Report - dl-dr-4.xyz/drv/common/Logitech_QuickCam_for_Notebooks_Deluxe

Report Overview

Submitted URL
dl-dr-4.xyz/drv/common/Logitech_QuickCam_for_Notebooks_Deluxe_IM2007.zip
IP
89.41.180.201
ASN
#25198 Interkvm Host Srl
Submitted
2024-04-17 05:49:14
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dl-dr-4.xyz	unknown	2023-06-04	2023-06-04	2024-04-14	526 B	1.3 MB	89.41.180.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	dl-dr-4.xyz	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
dl-dr-4.xyz/drv/common/Logitech_QuickCam_for_Notebooks_Deluxe_IM2007.zip
IP
89.41.180.201
ASN
#25198 Interkvm Host Srl

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
1.3 MB (1324740 bytes)
Hash
e192f13a44c7e0ddc511e328a0f1bdf6
483d20d58832375f53b482532c0d5b46762417ae
ca1982a6073e24fb9f91cd092112502a8a061e7835fe419bca4a15172a9ea87c

Archive (17)

Filename

Md5

File type

LV302V32.SYS

3f96dcd4ac98c8e0d3c03c24fd49a2fe

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

LVUI2.dll

684d00458b9ba1bd1791941b93bd764d

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

LVUI2RC.dll

18f9a0ce4177871de1abcea412b95b77

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

LVUSBSta.sys

caef4c05ba2c1acad4ebcaa4261cd55d

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

Repository.reg

0a69602562bdc17cd88c6cd75986004f

Windows Registry little-endian text (Win2K or above)

WUApp32.exe

de09078c2d88f7dc0afa68a096af1d83

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

lv302af.sys

c5d5ea6a29523e0f6016741e9851c6db

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

lvPEPIc.cat

2a49505a2849ea3ffe7e9e6cd5dcc013

DER Encoded PKCS#7 Signed Data

lvPEPIc.inf

1257c65afb564c5ee99b7c3d78ec7f96

Windows setup INFormation

lvPEPIs.cat

ee08ea2ec4ea414fcfbac01a8afcc78c

DER Encoded PKCS#7 Signed Data

lvPEPIs.inf

7c4d0431c1d6bf05ef833a5cbe972862

Windows setup INFormation

lvPEPIv.cat

d238a788e27f9d7614ad06f2ce96e284

DER Encoded PKCS#7 Signed Data

lvPEPIv.inf

9c53f3fea8d62b042aabb2c4f6c1b840

Windows setup INFormation

lvWIAext.dll

da6f8c876d63dee0d049df1dbc0c947b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

lvcodec2.dll

be6d1ef65b6ee4bc20a754ba2e82fe11

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

lvcoinst.dll

a556abb7eba2cc565669764f32955f09

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

lvcoinst.ini

6a0f93cdbc34321bb0aded2d427f04da

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

dl-dr-4.xyz/drv/common/Logitech_QuickCam_for_Notebooks_Deluxe_IM2007.zip

89.41.180.201

200 OK

1.3 MB

URL User Request GET HTTP/1.1
dl-dr-4.xyz/drv/common/Logitech_QuickCam_for_Notebooks_Deluxe_IM2007.zip
IP
89.41.180.201:443
ASN
#25198 Interkvm Host Srl

Certificate
IssuerLet's Encrypt
Subjectdl-dr-4.xyz
Fingerprint53:DD:DB:48:8D:08:FB:F2:91:BC:7E:7F:53:67:F2:0A:7A:45:32:C1
ValidityMon, 12 Feb 2024 17:40:09 GMT - Sun, 12 May 2024 17:40:08 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
1.3 MB (1324740 bytes)
Hash
e192f13a44c7e0ddc511e328a0f1bdf6
483d20d58832375f53b482532c0d5b46762417ae
ca1982a6073e24fb9f91cd092112502a8a061e7835fe419bca4a15172a9ea87c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /drv/common/Logitech_QuickCam_for_Notebooks_Deluxe_IM2007.zip HTTP/1.1
Host: dl-dr-4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx-n.wtf/1.25.2
Date: Wed, 17 Apr 2024 05:48:47 GMT
Content-Type: application/zip
Content-Length: 1324740
Last-Modified: Thu, 27 Oct 2022 00:56:37 GMT
Connection: keep-alive
ETag: "6359d745-1436c4"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (17)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers