Report - tk-chel.ru/download/AutoGRAPH_DRIVER_NO

Report Overview

Submitted URL
tk-chel.ru/download/AutoGRAPH_DRIVER_NO_GPS-MOUSE.zip
IP
91.225.124.26
ASN
#202800 TechnoKom Ltd
Submitted
2024-03-28 07:52:51
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tk-chel.ru	unknown	2005-01-19	2013-06-07	2024-03-28	507 B	1.2 MB	91.225.124.26

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
tk-chel.ru/download/AutoGRAPH_DRIVER_NO_GPS-MOUSE.zip
IP
91.225.124.26
ASN
#202800 TechnoKom Ltd

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
1.2 MB (1187668 bytes)
Hash
868b46111c23dc184d411176a22abbba
b90cfe804664537eab5d635a19e5ddaa0bc174ac
5f0571b6cd56e420cd975f46efd28c615287a46fa4b2158a4bc2f0639c2f52f0

Archive (23)

Filename

Md5

File type

ftbusui.dll

d5db6c652610096c0914a7ddcf3c47ad

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

ftcserco.dll

41b3a096ae7a9e5c0911c3d3395acb6a

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

ftd2xx.lib

09679c5fea9ed95296f1352870b7636f

current ar archive

ftd2xx64.dll

c9a65f15b64199bda63654cc7038aad4

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

ftdibus.sys

281a153b01d414f894506026c08a6adb

PE32+ executable (native) x86-64, for MS Windows, 8 sections

ftlang.dll

ace9f364b1a8a15e96ee7d638d32b522

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

ftser2k.sys

cc4801e9eeeeff877229db0796cdf5a6

PE32+ executable (native) x86-64, for MS Windows, 9 sections

ftserui2.dll

10307791e5266d453341e1e8c3994a57

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

ftd2xx.h

c4b007c136bda74976704806d36feae3

C source, ASCII text, with CRLF line terminators

ftdibus.cat

c1e337fd06e8c44eb434e4a6f547fd85

DER Encoded PKCS#7 Signed Data

ftdibus.inf

1d34502f1c18e4b39f5246938a7642b8

Windows setup INFormation

ftdiport.cat

71f072a5592448e05097163b21957ec9

DER Encoded PKCS#7 Signed Data

ftdiport.inf

2633290ae7d29b419fbad80840f7ea8d

Windows setup INFormation

ftbusui.dll

491cb58d70fa2570c8fdbd0f0d320819

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ftcserco.dll

52e3d4cb0a6175e4eed7640eec81e930

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

ftd2xx.dll

8d0c321d548678921926a72a109c108e

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ftd2xx.lib

08c5145b73931dd34dd7fca3a90122d0

current ar archive

ftdibus.sys

f8c2888b12253d8390c94887ffb699f2

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

ftlang.dll

e2d7ffef02dd5b15961af5f46026de4c

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ftser2k.sys

f0ca4e7bc5af32080069c2df83ba6690

PE32 executable (native) Intel 80386, for MS Windows, 8 sections

ftserui2.dll

2eb996fe60c05769d573889b59521852

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

ftd2xx.lib

ac86ce528ddda5172e719d13fd940252

current ar archive

ftd2xx.lib

7803c4f5f3e322d768a635cf3eaf9bbc

current ar archive

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	tk-chel.ru/download/AutoGRAPH_DRIVER_NO_GPS-MOUSE.zip	91.225.124.26	200 OK	1.2 MB
URL User Request GET HTTP/1.1 tk-chel.ru/download/AutoGRAPH_DRIVER_NO_GPS-MOUSE.zip IP 91.225.124.26:443 ASN #202800 TechnoKom Ltd Certificate IssuerLet's Encrypt Subjecttk-chel.ru FingerprintB6:17:54:77:D6:5F:5E:E7:8F:C2:83:58:CC:75:CF:94:78:FD:01:1D ValidityMon, 26 Feb 2024 07:09:56 GMT - Sun, 26 May 2024 07:09:55 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 1.2 MB (1187668 bytes) Hash 868b46111c23dc184d411176a22abbba b90cfe804664537eab5d635a19e5ddaa0bc174ac 5f0571b6cd56e420cd975f46efd28c615287a46fa4b2158a4bc2f0639c2f52f0 HTTP Headers `GET /download/AutoGRAPH_DRIVER_NO_GPS-MOUSE.zip HTTP/1.1 Host: tk-chel.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 07:52:25 GMT Server: Apache/2.4.56 (Debian) Last-Modified: Thu, 05 Mar 2020 11:09:31 GMT ETag: "121f54-5a01992412138" Accept-Ranges: bytes Content-Length: 1187668 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/zip`

tk-chel.ru/download/AutoGRAPH_DRIVER_NO_GPS-MOUSE.zip

91.225.124.26

200 OK

1.2 MB

URL User Request GET HTTP/1.1
tk-chel.ru/download/AutoGRAPH_DRIVER_NO_GPS-MOUSE.zip
IP
91.225.124.26:443
ASN
#202800 TechnoKom Ltd

Certificate
IssuerLet's Encrypt
Subjecttk-chel.ru
FingerprintB6:17:54:77:D6:5F:5E:E7:8F:C2:83:58:CC:75:CF:94:78:FD:01:1D
ValidityMon, 26 Feb 2024 07:09:56 GMT - Sun, 26 May 2024 07:09:55 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
1.2 MB (1187668 bytes)
Hash
868b46111c23dc184d411176a22abbba
b90cfe804664537eab5d635a19e5ddaa0bc174ac
5f0571b6cd56e420cd975f46efd28c615287a46fa4b2158a4bc2f0639c2f52f0

HTTP Headers

GET /download/AutoGRAPH_DRIVER_NO_GPS-MOUSE.zip HTTP/1.1
Host: tk-chel.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 07:52:25 GMT
Server: Apache/2.4.56 (Debian)
Last-Modified: Thu, 05 Mar 2020 11:09:31 GMT
ETag: "121f54-5a01992412138"
Accept-Ranges: bytes
Content-Length: 1187668
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (23)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers