Report - download.enuoyun.com/rjxz/YINUO365/productsv3/AppUpgradeTools/UpgradeTool.zip

Report Overview

Submitted URL
download.enuoyun.com/rjxz/YINUO365/productsv3/AppUpgradeTools/UpgradeTool.zip
IP
120.52.95.248
ASN
#133119 China Unicom IP network
Submitted
2024-03-29 14:49:15
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
download.enuoyun.com	unknown	2015-11-05	2022-07-17	2024-03-28	718 B	2.0 MB	218.12.76.160

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
download.enuoyun.com/rjxz/YINUO365/productsv3/AppUpgradeTools/UpgradeTool.zip
IP
120.52.95.248
ASN
#133119 China Unicom IP network

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.0 MB (1954054 bytes)
Hash
46f2be826a04b4803bcd0b545b3a53b1
ea98f946e1dff6ac2abb57bc1e96bcc15938944d
a53dfb3c08c1c2c5d0a62e10c3ab62a1af8ad6815f6f7074ca6da5fb5dd98fe5

Archive (38)

Filename

Md5

File type

AppUpgradeTool.ini

f758e1d552f800eaa64843baf3d82366

ASCII text, with CRLF line terminators

ICSharpCode.SharpZipLib.dll

c8164876b6f66616d68387443621510c

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Newtonsoft.Json.DLL

b5342325cf3993565c1dbfe030e6fc43

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

ProDownload.INI

3cf67f5e6d6109c3fdb48b5cbd8ea672

ASCII text, with CRLF line terminators

EnvironmentalLoad26x26.gif

ac2532aeed4e4f4fc4b8dfa2cdd8c156

GIF image data, version 89a, 30 x 30

ProgressBarLoading.gif

f4df3bbe4b53957f20af084377116771

GIF image data, version 89a, 332 x 6

bgJiaZai.png

46367e90468b2f4cdaa6a29d341ebc56

PNG image data, 354 x 84, 8-bit/color RGBA, non-interlaced

bg_B296x78.png

c07f0b312c4358bcbe1a16ea3b1ae20d

PNG image data, 296 x 78, 8-bit/color RGBA, non-interlaced

bg_B400x100.png

e5d31f1e987c9b2deb69723a93a8e0f5

PNG image data, 400 x 100, 8-bit/color RGBA, non-interlaced

btn_B62x26_down.png

56c41407454a682e1ec3e1a84b14c9df

PNG image data, 62 x 26, 8-bit/color RGBA, non-interlaced

btn_B62x26_hover.png

3b7defed84f66a67c662ef04cc2bd9f9

PNG image data, 62 x 26, 8-bit/color RGBA, non-interlaced

btn_B62x26_normal.png

debe14500560183e5c2c1365d9c36fbc

PNG image data, 62 x 26, 8-bit/color RGBA, non-interlaced

btn_HuiB100x30_down.png

6e1a05dff05db1732172183dd7f79dfd

PNG image data, 100 x 30, 8-bit/color RGBA, non-interlaced

btn_HuiB100x30_normal.png

ae69547220b66a4a1427590388dc67f2

PNG image data, 100 x 30, 8-bit/color RGBA, non-interlaced

btn_LanB100x30_down.png

80ca4aa6cc0769819340c959a8c0d85c

PNG image data, 100 x 30, 8-bit/color RGBA, non-interlaced

btn_LanB100x30_hover.png

99af40db656898f5f211c844c8dc2e15

PNG image data, 100 x 30, 8-bit/color RGBA, non-interlaced

btn_LanB100x30_normal.png

6291cf9a34167d3a4b3270eb1c2aa26c

PNG image data, 100 x 30, 8-bit/color RGBA, non-interlaced

btn_guanbi_down.png

082b1e2cd7137ae1686f4eb0787cfa51

PNG image data, 28 x 28, 8-bit/color RGB, non-interlaced

btn_guanbi_normal.png

25ab808472e024a96fcdc21644d81395

PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced

icon_Aisino.png

96f9bed73329c6a46e97d123121cbcdf

PNG image data, 34 x 7, 8-bit/color RGBA, non-interlaced

icon_chenggong.png

4cc78c1147fb6dae4a5111142eb2d379

PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced

icon_jingshi.png

4a213d7d71f24c4e60c8354ebbad898c

PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced

icon_shuikongpanshuiwushuzizhengshu.png

e82f39dac4dd8bb9cf2af126defa5bb4

PNG image data, 20 x 13, 8-bit/color RGBA, non-interlaced

icon_tanhao.png

6712c6627b051f45e212cf7ef1d77327

PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced

icon_yingyongzhichengpingtaikongjian.png

fd1f85c57b12c0424438d296ba958a11

PNG image data, 41 x 7, 8-bit/color RGBA, non-interlaced

icon_yunshuipiaoguanjia.png

9c85461a565e71ffef01a9f177308119

PNG image data, 20 x 18, 8-bit/color RGBA, non-interlaced

ProgressBar.gif

c2a18dc256bd483b649e6fb6068f97c5

GIF image data, version 89a, 280 x 6

bgJiaZai.png

46367e90468b2f4cdaa6a29d341ebc56

PNG image data, 354 x 84, 8-bit/color RGBA, non-interlaced

btn_JiaZaiguanbi_normal.png

a3aae4e841c2b77d1154f3f520b75769

PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced

btn_JiaZaiguanbia_down.png

be6828533c04e73bc23fec4df84b99eb

PNG image data, 14 x 14, 8-bit/color RGB, non-interlaced

UpdateService.DLL

a7b90f47b13f6e68ac7077bbf24af2ab

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Upgrade.DLL

6c0790081c873810cb6732cdd8671a40

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

YCSAppUpgradeFrm.exe

25f9cc185e5594e7e52e6d11c61a115f

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

borlndmm.dll

0cf6c24c611c58fe8b85da545dd68364

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

clientRequestInf.dll

e4e6f8c3971ad5f9a8706f6d28a1346c

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

libeay32.dll

8b043541fbb07831c731566dbc1175a9

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

post.dll

b5bf709cff9544e4aa77b6699318e1c4

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

ssleay32.dll

39068a91d3cfa868182ad8c4fe8ce12c

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	suspicious	VirusTotal - Scan result 1/62

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

download.enuoyun.com/

218.12.76.160

612 B

URL
download.enuoyun.com/
IP
218.12.76.160:0
ASN
#4837 CHINA UNICOM China169 Backbone

File type
HTML document, ASCII text
Size
612 B (612 bytes)
Hash
e3eb0a1df437f3f97a64aca5952c8ea0
7dd71afcfb14e105e80b0c0d7fce370a28a41f0a
38ffd4972ae513a0c79a8be4573403edcd709f0f572105362b08ff50cf6de521

HTTP Headers

GET / HTTP/1.1
Host: download.enuoyun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 14:48:51 GMT
Content-Type: text/html
Content-Length: 612
Connection: keep-alive
Server: openresty
Last-Modified: Fri, 07 Apr 2023 02:15:46 GMT
ETag: "642f7cd2-264"
X-Frame-Options: SAMEORIGIN
X-CCDN-Expires: 604800
via: CHN-HEshijiazhuang-AREACUCC1-CACHE34[72],CHN-HEshijiazhuang-AREACUCC1-CACHE29[0,TCP_HIT,64],CHN-TJ-GLOBAL1-CACHE59[3],CHN-TJ-GLOBAL1-CACHE99[0,TCP_HIT,2]
x-hcs-proxy-type: 1
X-CCDN-CacheTTL: 604800
nginx-hit: 1
Age: 20588485
Accept-Ranges: bytes

download.enuoyun.com/rjxz/YINUO365/productsv3/AppUpgradeTools/UpgradeTool.zip

120.52.95.248

200 OK

2.0 MB

URL User Request GET HTTP/1.1
download.enuoyun.com/rjxz/YINUO365/productsv3/AppUpgradeTools/UpgradeTool.zip
IP
120.52.95.248:80
ASN
#133119 China Unicom IP network

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.0 MB (1954054 bytes)
Hash
46f2be826a04b4803bcd0b545b3a53b1
ea98f946e1dff6ac2abb57bc1e96bcc15938944d
a53dfb3c08c1c2c5d0a62e10c3ab62a1af8ad6815f6f7074ca6da5fb5dd98fe5

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/62

HTTP Headers

GET /rjxz/YINUO365/productsv3/AppUpgradeTools/UpgradeTool.zip HTTP/1.1
Host: download.enuoyun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 14:48:52 GMT
Content-Type: application/zip
Content-Length: 1954054
Connection: keep-alive
Server: openresty
ETag: "628dd960-1dd106"
Last-Modified: Wed, 25 May 2022 07:23:12 GMT
X-Frame-Options: SAMEORIGIN
X-CCDN-Expires: 596117
via: CHN-HElangfang-AREACUCC1-CACHE43[63],CHN-HElangfang-AREACUCC1-CACHE26[0,TCP_HIT,60],CHN-TJ-GLOBAL1-CACHE65[6],CHN-TJ-GLOBAL1-CACHE37[0,TCP_HIT,3]
x-hcs-proxy-type: 1
X-CCDN-CacheTTL: 2592000
nginx-hit: 1
Age: 58258231
Accept-Ranges: bytes