvm Host Srl
Submitted
2024-03-28 16:49:23
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dr-dl-4.xyz	unknown	2023-06-04	2023-06-04	2024-03-24	501 B	4.9 MB	89.41.180.203

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
dr-dl-4.xyz/drv/old/NTx64-Laser-ML-1660-drp.zip
IP
89.41.180.203
ASN
#25198 Interkvm Host Srl

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
4.9 MB (4892803 bytes)
Hash
45482b3e44b45b1c1f7332155a401eac
71ecb70fbc0aea77768ec31b65b545f0ef79c933
8d5f6de0ff88acab0e0e32ae62f85a4c0d2c1f5244c69ced657764ac612061a5

Archive (80)

Filename

Md5

File type

coinst.dll

fc21bf5a1667fc745fe53d05da4cb8a2

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

coinst.exe

36089584fc093a8512f427733a798c6c

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

itdrv.dll

08e66b29e8fa940f87c3f1ee9bf7879f

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

itdrvLC.bmp

5d3415e323e03bc82679f3cc03765f68

PC bitmap, Windows 3.x format, 84 x 16 x 24, image size 4032, cbSize 4086, bits offset 54

itdrvM1.bmp

eec54cda91b4fcfb2604ab69cb979ae0

PC bitmap, Windows 3.x format, 128 x 77 x 24, image size 29570, resolution 2834 x 2834 px/m, cbSize 29624, bits offset 54

itdrvM2.bmp

8fb8b65bf2fb5e9a4ec877aa4a8e8126

PC bitmap, Windows 3.x format, 128 x 77 x 24, image size 29570, resolution 2834 x 2834 px/m, cbSize 29624, bits offset 54

itdrvM3.bmp

bd87205afe90ae2a72b5bb4a5fe0a84a

PC bitmap, Windows 3.x format, 128 x 77 x 32, image size 39426, resolution 2834 x 2834 px/m, cbSize 39480, bits offset 54

itdrvab.chm

ac046b7fbe994627d8e9c9c94dd147db

MS Windows HtmlHelp Data

itdrvab.xml

21ffa154617ae256fc34aadef63fef37

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvbp.chm

0f28b23c9f2fa78789bb837dc6b3c666

MS Windows HtmlHelp Data

itdrvbp.xml

9521496d09bfcf7bd31172501dda0198

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvcp.chm

330bc11c0f4ee51178387081331a68ed

MS Windows HtmlHelp Data

itdrvcp.xml

7a3be00d2e8af65c7608db7d7f09de7a

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvct.chm

0f64ea258c14a3d09910eff0b83679d8

MS Windows HtmlHelp Data

itdrvct.xml

5b1a96e19a04b34a5b5f868b62cbdb0e

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvcz.chm

8359752670793680bb48570bd741856c

MS Windows HtmlHelp Data

itdrvcz.xml

edda9e96b2b1e043c44481820172890f

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvdn.chm

46c0427756cc06e02ee1d54b48d0b0ae

MS Windows HtmlHelp Data

itdrvdn.xml

a0d10f491c83188cfe64d837f8e7a222

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvdt.chm

8d381d90a300f0971384e4800d5a42ae

MS Windows HtmlHelp Data

itdrvdt.xml

783bd3bcbbf4f61fcc2d3a868a28907c

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvdu.dll

8249cf79d7afce93949ab5f0cf04352b

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

itdrvel.chm

1175ef68a64c348d7e15acc323a017c0

MS Windows HtmlHelp Data

itdrvel.xml

90999644fc066d47a81efca094799419

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrven.chm

0bc94e015a45d6d903e4ae1026e5ee69

MS Windows HtmlHelp Data

itdrven.xml

46efe1a3e874756a7cd2dfe89e496294

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvex.exe

f326fdaa02b75bda7c8d4b083473044c

PE32+ executable (console) x86-64, for MS Windows, 5 sections

itdrvf.xml

87cdb46526eaf57b189ffdcdd66250b7

XML 1.0 document, ASCII text

itdrvfi.chm

30ba9cb9f3fdecb2ef295031e7613702

MS Windows HtmlHelp Data

itdrvfi.xml

0b1c44727c97f85f4f831e65d03b3624

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvfn.chm

d500d5a231e9dad8ebd45b5209e8603d

MS Windows HtmlHelp Data

itdrvfn.xml

b003bbd434ffc8612392f0a5f9190b61

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvgr.chm

72f9a9d89f8b4858673114c9e2bb753e

MS Windows HtmlHelp Data

itdrvgr.xml

7f01293bd315df2d0bdc3f426ed336d2

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvhb.chm

7fac4cdbd2ba281323fd743986b39b32

MS Windows HtmlHelp Data

itdrvhb.xml

59372f8097e932bbcb6947d7193a33f5

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvhu.chm

f24d2359569b65481a8e76e17e73c8e5

MS Windows HtmlHelp Data

itdrvhu.xml

9a541a2d9549c5b8e5713df369de2f99

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvio.dll

913df4cdb13bbfca5739f96a9025e51f

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

itdrvit.chm

dec9f684cbcbaab5543ca670e5e19114

MS Windows HtmlHelp Data

itdrvit.xml

c432b2ac5f80b4c5b176b31f6a233e55

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvkr.chm

d85ccb74cbc4ef6a4bd47efa1664563d

MS Windows HtmlHelp Data

itdrvkr.xml

a8bafc60d7bec263ec1e4ff6c26ba0ac

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvlf.dll

0ebc259abeaf4513ead2e7018b2e03b2

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

itdrvm.dll

74817d52f8cc50819f192755d67b63e3

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

itdrvn.dll

43a0a4f7c73dcf4384acb6c6c6feeb2a

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

itdrvnr.chm

bf7755a1ec861120608f40723d9f0ebf

MS Windows HtmlHelp Data

itdrvnr.xml

557f5dcd57c3c420ace42226d6730293

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvo.dll

4f498e95d45f7502ba9e68e4299704bd

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

itdrvpc.dll

8564d9b4794e0e28312601091237ed18

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

itdrvpo.chm

f08ad5330f2bbbedec000cf1accd2d5d

MS Windows HtmlHelp Data

itdrvpo.xml

82c7abe7c817e02ae79726a29a943baf

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvpp.dll

e30b7e95b69f3516b4d4c426813b9233

PPD file, version "4.3"

itdrvpt.chm

253d790104625af3e7bbb6e44365ba1b

MS Windows HtmlHelp Data

itdrvpt.xml

740faa0877162915e1c42800afee70c5

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvru.chm

877c98fab26b0614dcdc20364914bc84

MS Windows HtmlHelp Data

itdrvru.xml

71bc8b634ed5aef614b00656aa7cdfff

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvsc.dll

47d264d941bd23a2aecede42fa935c7c

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

itdrvsf.dll

e482faafb4ad9ad3496688473f3bd8de

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

itdrvsp.chm

01368930d536bd497e5e61c4adea80c8

MS Windows HtmlHelp Data

itdrvsp.xml

fb5921f957d534b22ba4af598de2aa40

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvsw.chm

c94f91ad7960521bb857e99abbcbbccd

MS Windows HtmlHelp Data

itdrvsw.xml

06b4ebf871b01e1ad917f42960c51de7

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvtk.chm

4f77c6fbfc3712c390527ac387af2701

MS Windows HtmlHelp Data

itdrvtk.xml

67799f4d2a169d9dd52a7fcd56f7907e

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

itdrvuc.dll

5fe5eecce8de6e7a720ad4d6e30c9d30

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

itdrvum.dll

e88d5ec952ee759b477f3b7c409bc678

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

itdrvum.xml

45bc8811a2cf5564f1cbbebeaa6af83b

XML 1.0 document, ASCII text, with CRLF line terminators

itdrvur.dll

62b9ecceb43949178e7af9440a7b23ad

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 2 sections

itdrvxc.bmp

351df9163297d2f694d217fc599040ed

PC bitmap, Windows 3.x format, 51 x 17 x 24, image size 2652, cbSize 2706, bits offset 54

itdrvyc.BMP

5699ca6733923adb6735f9fadcea791b

PC bitmap, Windows 3.x format, 753 x 217 x 24, image size 490420, resolution 2834 x 2834 px/m, cbSize 490474, bits offset 54

ssp7m.cat

25b0e1a671164013697a22c63400a1ba

DER Encoded PKCS#7 Signed Data

ssp7m.inf

cc93c02ab2b9f72b3c40021f1f81328b

Windows setup INFormation

ssp7mc.xml

5260f0d1c99e30720bc0cb9537098182

XML 1.0 document, ASCII text, with CRLF line terminators

ssp7ml6.SMT

fc0d8413a9c5e61cce901db270764857

Generic INItialization configuration [DevMon]

ssp7ml6.dll

6490e8960c28412ede6a3a8d7a030946

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

ssp7mp.xml

0ffc073c804107b271b1b1daade2066a

XML 1.0 document, ASCII text

ssp7mpp.ver

1ef7bfa3166f3c02b13dc697e2a0407a

Windows setup INFormation

ssp7msc.cts

9d9a848e768ec0a6c45aa869814d01ac

data

ssp7mu.bmp

5ba990ad747c2c92d1c42a09b496fa4e

PC bitmap, Windows 3.x format, 117 x 197 x 24, image size 69346, resolution 2834 x 2834 px/m, cbSize 69400, bits offset 54

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	Detect pe file that no import table

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	dr-dl-4.xyz/drv/old/NTx64-Laser-ML-1660-drp.zip	89.41.180.203	200 OK	4.9 MB
URL User Request GET HTTP/1.1 dr-dl-4.xyz/drv/old/NTx64-Laser-ML-1660-drp.zip IP 89.41.180.203:443 ASN #25198 Interkvm Host Srl Certificate IssuerLet's Encrypt Subjectdr-dl-4.xyz FingerprintB5:BA:48:A9:8B:9D:7B:22:B6:1C:D2:D5:0E:56:7D:EB:CA:6E:4C:54 ValidityMon, 12 Feb 2024 17:40:37 GMT - Sun, 12 May 2024 17:40:36 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 4.9 MB (4892803 bytes) Hash 45482b3e44b45b1c1f7332155a401eac 71ecb70fbc0aea77768ec31b65b545f0ef79c933 8d5f6de0ff88acab0e0e32ae62f85a4c0d2c1f5244c69ced657764ac612061a5 HTTP Headers `GET /drv/old/NTx64-Laser-ML-1660-drp.zip HTTP/1.1 Host: dr-dl-4.xyz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx-n.wtf/1.25.2 Date: Thu, 28 Mar 2024 16:48:54 GMT Content-Type: application/zip Content-Length: 4892803 Last-Modified: Sun, 24 Mar 2024 01:40:51 GMT Connection: keep-alive ETag: "65ff84a3-4aa883" Accept-Ranges: bytes`

dr-dl-4.xyz/drv/old/NTx64-Laser-ML-1660-drp.zip

89.41.180.203

200 OK

4.9 MB

URL User Request GET HTTP/1.1
dr-dl-4.xyz/drv/old/NTx64-Laser-ML-1660-drp.zip
IP
89.41.180.203:443
ASN
#25198 Interkvm Host Srl

Certificate
IssuerLet's Encrypt
Subjectdr-dl-4.xyz
FingerprintB5:BA:48:A9:8B:9D:7B:22:B6:1C:D2:D5:0E:56:7D:EB:CA:6E:4C:54
ValidityMon, 12 Feb 2024 17:40:37 GMT - Sun, 12 May 2024 17:40:36 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
4.9 MB (4892803 bytes)
Hash
45482b3e44b45b1c1f7332155a401eac
71ecb70fbc0aea77768ec31b65b545f0ef79c933
8d5f6de0ff88acab0e0e32ae62f85a4c0d2c1f5244c69ced657764ac612061a5

HTTP Headers

GET /drv/old/NTx64-Laser-ML-1660-drp.zip HTTP/1.1
Host: dr-dl-4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx-n.wtf/1.25.2
Date: Thu, 28 Mar 2024 16:48:54 GMT
Content-Type: application/zip
Content-Length: 4892803
Last-Modified: Sun, 24 Mar 2024 01:40:51 GMT
Connection: keep-alive
ETag: "65ff84a3-4aa883"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (80)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers