Report - da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910

Report Overview

Submitted URL
da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.80.853.0.zip
IP
89.41.180.194
ASN
#25198 Interkvm Host Srl
Submitted
2024-04-20 13:09:42
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
da-4.xyz	unknown	2023-06-04	2023-06-04	2024-04-15	517 B	9.4 MB	89.41.180.194

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-20 13:09:11	medium	89.41.180.194	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.80.853.0.zip
IP
89.41.180.194
ASN
#25198 Interkvm Host Srl

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
9.4 MB (9360279 bytes)
Hash
6a96aa1fc8170a86da90af9d2b90caa6
83185b4d7f85a6bf9a10472668c064be4b002ed3
a447dfa455cd796dbbb3a3d60d3120ede90adbedde2a66667985fbf4c4211abf

Archive (37)

Filename

Md5

File type

DevManagerCore.dll

b227df8720c51ee0a80cb23cccef1ec6

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

LVAFT.cfg

835c775a6871d2a2ea6fc343b6b4c9a2

data

LVUI2.dll

e8c604c7e16ce90c0d4564ec06b118e8

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

LVUI2RC.dll

f13da78d0873b2025556d65db5e3210d

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

LVUI64.dll

b4cd287dfaa6578ac763a3800f0c2dc8

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

LVUIRC64.dll

ccfddf84b42198b0aad27d11acfd254e

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

LogiDPP.dll

b65e8e52916a527f88486875ee291aa8

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

LogiDPPApp.exe

24764c249f769991079f6d4b14b822af

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Repository.reg

c6ca43573c21ca6392f57f238c8391fc

Windows Registry little-endian text (Win2K or above)

WUApp32.exe

f333eaa0afd32b6adcca84e83e265fbe

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

WUApp64.exe

0ac6c6bd1967e2f11b4400bb28a8fc9e

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

lPRO564c.inf

4cd1bca84ac8616763279a4c5da42ca7

Windows setup INFormation

lPRO564s.inf

88fac57e89b6adb76f19e1bbd8b268ae

Windows setup INFormation

lPRO564v.inf

c17c7d914e26629da4b1baffea3dd34e

Windows setup INFormation

lpro564c.cat

5cbdcbd737de32a211defe508cd4b90f

DER Encoded PKCS#7 Signed Data

lpro564s.cat

572e9abdd20176434ae8499817f9d629

DER Encoded PKCS#7 Signed Data

lpro564v.cat

228c4506c639677b7aecd01e3a4abcf8

DER Encoded PKCS#7 Signed Data

lvPRO5c.inf

df4e2f657567b0624e2c5703b4c97c94

Windows setup INFormation

lvPRO5s.inf

80cd2ecb1ee571a52d3abdc1f20866eb

Windows setup INFormation

lvPRO5v.inf

3571eb8f311647416e4ea553dd57383b

Windows setup INFormation

lvWIAext.dll

287e3d3cc4c2b80679c82f795e7204e0

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

lvbflt64.sys

81f2b52c47b8ad32cc4ff967fc8d73da

PE32+ executable (native) x86-64, for MS Windows, 7 sections

lvbusflt.sys

25839b10b27e808432aa0ee7f76f5e5f

PE32 executable (native) Intel 80386, for MS Windows, 6 sections

lvcod64.dll

ff510cf2a7fa73192e7db06d7c311799

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

lvcodec2.dll

bdc67729d0a4940c525654ff869c5289

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

lvcoin64.dll

4d4248f6d008d86d5575ee5b154971ae

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

lvcoin64.ini

1a8ae8a66b6c289046276453768ef270

ASCII text, with CRLF line terminators

lvcoinst.dll

919d44b28debab4d793e72452b21fdda

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

lvcoinst.ini

1a8ae8a66b6c289046276453768ef270

ASCII text, with CRLF line terminators

lvpro5c.cat

259e169d083ab7db8b63420fe1f991f5

DER Encoded PKCS#7 Signed Data

lvpro5s.cat

59172040e2aa573752c7cd3c7f09c36c

DER Encoded PKCS#7 Signed Data

lvpro5v.cat

9898eef47687fb1e8c819b2ef460d3df

DER Encoded PKCS#7 Signed Data

lvrs.sys

8b878d0f1f34f0c6e1990f949f6aef64

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

lvrs64.sys

a0a527569856b9814e8920f52ebb67f5

PE32+ executable (native) x86-64, for MS Windows, 9 sections

lvuvc.sys

dbcd0704466e479ff93c7f1f51345e80

PE32 executable (native) Intel 80386, for MS Windows, 8 sections

lvuvc64.sys

415e344294d1c0d04627b29146f68481

PE32+ executable (native) x86-64, for MS Windows, 11 sections

resolution_13_0_0.xml

6af7938dfef94eae9db2bc1b1bcdabd5

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.80.853.0.zip	89.41.180.194	200 OK	9.4 MB
URL User Request GET HTTP/1.1 da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.80.853.0.zip IP 89.41.180.194:443 ASN #25198 Interkvm Host Srl Certificate IssuerLet's Encrypt Subjectda-4.xyz Fingerprint91:57:E2:93:DE:BB:C6:22:C5:82:A0:FC:3A:D6:83:C9:1E:2A:DA:02 ValidityMon, 12 Feb 2024 17:40:23 GMT - Sun, 12 May 2024 17:40:22 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 9.4 MB (9360279 bytes) Hash 6a96aa1fc8170a86da90af9d2b90caa6 83185b4d7f85a6bf9a10472668c064be4b002ed3 a447dfa455cd796dbbb3a3d60d3120ede90adbedde2a66667985fbf4c4211abf HTTP Headers GET /drv/common/Logitech_HD_Pro_Webcam_C910_13.80.853.0.zip HTTP/1.1 Host: da-4.xyz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Server: nginx-n.wtf/1.25.2 Date: Sat, 20 Apr 2024 13:09:11 GMT Content-Type: application/zip Content-Length: 9360279 Last-Modified: Wed, 26 Oct 2022 18:11:42 GMT Connection: keep-alive ETag: "6359785e-8ed397" Accept-Ranges: bytes`

da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.80.853.0.zip

89.41.180.194

200 OK

9.4 MB

URL User Request GET HTTP/1.1
da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.80.853.0.zip
IP
89.41.180.194:443
ASN
#25198 Interkvm Host Srl

Certificate
IssuerLet's Encrypt
Subjectda-4.xyz
Fingerprint91:57:E2:93:DE:BB:C6:22:C5:82:A0:FC:3A:D6:83:C9:1E:2A:DA:02
ValidityMon, 12 Feb 2024 17:40:23 GMT - Sun, 12 May 2024 17:40:22 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
9.4 MB (9360279 bytes)
Hash
6a96aa1fc8170a86da90af9d2b90caa6
83185b4d7f85a6bf9a10472668c064be4b002ed3
a447dfa455cd796dbbb3a3d60d3120ede90adbedde2a66667985fbf4c4211abf

HTTP Headers

GET /drv/common/Logitech_HD_Pro_Webcam_C910_13.80.853.0.zip HTTP/1.1
Host: da-4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx-n.wtf/1.25.2
Date: Sat, 20 Apr 2024 13:09:11 GMT
Content-Type: application/zip
Content-Length: 9360279
Last-Modified: Wed, 26 Oct 2022 18:11:42 GMT
Connection: keep-alive
ETag: "6359785e-8ed397"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (37)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers