Report - angusj.com/resourcehacker/resource

Report Overview

Submitted URL
angusj.com/resourcehacker/resource_hacker.zip
IP
203.170.87.121
ASN
#38719 Dreamscape Networks Limited
Submitted
2024-05-10 08:27:37
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
zerossl.ocsp.sectigo.com	4049	2018-08-16	2020-05-09	2024-05-09	336 B	1.2 kB	172.64.149.23
angusj.com	unknown	2005-06-03	2017-02-12	2024-04-15	499 B	3.4 MB	203.170.87.121

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
angusj.com/resourcehacker/resource_hacker.zip
IP
203.170.87.121
ASN
#38719 Dreamscape Networks Limited

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.4 MB (3360054 bytes)
Hash
b1f79f26558459d1b401ba9ece2e8d66
03aa64a9feb456c615c2507fd513e2aa1d3dd37e
f958db1d239e69051145777de9943b267a3230cc3d140599b48cf024e2c8b3a2

Archive (19)

Filename

Md5

File type

changes.txt

3938d371b34418ef015862fa6366d408

ASCII text, with CRLF line terminators

index.htm

f08a81ca2b1289550410900ba27c5428

HTML document, Non-ISO extended-ASCII text, with very long lines (977), with CRLF line terminators

manual.htm

54b8ae8d24a96fa2409c79bd0a17bbf9

HTML document, ASCII text, with very long lines (695), with CRLF line terminators

rh_binary.png

c22e951d566d4f04c9a05ada367beafe

PNG image data, 791 x 466, 8-bit/color RGBA, non-interlaced

rh_dlg_ctrl.png

1ddee97a31b52af6e8a5e718b5b02c08

PNG image data, 741 x 540, 8-bit/color RGBA, non-interlaced

rh_dlg_edit.png

b6577c2a048e6f9fa588994345a21400

PNG image data, 791 x 514, 8-bit/color RGBA, non-interlaced

rh_icon.png

0513c11177a2ede618d8fc375f9c3767

PNG image data, 720 x 439, 8-bit/color RGBA, non-interlaced

rh_main_menu.png

059b8d9d9210a957341559519c11631d

PNG image data, 803 x 493, 8-bit/color RGBA, non-interlaced

rh_menu2.png

e8c68e4731ab42aa9409038c49d3f6c3

PNG image data, 738 x 400, 8-bit/color RGBA, non-interlaced

rh_mnu_ctrl.png

fdcbca2d23fcfcef63b83d6f5b6ab044

PNG image data, 793 x 563, 8-bit/color RGBA, non-interlaced

rh_scrpt.png

7e05fab546b2ae94772dc473972a05f7

PNG image data, 731 x 488, 8-bit/color RGBA, non-interlaced

rh_scrpt_err.png

6375eeeed145ad7248f72345483e5731

PNG image data, 803 x 478, 8-bit/color RGBA, non-interlaced

ReadMe.txt

538f09449b7ffc050fb12c809431032c

Non-ISO extended-ASCII text, with very long lines (430), with CRLF line terminators

ResourceHacker.exe

d8440bc5507c119b5a7d90f9ca0a263e

PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections

sample1.bmp

33c08e769e9102bd239d4f23f9c1e7c1

PC bitmap, Windows 3.x format, 128 x 128 x 24, cbSize 49206, bits offset 54

sample1.h

9ea831b0b6f4145cd5435c0906288e84

ASCII text, with CRLF line terminators

sample1.inc

909e3d388d1ebeff5425f8f1796752d0

ASCII text, with CRLF line terminators

sample1.rc

c1f17dae01e11d6b302fcac1209662b2

HTML document, ASCII text, with CRLF line terminators

Sample2.dll

1c55bc68c0b41bd7cc58bf0d47e65d86

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/69

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

zerossl.ocsp.sectigo.com/

172.64.149.23

728 B

URL
zerossl.ocsp.sectigo.com/
IP
172.64.149.23:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
728 B (728 bytes)
Hash
32de8b3b16529c7834c48d36dedd17ed
36763afece6efda9a076220e5af92ac70f0b9026
d6ace097529ec0a7ceccb8b7bacddd2b2dd06db697a71f782044dd49b8c95da6

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 08:27:11 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Wed, 08 May 2024 03:50:43 GMT
Expires: Wed, 15 May 2024 03:50:42 GMT
Etag: "36763afece6efda9a076220e5af92ac70f0b9026"
Cache-Control: max-age=414810,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 88188c74df2c568b-OSL

angusj.com/resourcehacker/resource_hacker.zip

203.170.87.121

200 OK

3.4 MB

URL User Request GET HTTP/2
angusj.com/resourcehacker/resource_hacker.zip
IP
203.170.87.121:443
ASN
#38719 Dreamscape Networks Limited

Certificate
IssuerZeroSSL
Subjectangusj.com
Fingerprint03:E9:2C:AA:AB:D8:4D:D8:D2:89:A3:C9:D1:1C:35:65:A1:BC:EF:CC
ValidityWed, 13 Mar 2024 00:00:00 GMT - Tue, 11 Jun 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.4 MB (3360054 bytes)
Hash
b1f79f26558459d1b401ba9ece2e8d66
03aa64a9feb456c615c2507fd513e2aa1d3dd37e
f958db1d239e69051145777de9943b267a3230cc3d140599b48cf024e2c8b3a2

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/69

HTTP Headers

GET /resourcehacker/resource_hacker.zip HTTP/1.1
Host: angusj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 08:27:12 GMT
content-type: application/zip
content-length: 3360054
last-modified: Sun, 19 Nov 2023 10:21:23 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (19)

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers