| info.boomcollaboration.com/hubfs/Product%20Software/Software%20upgrade%20tool/PC%20USBUpdateTool.exe?hsLang=en |  199.60.103.226 | 200 OK | 3.4 MB |
URL User Request GET HTTP/2info.boomcollaboration.com/hubfs/Product%20Software/Software%20upgrade%20tool/PC%20USBUpdateTool.exe?hsLang=en IP199.60.103.226:443 ASN#209242 Cloudflare London, LLC
CertificateIssuerGoogle Trust Services LLC Subjectinfo.boomcollaboration.com Fingerprint93:C3:7C:30:D9:BE:A8:E9:F3:26:E2:BC:12:C0:01:39:13:D9:44:50 ValidityTue, 12 Mar 2024 12:48:45 GMT - Mon, 10 Jun 2024 12:48:44 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections Size3.4 MB (3369472 bytes) Hash4048de94460b0cc06be3ee6b2da2de3c 95cbb2e8e4aceeb62c9f22582d0d69a40b71eec7 f8a6bbc6608767de8348d11fb00a98d248d04df9fe091a9003be77ff1a632219
| Analyzer | Verdict | Alert |
|---|
| YARAhub by abuse.ch | malware | meth_get_eip | | VirusTotal | suspicious | |
GET /hubfs/Product%20Software/Software%20upgrade%20tool/PC%20USBUpdateTool.exe?hsLang=en HTTP/1.1
Host: info.boomcollaboration.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Apr 2024 03:41:21 GMT
content-type: application/x-dosexec
content-length: 3369472
cf-ray: 8769e0dfbc33b4f1-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
etag: "4048de94460b0cc06be3ee6b2da2de3c"
last-modified: Wed, 15 Nov 2023 19:27:00 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
via: 1.1 c908cbeaf223c80632fd467b8ff1278a.cloudfront.net (CloudFront)
access-control-allow-methods: GET
cache-tag: F-145662246564,FD-55739012239,P-8299957,FLS-ALL
content-security-policy: upgrade-insecure-requests
edge-cache-tag: F-145662246564,FD-55739012239,P-8299957,FLS-ALL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: H1d-HEMEbZcmLf6Lvb1QYMJj7rq5yrmh3cwZcMRGKyokVI75B7bl5Q==
x-amz-cf-pop: ARN1-C1
x-amz-id-2: ccrQF6lk9Opnt0bpZqDoAtls+UBw/d0lvJ4sLXpx3Henhn9LrMWltvT6cb/v18UfJjG9b4fD/fM=
x-amz-meta-cache-tag: F-145662246564,FD-55739012239,P-8299957,FLS-ALL
x-amz-meta-created-unix-time-millis: 1700076383826
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
x-amz-request-id: GH96VSS67TAHXSR5
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-version-id: QvaT0s_CY2n0Q_4tkQePf8Kp6KPJIppd
x-cache: Miss from cloudfront
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-robots-tag: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SsJ5zY5WwUdfdM02JSeH0J5yWK3a8XFORM%2FpGXR9%2Bp3KZeWZN94sGtzU%2FHEMO73uifH8flqjdBy9TjKVSgVJdzO79F6zfPKexrVycTMIFggcNYtRakW6addSRyZsRNu%2FSPsPS6wI9%2FtWByCO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=NjQEhjIHw.Tsx_Kan8KdRWrYMuO9XpitGvyuGyJn330-1713498081-1.0.1.1-KmEkXfAu8utq1VBZg5dFhcoQ3SxH0d_1WMwKFPCAidHgrp4IC8hafMGOdfqJUuqYMpMHgpjeQAQAIdpu.IN..A; path=/; expires=Fri, 19-Apr-24 04:11:21 GMT; domain=.info.boomcollaboration.com; HttpOnly; Secure; SameSite=None
__cfruid=e7a214a726a2f048dd6341dfa2822050cf3d4720-1713498081; path=/; domain=.info.boomcollaboration.com; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|