Report - cdn.discordapp.com/attachments/1236287126266708041/1236358576445067284/Zevix.zip?ex=6637b827&is=663666a7&hm=0a88fe11476c0aa438a4ef5a49ea5b780101db93bd7f116c8ca7842c8ad4d2fb&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1236287126266708041/1236358576445067284/Zevix.zip?ex=6637b827&is=663666a7&hm=0a88fe11476c0aa438a4ef5a49ea5b780101db93bd7f116c8ca7842c8ad4d2fb&
IP
162.159.135.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-05 01:56:28
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-05-03	627 B	5.2 MB	162.159.129.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1236287126266708041/1236358576445067284/Zevix.zip?ex=6637b827&is=663666a7&hm=0a88fe11476c0aa438a4ef5a49ea5b780101db93bd7f116c8ca7842c8ad4d2fb&
IP
162.159.129.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
5.2 MB (5247209 bytes)
Hash
76b8f934727d1cb04d5118003f54caec
b669a8d26768e881adb6b62d41b5d26706bf7306
9bc395e8d917a78e8fcd7ae9c15809adc88ec2d94ae9653c83d71b73130bb270

Archive (30)

Filename

Md5

File type

........exe

c0c619de03e340dde39c277a2f07f064

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows, 2 sections

api-ms-win-crt-convert-l1-1-0.dll

0485c463cd8d2ae1cbd42df6f0591246

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

api-ms-win-crt-filesystem-l1-1-0.dll

1193f810519fbc07beb3ffbad3247fc4

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

api-ms-win-crt-heap-l1-1-0.dll

a22f9a4cbd701209842b204895fedf37

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

api-ms-win-crt-locale-l1-1-0.dll

ba17b278fff2c18e34e47562ddde8166

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

api-ms-win-crt-math-l1-1-0.dll

c4cac2d609bb5e0da9017ebb535634ce

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

api-ms-win-crt-runtime-l1-1-0.dll

894e538fbd29d9af2dac82abbb798aa8

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

api-ms-win-crt-stdio-l1-1-0.dll

5df2410c0afd30c9a11de50de4798089

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

api-ms-win-crt-string-l1-1-0.dll

aacade02d7aaf6b5eff26a0e3a11c42d

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

Bunifu_UI_v1.52.dll

5eca94d909f1ba4c5f3e35ac65a49076

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

FastColoredTextBox.dll

8610f4d3cdc6cc50022feddced9fdaeb

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

krnlss.exe.config

4e52057cb69568eabd73c2de2fd730d2

XML 1.0 document, ASCII text, with CRLF line terminators

krnlss.pdb

7bb9ce7d2fa3272c2c2d4a25182c91f5

MSVC program database ver 7.00, 512*127 bytes

libcurl.dll

e31f5136d91bad0fcbce053aac798a30

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

Microsoft.Web.WebView2.Core.dll

851fee9a41856b588847cf8272645f58

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Web.WebView2.WinForms.dll

4cf94ffa50fd9bdc0bb93cceaede0629

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Web.WebView2.Wpf.dll

34ec990ed346ec6a4f14841b12280c20

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

msvcp140.dll

7b92a6cb5d2cad407c457ab12d2b211d

PE32+ executable (DLL) (console) x86-64, for MS Windows, 7 sections

Newtonsoft.Json.dll

195ffb7167db3219b217c4fd439eedd6

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

README.txt

66ca41dbf84816b6199b489d0517db9f

ASCII text, with no line terminators

Siticone.UI.dll

750c58af2e56b6addecffcf152520ab8

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Solara.dll

901c7a2b9a298ca8e012077b3863845b

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

sxlib.dll

354da04946a3d1ec07dbf8d5e242cf65

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

sxlib.xml

f5165aa4f945d70a8a13b89744208c8d

XML 1.0 document, ASCII text, with CRLF line terminators

vcruntime140.dll

7a2b8cfcd543f6e4ebca43162b67d610

PE32+ executable (DLL) (console) x86-64, for MS Windows, 7 sections

WebView2Loader.dll

7bf24896b80f336c1d16b488f89fef34

PE32+ executable (DLL) (console) x86-64, for MS Windows, 10 sections

Wpf.Ui.dll

aead90ab96e2853f59be27c4ec1e4853

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

ws2_32.dll

f1fafc04216614ec5c7b8c6a82394dfd

PE32+ executable (DLL) (console) x86-64, for MS Windows, 8 sections

Zenvix.lnk

6c25e1836c7e94a0263887f0bd9b8268

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sat May 4 14:34:50 2024, mtime=Sat May 4 16:36:58 2024, atime=Sat May 4 15:42:11 2024, length=520192, window=hide

zlib1.dll

75365924730b0b2c1a6ee9028ef07685

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
VirusTotal	suspicious	VirusTotal - Scan result 5/67

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

cdn.discordapp.com/attachments/1236287126266708041/1236358576445067284/Zevix.zip?ex=6637b827&is=663666a7&hm=0a88fe11476c0aa438a4ef5a49ea5b780101db93bd7f116c8ca7842c8ad4d2fb&

162.159.129.233

200 OK

5.2 MB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1236287126266708041/1236358576445067284/Zevix.zip?ex=6637b827&is=663666a7&hm=0a88fe11476c0aa438a4ef5a49ea5b780101db93bd7f116c8ca7842c8ad4d2fb&
IP
162.159.129.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
5.2 MB (5247209 bytes)
Hash
76b8f934727d1cb04d5118003f54caec
b669a8d26768e881adb6b62d41b5d26706bf7306
9bc395e8d917a78e8fcd7ae9c15809adc88ec2d94ae9653c83d71b73130bb270

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 5/67

HTTP Headers

GET /attachments/1236287126266708041/1236358576445067284/Zevix.zip?ex=6637b827&is=663666a7&hm=0a88fe11476c0aa438a4ef5a49ea5b780101db93bd7f116c8ca7842c8ad4d2fb& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 01:55:59 GMT
content-type: application/zip
content-length: 5247209
cf-ray: 87ed1c8629b8569b-OSL
cf-cache-status: HIT
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="Zevix.zip"
etag: "76b8f934727d1cb04d5118003f54caec"
expires: Mon, 05 May 2025 01:55:59 GMT
last-modified: Sat, 04 May 2024 16:47:35 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1714841255117422
x-goog-hash: crc32c=ixupFw==, md5=drj5NHJ9HLBNURgAP1TK7A==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 5247209
x-guploader-uploadid: ABPtcPr0l9IQJvnCe07trIxwEGaw9x5079W-DdYa9XAJFHMTCYaHHEo-U6wf2lIwW3H_wJwdEKc
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rHjKokQEqCFzeAJDCPz3w1yB5iWmN06vlnw7nKQApxrb7rk34Nw68MAuUz9p6xDaTNaXqvuPIWzXONs1sQXb9SrlyhOD4NiNTPs1O5DBjT%2BHY7Bpt9xGm1SJnKZlSB33FMvroA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=1vMC8ZfGrFyGYrTtP_Qs9slAE0oq.RnEJCkGrK1WLN0-1714874159-1.0.1.1-XA7QPaFY1ZKIao2l10SlYf7xdRjnNzDeDHa8ug9JhOEbaVWv8813TrhT_uiC36F_LPIHasjA2TEvGxu1OM7xuw; path=/; expires=Sun, 05-May-24 02:25:59 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=FDhOiZtJuh1EXh3XS1Ntgb7dUJtqBNAI1axvN7KN9b8-1714874159105-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (30)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers