Report - da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910

Report Overview

Submitted URL
da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.51.823.0.zip
IP
89.41.180.194
ASN
#25198 Interkvm Host Srl
Submitted
2024-04-20 13:09:47
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
da-4.xyz	unknown	2023-06-04	2023-06-04	2024-04-18	517 B	7.3 MB	89.41.180.194

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-20 13:09:18	medium	89.41.180.194	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.51.823.0.zip
IP
89.41.180.194
ASN
#25198 Interkvm Host Srl

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
7.3 MB (7290375 bytes)
Hash
3a82e03dd4901d925cf8862c0159e485
5a358b755779b1f0d2ec5ff47e8f07df7f3140bd
ce77de779e59c2c1cf7d54e3873bd3cb89c35c14a8e1a15f4317fb90d8c4aad5

Archive (24)

Filename

Md5

File type

DevManagerCore.dll

da2e38cf8ff24983115f3adf4ffd166b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

LVAFT.cfg

835c775a6871d2a2ea6fc343b6b4c9a2

data

LVUI2.dll

ba3658cec8f480bc0f73586bd1fa733f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

LVUI2RC.dll

e00c75cd57c2d4d2c577cef6518c78b2

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

LVUI64.dll

3e990ba3fe6324795d162cc9b70edde1

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

LVUIRC64.dll

c2bdaba279274bddcfcd1ee5b444e0a5

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

LogiDPP.dll

7dd35a545c6dd6521e7840fd2eaf9662

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

LogiDPPApp.exe

482dee3a48422a1d545a0907ec32cdf1

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Repository.reg

d61937b3b6f0eb457f1c052ce49962ab

Windows Registry little-endian text (Win2K or above)

WUApp64.exe

a199688c963ac56f88c57ef763bf93af

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

lPRO564c.cat

b4530c87d30dbc41ca8cef3940232c37

DER Encoded PKCS#7 Signed Data

lPRO564s.cat

c62db6d0a6b66e97ec55689a5f0c72dd

DER Encoded PKCS#7 Signed Data

lPRO564v.cat

446e296ff80f8837090f43bd427b8a68

DER Encoded PKCS#7 Signed Data

lpro564c.inf

52ff4c9d4960e5cf61acc6c06517d7a8

Windows setup INFormation

lpro564s.inf

2a174b7137de8bcb3250090fa997bbfe

Windows setup INFormation

lpro564v.inf

71b165ed5d051f53562b589f4d00ab69

Windows setup INFormation

lvbflt64.sys

0c5b0df7ef9f719ebae9f8fe70e083a9

PE32+ executable (native) x86-64, for MS Windows, 6 sections

lvcod64.dll

afa895e3c42500fe3ec5f76c828f90a5

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

lvcodec2.dll

b8213f40ce0e635c9ff9910bd75ad026

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

lvcoin64.dll

62641b50b9d2fde44e583afa8380e02a

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

lvcoin64.ini

bcd7159b6f32f03f394dfbc9f925398f

ASCII text, with CRLF line terminators

lvrs64.sys

a401cff74982d8df851f20307c806073

PE32+ executable (native) x86-64, for MS Windows, 9 sections

lvuvc64.sys

13384cb5f5813e65f31078d6abfaaf38

PE32+ executable (native) x86-64, for MS Windows, 11 sections

resolution_13_0_0.xml

6af7938dfef94eae9db2bc1b1bcdabd5

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.51.823.0.zip	89.41.180.194	200 OK	7.3 MB
URL User Request GET HTTP/1.1 da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.51.823.0.zip IP 89.41.180.194:443 ASN #25198 Interkvm Host Srl Certificate IssuerLet's Encrypt Subjectda-4.xyz Fingerprint91:57:E2:93:DE:BB:C6:22:C5:82:A0:FC:3A:D6:83:C9:1E:2A:DA:02 ValidityMon, 12 Feb 2024 17:40:23 GMT - Sun, 12 May 2024 17:40:22 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 7.3 MB (7290375 bytes) Hash 3a82e03dd4901d925cf8862c0159e485 5a358b755779b1f0d2ec5ff47e8f07df7f3140bd ce77de779e59c2c1cf7d54e3873bd3cb89c35c14a8e1a15f4317fb90d8c4aad5 HTTP Headers GET /drv/common/Logitech_HD_Pro_Webcam_C910_13.51.823.0.zip HTTP/1.1 Host: da-4.xyz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Server: nginx-n.wtf/1.25.2 Date: Sat, 20 Apr 2024 13:09:18 GMT Content-Type: application/zip Content-Length: 7290375 Last-Modified: Wed, 26 Oct 2022 18:11:56 GMT Connection: keep-alive ETag: "6359786c-6f3e07" Accept-Ranges: bytes`

da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.51.823.0.zip

89.41.180.194

200 OK

7.3 MB

URL User Request GET HTTP/1.1
da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.51.823.0.zip
IP
89.41.180.194:443
ASN
#25198 Interkvm Host Srl

Certificate
IssuerLet's Encrypt
Subjectda-4.xyz
Fingerprint91:57:E2:93:DE:BB:C6:22:C5:82:A0:FC:3A:D6:83:C9:1E:2A:DA:02
ValidityMon, 12 Feb 2024 17:40:23 GMT - Sun, 12 May 2024 17:40:22 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
7.3 MB (7290375 bytes)
Hash
3a82e03dd4901d925cf8862c0159e485
5a358b755779b1f0d2ec5ff47e8f07df7f3140bd
ce77de779e59c2c1cf7d54e3873bd3cb89c35c14a8e1a15f4317fb90d8c4aad5

HTTP Headers

GET /drv/common/Logitech_HD_Pro_Webcam_C910_13.51.823.0.zip HTTP/1.1
Host: da-4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx-n.wtf/1.25.2
Date: Sat, 20 Apr 2024 13:09:18 GMT
Content-Type: application/zip
Content-Length: 7290375
Last-Modified: Wed, 26 Oct 2022 18:11:56 GMT
Connection: keep-alive
ETag: "6359786c-6f3e07"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (24)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers