Report - veagle.fr/downloads/weathget_update

Report Overview

Submitted URL
veagle.fr/downloads/weathget_update_latest.zip
IP
82.66.55.238
ASN
#12322 Free SAS
Submitted
2024-04-26 18:43:02
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
veagle.fr	unknown	2022-09-15	2022-09-16	2023-08-21	500 B	15 MB	82.66.55.238

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
veagle.fr/downloads/weathget_update_latest.zip
IP
82.66.55.238
ASN
#12322 Free SAS

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
15 MB (15432280 bytes)
Hash
4737a8a10744d21a2b0f47864f851531
8738184f64b258fdf466bf16d9bcb601cb4a199c
0984a8257f98d0a810aadab6e02eaa5979173db265b3835f5a3c5a4cfcb2472c

Archive (43)

Filename

Md5

File type

airports.sqlite3

51a13bca318392f9adbcc2ed35e1775e

SQLite 3.x database, last written using SQLite version 3037000, file counter 4214, database pages 90, cookie 0x1, schema 4, UTF-8, version-valid-for 4214

favorites.txt

5f43769b97e6ea2ca5c888d8c3903d75

ASCII text, with CRLF line terminators

qgif.dll

679924dd7caee80cf0d29de8640a119e

PE32+ executable (DLL) (console) x86-64, for MS Windows, 15 sections

qicns.dll

c065018c70831fa5cd92abcba0c2ac26

PE32+ executable (DLL) (console) x86-64, for MS Windows, 15 sections

qico.dll

8aa57f5118a4723549e5c891e0f757ba

PE32+ executable (DLL) (console) x86-64, for MS Windows, 15 sections

qjpeg.dll

52f9f4b621eac98f670a19f6d362b31b

PE32+ executable (DLL) (console) x86-64, for MS Windows, 15 sections

qsvg.dll

1e994674bbdec27fa63c4f9984b2b7c7

PE32+ executable (DLL) (console) x86-64, for MS Windows, 15 sections

qtga.dll

97cbaacd75ef91495ad63cc1007ba9be

PE32+ executable (DLL) (console) x86-64, for MS Windows, 15 sections

qtiff.dll

97d98286d2cc07a1ff24c4d7891e5698

PE32+ executable (DLL) (console) x86-64, for MS Windows, 15 sections

qwbmp.dll

4fbf1578c24bc6c59f8b0448f436cdfb

PE32+ executable (DLL) (console) x86-64, for MS Windows, 15 sections

qwebp.dll

ea860d2505c3dc2d6dbc9959d5a03762

PE32+ executable (DLL) (console) x86-64, for MS Windows, 15 sections

bkn.png

f4a6fd3df33dcb3e6e465f170fee0fdb

PNG image data, 44 x 28, 8-bit colormap, non-interlaced

few.png

62ccfdd9dd781caae1d6740e616b6cbf

PNG image data, 44 x 28, 8-bit colormap, non-interlaced

ovc.png

3c4f42cf726bb5cb7aa110f80ee969b5

PNG image data, 44 x 28, 8-bit colormap, non-interlaced

sct.png

912ba34b41cf9a95cf8dc72da67ce893

PNG image data, 44 x 28, 8-bit colormap, non-interlaced

skc.png

b4a3e4c811c0ad8a170822766a541e81

PNG image data, 44 x 28, 8-bit colormap, non-interlaced

icon.ico

38b1175c29307e9d3d7f4a643eb3cc45

MS Windows icon resource - 1 icon, 124x124, 32 bits/pixel

icon.png

9d5d3971aeb1032c5cdadae72bb5b090

PNG image data, 124 x 124, 8-bit colormap, non-interlaced

icon.rc

c40156ab08f00a65a345807d95af5b39

ASCII text, with no line terminators

image0.png

a46c28ebded61fcd62c9decefb0a6872

PNG image data, 272 x 362, 8-bit/color RGBA, non-interlaced

image1.png

4fc88ab3b515608e468d21ded55fb044

PNG image data, 272 x 362, 8-bit/color RGBA, non-interlaced

libgcc_s_seh-1.dll

a839c13c8fcd337a056d62a005a6aee7

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections

libstdc++-6.dll

44f0f8c88e813509aa1eecd3acdbe261

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections

libwinpthread-1.dll

11e800f423c7fcc83afcf43ba30b3784

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 12 sections

qwindows.dll

00dee2f8d78b610dad73fc9ca8df8004

PE32+ executable (DLL) (console) x86-64, for MS Windows, 15 sections

Qt6Core.dll

35ada1d2b8a8fecd2071372e3ba6b899

PE32+ executable (DLL) (console) x86-64, for MS Windows, 14 sections

Qt6Gui.dll

c8927d10a074f23b83c8291dd6c33919

PE32+ executable (DLL) (console) x86-64, for MS Windows, 14 sections

Qt6Network.dll

6307b635673ed329b7cbca8a3939be37

PE32+ executable (DLL) (console) x86-64, for MS Windows, 14 sections

Qt6Sql.dll

277123a9739ad2743181a5f9698cb2bc

PE32+ executable (DLL) (console) x86-64, for MS Windows, 14 sections

Qt6Svg.dll

31690b683046f9f6a05d5dffb8deda1e

PE32+ executable (DLL) (console) x86-64, for MS Windows, 14 sections

Qt6Widgets.dll

7fdf004c8f13d68d14972081f6abff40

PE32+ executable (DLL) (console) x86-64, for MS Windows, 14 sections

qsqlite.dll

bc0c0b220225f12611b78ce00577b9c6

PE32+ executable (DLL) (console) x86-64, for MS Windows, 15 sections

qsqlmysql.dll

c70319714c84d26e262da4684706e3d5

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 14 sections

qsqlodbc.dll

ae5ffcc8c582fe23d21a0d8067a0be4f

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 13 sections

qsqlpsql.dll

3695a7fc41398280bad9d67185b14054

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 13 sections

qwindowsvistastyle.dll

de0afaab9d9a8897133ab885f5e8fc05

PE32+ executable (DLL) (console) x86-64, for MS Windows, 15 sections

qcertonlybackend.dll

b5c38d06e842b79d0cace13a09e12ff1

PE32+ executable (DLL) (console) x86-64, for MS Windows, 15 sections

qopensslbackend.dll

4cb4e4496a99777f6ddc2d9485fc2d46

PE32+ executable (DLL) (console) x86-64, for MS Windows, 15 sections

qschannelbackend.dll

2571b5c76929661127d53386cf4f3370

PE32+ executable (DLL) (console) x86-64, for MS Windows, 15 sections

version.txt

d0e5f27655754425719bae64b4186dce

ASCII text, with no line terminators

wget.exe

110cb537820e636f68063b52240d76e1

PE32 executable (console) Intel 80386, for MS Windows, 11 sections

Update.bat

4c5490af5a8e5e6597b4d96d41d22096

DOS batch file, ASCII text, with CRLF line terminators

WeathGet.exe

cbf0858a93e0b9794ca9613848ccd869

PE32+ executable (GUI) x86-64, for MS Windows, 20 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	veagle.fr/downloads/weathget_update_latest.zip	82.66.55.238	200 OK	15 MB
URL User Request GET HTTP/1.1 veagle.fr/downloads/weathget_update_latest.zip IP 82.66.55.238:443 ASN #12322 Free SAS Certificate IssuerLet's Encrypt Subjectveagle.fr Fingerprint75:31:38:97:A4:E6:98:BC:F6:DA:78:5F:FA:81:5C:5D:8B:08:CC:A8 ValidityFri, 26 Apr 2024 16:14:24 GMT - Thu, 25 Jul 2024 16:14:23 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 15 MB (15432280 bytes) Hash 4737a8a10744d21a2b0f47864f851531 8738184f64b258fdf466bf16d9bcb601cb4a199c 0984a8257f98d0a810aadab6e02eaa5979173db265b3835f5a3c5a4cfcb2472c HTTP Headers `GET /downloads/weathget_update_latest.zip HTTP/1.1 Host: veagle.fr User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 18:42:27 GMT Server: Apache/2.4.58 (Debian) X-Frame-Options: DENY Content-Security-Policy: default-src 'self' 'unsafe-inline' https://acabou.veagle.fr; X-Content-Type-Options: nosniff Access-Control-Allow-Origin: https://acabou.veagle.fr Accept-Ranges: bytes Cache-Control: public, max-age=0 Last-Modified: Tue, 24 Oct 2023 23:31:43 GMT ETag: W/"eb7a58-18b64079fa6" Content-Type: application/zip Content-Length: 15432280 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive

veagle.fr/downloads/weathget_update_latest.zip

82.66.55.238

200 OK

15 MB

URL User Request GET HTTP/1.1
veagle.fr/downloads/weathget_update_latest.zip
IP
82.66.55.238:443
ASN
#12322 Free SAS

Certificate
IssuerLet's Encrypt
Subjectveagle.fr
Fingerprint75:31:38:97:A4:E6:98:BC:F6:DA:78:5F:FA:81:5C:5D:8B:08:CC:A8
ValidityFri, 26 Apr 2024 16:14:24 GMT - Thu, 25 Jul 2024 16:14:23 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
15 MB (15432280 bytes)
Hash
4737a8a10744d21a2b0f47864f851531
8738184f64b258fdf466bf16d9bcb601cb4a199c
0984a8257f98d0a810aadab6e02eaa5979173db265b3835f5a3c5a4cfcb2472c

HTTP Headers

GET /downloads/weathget_update_latest.zip HTTP/1.1
Host: veagle.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 18:42:27 GMT
Server: Apache/2.4.58 (Debian)
X-Frame-Options: DENY
Content-Security-Policy: default-src 'self' 'unsafe-inline' https://acabou.veagle.fr;
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: https://acabou.veagle.fr
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Tue, 24 Oct 2023 23:31:43 GMT
ETag: W/"eb7a58-18b64079fa6"
Content-Type: application/zip
Content-Length: 15432280
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (43)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers