Report - www.xyplorer.com/download/xyplorer_full_noinstall.zip

Report Overview

Submitted URL
www.xyplorer.com/download/xyplorer_full_noinstall.zip
IP
5.35.226.108
ASN
#20773 Host Europe GmbH
Submitted
2024-03-28 14:48:37
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.starfieldtech.com	6616	2003-03-06	2012-06-22	2024-03-28	334 B	2.7 kB	192.124.249.24
www.xyplorer.com	unknown	2005-11-25	2014-01-15	2024-03-27	507 B	7.6 MB	5.35.226.108

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.xyplorer.com/download/xyplorer_full_noinstall.zip
IP
5.35.226.108
ASN
#20773 Host Europe GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
7.6 MB (7618053 bytes)
Hash
5c704ee87e41987daa241c44b1959f6b
fde3700b3fdef7a9cff2689d27bf85fb0b6bf400
297efeca9e16097c8ab5dec4e3d5a435ea7081533dd0215e4873cb0e67220a5e

Archive (15)

Filename

Md5

File type

CatalogDefault.dat

32347ea582d16f46c661b69620ec9412

data

LicenseXY.txt

b2c57bbadebe138f1df8b3402ff6d614

ASCII text, with very long lines (649), with CRLF line terminators

ReadmeXY.txt

0c2b4543bb15c1a2e16d31c4bbc66ad8

ASCII text, with CRLF, LF line terminators

XY64.exe

5070e9dd3b66cbcfc22b5a84cf2fd0bb

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows, 2 sections

XY64contents.exe

6f59936a9a8a389d360473f2fad7fd89

PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, 3 sections

XY64ctxmenu.exe

fe0743cc303d677aa0b9e57173b15e68

PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, 3 sections

XYcopy.exe

a9e5a5fb2e725f713c9f0bc2ae593b1e

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

XYicon_FolderDenied.ico

9bb57041aa193ac42335b8527dda1550

MS Windows icon resource - 8 icons, 256x256, 32 bits/pixel, 64x64, 32 bits/pixel

XYicon_FolderEmpty.ico

1076970501aeaa8613f9d68431bdd643

MS Windows icon resource - 8 icons, 256x256, 32 bits/pixel, 64x64, 32 bits/pixel

XYicon_FolderGeneric.ico

f3a52c02f649b39454968c78bdbbfc87

MS Windows icon resource - 8 icons, 256x256, 32 bits/pixel, 64x64, 32 bits/pixel

XYicon_FolderGray.ico

a1b5bc4323dfe3c35d309f70f76d6941

MS Windows icon resource - 8 icons, 256x256, 32 bits/pixel, 64x64, 32 bits/pixel

XYicon_FolderGreen.ico

432485e775bee34d8ec2dd4262d1fff7

MS Windows icon resource - 8 icons, 256x256, 32 bits/pixel, 64x64, 32 bits/pixel

XYplorer Website.url

575a53e2fb988f8d3607a7a6289a366d

MS Windows 95 Internet shortcut text (URL=<https://www.xyplorer.com>), ASCII text, with CRLF line terminators

XYplorer.chm

d521d05e01444effe92e7a15390b4c06

MS Windows HtmlHelp Data

XYplorer.exe

08c30fd5a4fad4216f75d25f064cd4f6

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	ocsp.starfieldtech.com/	192.124.249.24		2.1 kB
URL ocsp.starfieldtech.com/ IP 192.124.249.24:0 ASN #30148 SUCURI-SEC File type data Size 2.1 kB (2149 bytes) Hash 936cd4f718355e29cc8a324ec4db3b0b 9a9d3e0f7f7957441a62b034071e6e9044ae6299 f528cacf1fdc9fd5438896d080e4cfe670f3c0677e2dbc6c696d13b2c8dd3850 HTTP Headers `POST / HTTP/1.1 Host: ocsp.starfieldtech.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 76 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: Sucuri/Cloudproxy Date: Thu, 28 Mar 2024 14:48:08 GMT Content-Type: application/ocsp-response Content-Length: 2149 Connection: keep-alive X-Sucuri-ID: 19024 Content-Transfer-Encoding: Binary Cache-Control: public, no-transform, must-revalidate Last-Modified: Thu, 28 Mar 2024 01:44:50 GMT Expires: Fri, 29 Mar 2024 01:44:50 GMT ETag: "9a9d3e0f7f7957441a62b034071e6e9044ae6299" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"`

	www.xyplorer.com/download/xyplorer_full_noinstall.zip	5.35.226.108	200 OK	7.6 MB
URL User Request GET HTTP/1.1 www.xyplorer.com/download/xyplorer_full_noinstall.zip IP 5.35.226.108:443 ASN #20773 Host Europe GmbH Certificate IssuerStarfield Technologies, Inc. Subjectwww.xyplorer.com Fingerprint90:06:18:83:C7:FC:A2:55:72:AB:25:1C:53:4C:14:65:E4:B0:44:39 ValidityWed, 31 May 2023 12:50:14 GMT - Sun, 30 Jun 2024 12:50:14 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 7.6 MB (7618053 bytes) Hash 5c704ee87e41987daa241c44b1959f6b fde3700b3fdef7a9cff2689d27bf85fb0b6bf400 297efeca9e16097c8ab5dec4e3d5a435ea7081533dd0215e4873cb0e67220a5e HTTP Headers `GET /download/xyplorer_full_noinstall.zip HTTP/1.1 Host: www.xyplorer.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 14:48:09 GMT Content-Type: application/zip Content-Length: 7618053 Connection: keep-alive Server: Apache Last-Modified: Fri, 22 Mar 2024 20:28:01 GMT ETag: "743e05-61445a90c7e0d" Accept-Ranges: bytes`