Report - gearelectric.com/Drivers/Lectores/Eseek.zip

Report Overview

Submitted URL
gearelectric.com/Drivers/Lectores/Eseek.zip
IP
104.26.13.80
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-24 12:21:00
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gearelectric.com	unknown	2009-04-16	2016-03-24	2024-03-23	497 B	6.8 MB	172.67.74.37

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
gearelectric.com/Drivers/Lectores/Eseek.zip
IP
172.67.74.37
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
6.8 MB (6836295 bytes)
Hash
84976c62ecd7d0a240453bec9b5888d9
23f8003627d24cedb77c615708dde6d47c67b807
273698071efd4615157d9c668191b8b3842e4df0756eb927ab0f1804dfbee27c

Archive (51)

Filename

Md5

File type

ftbusui.dll

f26a5992bb85f44f8549316d3c06c471

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

ftcserco.dll

b73f39179dbfd876d334f311d2ada3b7

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

ftd2xx.lib

9734b823f8d5288e86f64909ba6c0345

current ar archive

ftd2xx64.dll

3522b23c7f3601dc9c0c40a44161d319

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

ftdibus.sys

ed07200cff78facfb66ebb0b89f503a4

PE32+ executable (native) x86-64, for MS Windows, 8 sections

ftlang.dll

d01615d10a747cb2b9e27383e0ac922d

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

ftser2k.sys

9980e7584484a009e77e9bfa14c0c18a

PE32+ executable (native) x86-64, for MS Windows, 9 sections

ftserui2.dll

091f948b0dabedb5a09a07f0c943a75a

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

ftbusui.dll

d7d7bcaa10ba26ff5eb321f7a4dcd896

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ftcserco.dll

487faf37fb02576985cb9eca08a02a36

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

ftd2xx.dll

0733bb807c9b5595da9ae67ac36b207e

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ftd2xx.lib

eaf4bfdae903fbc992e60c9c99ca6a30

current ar archive

ftdibus.sys

8142d5d886829b9876cb93af59475c09

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

ftlang.dll

5de30774f10ae3f899d2ed25991c8243

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ftser2k.sys

63d72a4cf9f163b59db0ceed940a7d76

PE32 executable (native) Intel 80386, for MS Windows, 8 sections

ftserui2.dll

f5727d21c6dc2b7e6727a03ac8145662

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

ftd2xx.lib

5f42bcbbca71ad1eda5367e995f792e7

current ar archive

ftd2xx.lib

045aa6057a9ba146e2034daa27a23821

current ar archive

ftd2xx.h

a2caf2d07e8780f4efc0d1108f85f935

C source, ISO-8859 text, with CRLF line terminators

ftdibus.cat

45bf636c63a43e79ad1c64942825cfff

DER Encoded PKCS#7 Signed Data

ftdibus.inf

db6fbc0900f8934c8cc189ef397108e9

Windows setup INFormation

ftdiport.cat

63b4ea9a2afe95f6f5c298f4d2e7db66

DER Encoded PKCS#7 Signed Data

ftdiport.inf

d3110e629179976cd3f8c70c1bc03ef8

Windows setup INFormation

ftbusui.dll

d5db6c652610096c0914a7ddcf3c47ad

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

ftcserco.dll

41b3a096ae7a9e5c0911c3d3395acb6a

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

ftd2xx.lib

09679c5fea9ed95296f1352870b7636f

current ar archive

ftd2xx64.dll

c9a65f15b64199bda63654cc7038aad4

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

ftdibus.sys

281a153b01d414f894506026c08a6adb

PE32+ executable (native) x86-64, for MS Windows, 8 sections

ftlang.dll

ace9f364b1a8a15e96ee7d638d32b522

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

ftser2k.sys

cc4801e9eeeeff877229db0796cdf5a6

PE32+ executable (native) x86-64, for MS Windows, 9 sections

ftserui2.dll

10307791e5266d453341e1e8c3994a57

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

ftbusui.dll

491cb58d70fa2570c8fdbd0f0d320819

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ftcserco.dll

52e3d4cb0a6175e4eed7640eec81e930

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

ftd2xx.dll

8d0c321d548678921926a72a109c108e

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ftd2xx.lib

08c5145b73931dd34dd7fca3a90122d0

current ar archive

ftdibus.sys

f8c2888b12253d8390c94887ffb699f2

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

ftlang.dll

e2d7ffef02dd5b15961af5f46026de4c

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ftser2k.sys

f0ca4e7bc5af32080069c2df83ba6690

PE32 executable (native) Intel 80386, for MS Windows, 8 sections

ftserui2.dll

2eb996fe60c05769d573889b59521852

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

ftd2xx.lib

ac86ce528ddda5172e719d13fd940252

current ar archive

ftd2xx.lib

7803c4f5f3e322d768a635cf3eaf9bbc

current ar archive

ftd2xx.h

c4b007c136bda74976704806d36feae3

C source, ASCII text, with CRLF line terminators

ftdibus.cat

c1e337fd06e8c44eb434e4a6f547fd85

DER Encoded PKCS#7 Signed Data

ftdibus.inf

133ada53d16e51b0b7661d478573625c

Windows setup INFormation

ftdiport.cat

71f072a5592448e05097163b21957ec9

DER Encoded PKCS#7 Signed Data

ftdiport.inf

e19e870d7e97b0429b0b9a0ddf666788

Windows setup INFormation

Cable_Inst_Win2000.pdf

dc1db61d6c43e2673322fa6acea96ce8

PDF document, version 1.2, 6 pages

autorun.inf

c14c468795575bce73d84989262479b4

Microsoft Windows Autorun file

setup.exe

ca4d56abba85c97023f2e236dc82c4aa

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

SETUP.LST

55e5e940f836829ef7fcd477d5fc99f5

Generic INItialization configuration [Bootstrap Files]

SPS1.CAB

d7fc224d91764de24b79021d043e1765

Microsoft Cabinet archive data, many, 3030485 bytes, 22 files, at 0x1830 last modified Sun, Dec 30 2003 15:44:34 +A "SPS1.exe" last modified Sun, Jun 19 2003 11:05:04 +A "MSVBVM60.DLL", flags 0x4, ID 20342, number 1, extra bytes 6144 in head, 202 datablocks, 0x1 compression

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	gearelectric.com/Drivers/Lectores/Eseek.zip	172.67.74.37	200 OK	6.8 MB
URL User Request GET HTTP/2 gearelectric.com/Drivers/Lectores/Eseek.zip IP 172.67.74.37:443 ASN #13335 CLOUDFLARENET Certificate IssuerLet's Encrypt Subjectgearelectric.com Fingerprint76:F7:17:DD:B5:DB:E8:44:23:B2:A6:63:DD:5C:FE:54:3A:5A:CA:78 ValiditySat, 23 Mar 2024 05:04:43 GMT - Fri, 21 Jun 2024 05:04:42 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 6.8 MB (6836295 bytes) Hash 84976c62ecd7d0a240453bec9b5888d9 23f8003627d24cedb77c615708dde6d47c67b807 273698071efd4615157d9c668191b8b3842e4df0756eb927ab0f1804dfbee27c HTTP Headers `GET /Drivers/Lectores/Eseek.zip HTTP/1.1 Host: gearelectric.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 24 Apr 2024 12:20:33 GMT content-type: application/zip content-length: 6836295 last-modified: Thu, 27 Jul 2017 23:42:40 GMT etag: "685047-555551ebf7c00" cache-control: max-age=1800 cf-cache-status: MISS accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R2u62IqdsseVo0wa1IKW%2BCywPfCoQxFNMStP8MvY%2F5RJH%2BPunkQKmhLtQpBZV8qkq4%2FzFlQM18LwENFp3y7F%2BKbNYWcV3G5AyOm9AfILFnoyYNE6GltoQQVPra1WSYT4obY%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 87960c45dbb9568b-OSL X-Firefox-Spdy: h2

gearelectric.com/Drivers/Lectores/Eseek.zip

172.67.74.37

200 OK

6.8 MB

URL User Request GET HTTP/2
gearelectric.com/Drivers/Lectores/Eseek.zip
IP
172.67.74.37:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectgearelectric.com
Fingerprint76:F7:17:DD:B5:DB:E8:44:23:B2:A6:63:DD:5C:FE:54:3A:5A:CA:78
ValiditySat, 23 Mar 2024 05:04:43 GMT - Fri, 21 Jun 2024 05:04:42 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
6.8 MB (6836295 bytes)
Hash
84976c62ecd7d0a240453bec9b5888d9
23f8003627d24cedb77c615708dde6d47c67b807
273698071efd4615157d9c668191b8b3842e4df0756eb927ab0f1804dfbee27c

HTTP Headers

GET /Drivers/Lectores/Eseek.zip HTTP/1.1
Host: gearelectric.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 12:20:33 GMT
content-type: application/zip
content-length: 6836295
last-modified: Thu, 27 Jul 2017 23:42:40 GMT
etag: "685047-555551ebf7c00"
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R2u62IqdsseVo0wa1IKW%2BCywPfCoQxFNMStP8MvY%2F5RJH%2BPunkQKmhLtQpBZV8qkq4%2FzFlQM18LwENFp3y7F%2BKbNYWcV3G5AyOm9AfILFnoyYNE6GltoQQVPra1WSYT4obY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87960c45dbb9568b-OSL
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (51)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers