Report - rm-downloads.logicnow.com/fmplugin_binaries/fmplugin_core-release

Report Overview

Submitted URL
rm-downloads.logicnow.com/fmplugin_binaries/fmplugin_core-release_1.5.51-2055f4be-2.zip
IP
130.117.53.35
ASN
#174 COGENT-174
Submitted
2024-04-19 17:38:56
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
rm-downloads.logicnow.com	197058	2004-01-15	2016-06-24	2024-04-19	541 B	14 MB	154.49.70.16

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
rm-downloads.logicnow.com/fmplugin_binaries/fmplugin_core-release_1.5.51-2055f4be-2.zip
IP
154.49.70.16
ASN
#174 COGENT-174

File type
Zip archive data, at least v1.0 to extract, compression method=deflate
Size
14 MB (13540555 bytes)
Hash
ddb98d3e0bf7ff1d68b79e654a8a4536
3d54ba5cc089a1494395a33a03785387c7411ed5
da2d2dd57b4871ec113a40a9bf1dd3ba20213751e617ef1e762e1b8bbb8d87d1

Archive (18)

Filename

Md5

File type

AV.dll

630b70e6bf116de711e6cdc065af0707

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections

FMPluginCore.dll

41363ea1e7f7ec95c221dbce95d796be

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections

Qt5Core.dll

1ea85baff94060443721f5c35c19e813

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Qt5Network.dll

57a9c5f9dfdc9c5b62e6354aecd00a34

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Qt5Qml.dll

6f197aebe963a8ba04d7e5ee306d5137

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ScriptLauncher.js

f6e1b4ef07fecd793b3e6fab62efe486

ASCII text, with CRLF line terminators

backup.dll

ba1711bb52dab6e6ef727550d62487ad

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections

checkapi.dll

842f438bd6dc8b3051e03adcddf1fa6d

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections

externalapi.dll

48fda3889d7fa838c669aefd8040dc91

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections

fmplugin.exe

39540124bcb7f523630b9651052a3fed

PE32 executable (console) Intel 80386, for MS Windows, 6 sections

legacy.dll

d24b2bb63d7d9f81e73c171d13cfddfa

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections

libeay32.dll

948d815450da018a550175a188ae3119

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 8 sections

libssl32.dll

c917e76dff703f3029d3b6fc3d105bad

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

logger.dll

52ca0f6a09776fba3601253acb1a2248

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections

network.dll

a9771abc501dfe3383dbfbf2cd2309b3

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections

performance.dll

a7fd424a36982007b32af0a2d0e63b98

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections

ssleay32.dll

c917e76dff703f3029d3b6fc3d105bad

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

vcredist_x86.exe

6a3a1760342ea699d5e6df1f2a1c7707

PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	rm-downloads.logicnow.com/fmplugin_binaries/fmplugin_core-release_1.5.51-2055f4be-2.zip	154.49.70.16	200 OK	14 MB
URL User Request GET HTTP/1.1 rm-downloads.logicnow.com/fmplugin_binaries/fmplugin_core-release_1.5.51-2055f4be-2.zip IP 154.49.70.16:443 ASN #174 COGENT-174 Certificate IssuerLet's Encrypt Subjectrm-downloads.logicnow.com FingerprintAB:94:D3:53:4D:1A:1D:DF:85:B6:69:8B:C7:02:DD:35:61:7B:CA:D7 ValidityThu, 07 Mar 2024 14:02:10 GMT - Wed, 05 Jun 2024 14:02:09 GMT File type Zip archive data, at least v1.0 to extract, compression method=deflate Size 14 MB (13540555 bytes) Hash ddb98d3e0bf7ff1d68b79e654a8a4536 3d54ba5cc089a1494395a33a03785387c7411ed5 da2d2dd57b4871ec113a40a9bf1dd3ba20213751e617ef1e762e1b8bbb8d87d1 HTTP Headers GET /fmplugin_binaries/fmplugin_core-release_1.5.51-2055f4be-2.zip HTTP/1.1 Host: rm-downloads.logicnow.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 17:38:25 GMT Content-Type: application/zip Content-Length: 13540555 Connection: keep-alive Last-Modified: Wed, 28 Feb 2024 14:08:48 GMT ETag: "13e1baa97ef0f9024aad5c984c3cd41c-2" Server: n-able-nginx X-Served-by: p-uk-lon-cdn-web-01 Expires: Fri, 19 Apr 2024 18:38:25 GMT Cache-Control: max-age=3600 X-Cached: HIT Accept-Ranges: bytes`

rm-downloads.logicnow.com/fmplugin_binaries/fmplugin_core-release_1.5.51-2055f4be-2.zip

154.49.70.16

200 OK

14 MB

URL User Request GET HTTP/1.1
rm-downloads.logicnow.com/fmplugin_binaries/fmplugin_core-release_1.5.51-2055f4be-2.zip
IP
154.49.70.16:443
ASN
#174 COGENT-174

Certificate
IssuerLet's Encrypt
Subjectrm-downloads.logicnow.com
FingerprintAB:94:D3:53:4D:1A:1D:DF:85:B6:69:8B:C7:02:DD:35:61:7B:CA:D7
ValidityThu, 07 Mar 2024 14:02:10 GMT - Wed, 05 Jun 2024 14:02:09 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=deflate
Size
14 MB (13540555 bytes)
Hash
ddb98d3e0bf7ff1d68b79e654a8a4536
3d54ba5cc089a1494395a33a03785387c7411ed5
da2d2dd57b4871ec113a40a9bf1dd3ba20213751e617ef1e762e1b8bbb8d87d1

HTTP Headers

GET /fmplugin_binaries/fmplugin_core-release_1.5.51-2055f4be-2.zip HTTP/1.1
Host: rm-downloads.logicnow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 17:38:25 GMT
Content-Type: application/zip
Content-Length: 13540555
Connection: keep-alive
Last-Modified: Wed, 28 Feb 2024 14:08:48 GMT
ETag: "13e1baa97ef0f9024aad5c984c3cd41c-2"
Server: n-able-nginx
X-Served-by: p-uk-lon-cdn-web-01
Expires: Fri, 19 Apr 2024 18:38:25 GMT
Cache-Control: max-age=3600
X-Cached: HIT
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (18)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers