Report Overview
Submitted URL
sk-data.special-k.info/redist/WinRing0_32.7z
IP
104.18.42.227
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-23 17:46:33
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
7
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
sk-data.special-k.info | unknown | 2020-07-28 | 2020-08-04 | 2024-04-17 | 498 B | 34 kB | 104.18.42.227 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
No alerts detected
Files detected
URL
sk-data.special-k.info/redist/WinRing0_32.7z
IP
104.18.42.227
ASN
#13335 CLOUDFLARENET
File type
7-zip archive data, version 0.4
Size
33 kB (33430 bytes)
Hash
f7d441d534b37441b08bdd1a6c4642b5
94921471ec82ad1222a2524030b8f6c00b8844ee
Archive (4)
Filename | Md5 | File type | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
WinRing0.dll | ee9de580406199f0f6789e90c68e2fc5 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||||||||
WinRing0.sys | 845af1ba23c8d5e64def61bcc441604c
| PE32 executable (native) Intel 80386, for MS Windows, 6 sections | |||||||||
WinRing0x64.dll | 168625537e17442935de4ab929f4e7e3 | PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections | |||||||||
WinRing0x64.sys | 0c0195c48b6b8582fa6f6373032118da
| PE32+ executable (native) x86-64, for MS Windows, 6 sections |
Detections
Analyzer | Verdict | Alert |
---|---|---|
Public Nextron YARA rules | malware | Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - WinRing0x64.sys |
YARAhub by abuse.ch | malware | signed_sys_with_vulnerablity |
Public Nextron YARA rules | malware | Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - WinRing0x64.sys |
YARAhub by abuse.ch | malware | signed_sys_with_vulnerablity |
VirusTotal | suspicious |
JavaScript (0)
HTTP Transactions (1)
URL | IP | Response | Size | |||||||
---|---|---|---|---|---|---|---|---|---|---|
sk-data.special-k.info/redist/WinRing0_32.7z | 104.18.42.227 | 200 OK | 33 kB | |||||||
Detections
HTTP Headers
| ||||||||||