Report - extreme.pcgameshardware.de/attachments/566711d1343592626-mit-ati-und-nvidia-zusammen-physx-nutzen-anleitung-neu-all-one-driver-amd-nv-incl-physx-mod-1.04ff.zip

Report Overview

Submitted URL
extreme.pcgameshardware.de/attachments/566711d1343592626-mit-ati-und-nvidia-zusammen-physx-nutzen-anleitung-neu-all-one-driver-amd-nv-incl-physx-mod-1.04ff.zip
IP
104.22.10.111
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 11:52:23
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
extreme.pcgameshardware.de	532608	unknown	2014-07-18	2023-11-29	1.1 kB	45 kB	104.22.11.111

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
extreme.pcgameshardware.de/attachments/physx-mod-1-04ff-zip.566711/
IP
104.22.11.111
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
44 kB (44122 bytes)
Hash
170d6803f868a3393594ba70b11f1140
3dd59f2e770d8f519b02506adc1b6f2d4a5f9a6a
114f232a915e68e45c9fee379687b2f1cc52c6e75c09cdd6710332d8bda8a61c

Archive (6)

Filename

Md5

File type

nvsvc-set-Automatic.cmd

008229ea22eeaf0599dba53b9dd76828

ASCII text, with CRLF line terminators

nvsvc-set-Manual.cmd

cbaa4d0ed36649b52ef3ab00f4e033d8

ASCII text, with CRLF line terminators

PhysX-HwSelection-set-CPU.cmd

600e8c81056401d594589a6ff7bbe024

ASCII text, with CRLF line terminators

PhysX-HwSelection-set-GPU.cmd

c4d196ebb067561a0d10f927d57ba3c0

ASCII text, with CRLF line terminators

Hybrid-PhysX-mod-1.04ff.exe

1a308164dfe86262f2aa371280158aa5

PE32 executable (GUI) Intel 80386, for MS Windows

Readme.txt

a8281bf43756923d43c2f40bfe1c4791

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
VirusTotal	malicious	VirusTotal - Scan result 39/66

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

extreme.pcgameshardware.de/attachments/566711d1343592626-mit-ati-und-nvidia-zusammen-physx-nutzen-anleitung-neu-all-one-driver-amd-nv-incl-physx-mod-1.04ff.zip

104.22.11.111

302 Found

0 B

URL User Request GET HTTP/2
extreme.pcgameshardware.de/attachments/566711d1343592626-mit-ati-und-nvidia-zusammen-physx-nutzen-anleitung-neu-all-one-driver-amd-nv-incl-physx-mod-1.04ff.zip
IP
104.22.11.111:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectpcgameshardware.de
FingerprintBD:48:DF:E8:C7:02:63:EF:8A:7B:A9:50:7B:6E:AA:CF:8F:46:35:64
ValidityWed, 03 Apr 2024 01:49:32 GMT - Tue, 02 Jul 2024 01:49:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /attachments/566711d1343592626-mit-ati-und-nvidia-zusammen-physx-nutzen-anleitung-neu-all-one-driver-amd-nv-incl-physx-mod-1.04ff.zip HTTP/1.1
Host: extreme.pcgameshardware.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 26 Apr 2024 11:51:58 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://extreme.pcgameshardware.de/attachments/physx-mod-1-04ff-zip.566711/
cache-control: max-age=14400
expires: Fri, 26 Apr 2024 11:51:58 GMT
x-clacks-overhead: GNU Terry Pratchett
cf-cache-status: MISS
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 87a65d2d2b6656ba-OSL
X-Firefox-Spdy: h2

extreme.pcgameshardware.de/attachments/physx-mod-1-04ff-zip.566711/

104.22.11.111

200 OK

44 kB

URL User Request GET HTTP/2
extreme.pcgameshardware.de/attachments/physx-mod-1-04ff-zip.566711/
IP
104.22.11.111:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectpcgameshardware.de
FingerprintBD:48:DF:E8:C7:02:63:EF:8A:7B:A9:50:7B:6E:AA:CF:8F:46:35:64
ValidityWed, 03 Apr 2024 01:49:32 GMT - Tue, 02 Jul 2024 01:49:31 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
44 kB (44122 bytes)
Hash
170d6803f868a3393594ba70b11f1140
3dd59f2e770d8f519b02506adc1b6f2d4a5f9a6a
114f232a915e68e45c9fee379687b2f1cc52c6e75c09cdd6710332d8bda8a61c

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 39/66

HTTP Headers

GET /attachments/physx-mod-1-04ff-zip.566711/ HTTP/1.1
Host: extreme.pcgameshardware.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 11:51:58 GMT
content-type: application/octet-stream
content-length: 44122
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-disposition: attachment; filename="PhysX-mod-1.04ff.zip"
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
last-modified: Fri, 26 Apr 2024 11:51:58 GMT
x-clacks-overhead: GNU Terry Pratchett
cf-cache-status: BYPASS
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 87a65d2e8d2a56ba-OSL
X-Firefox-Spdy: h2