Report - partners.myob.com/AUS/Retail/RM%20Ent/Retail%20Ent%20Shop%20v3.zip

Report Overview

Submitted URL
partners.myob.com/AUS/Retail/RM%20Ent/Retail%20Ent%20Shop%20v3.zip
IP
143.204.55.96
ASN
#16509 AMAZON-02
Submitted
2024-04-24 10:29:59
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
9

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
partners.myob.com	unknown	1996-08-30	2014-06-10	2024-02-27	520 B	6.6 MB	143.204.55.7
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-23	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
partners.myob.com/AUS/Retail/RM%20Ent/Retail%20Ent%20Shop%20v3.zip
IP
143.204.55.7
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
6.6 MB (6583250 bytes)
Hash
fa4a04f5afb4b38cdfbc073be33459a1
1585f2e618c71597db8cd7810537757c1f45c6dd
687191f3dca229522e194d4144c11b4773b53dda21eefacaa8d46ca1bfa2de43

Archive (28)

Filename

Md5

File type

autorun.exe

f56f7620a14952984a6472c857b327b9

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

autorun.inf

4d3f7eed98787132fa0ca2bddaf2a746

Microsoft Windows Autorun file

data1.cab

e46bcf428dd6f76b58375b936502f481

InstallShield CAB, version 0x100600c

data1.hdr

6d41a36a0adc88e621847219ca08de43

InstallShield setup header, version 0x100600c, descriptor size 0x20b5

data2.cab

47b6d298a29d0ce782df42cb756963bf

InstallShield CAB, version 0x100600c

ikernel.ex_

93b63f516482715a784bbec3a0bf5f3a

MS Compress archive data, SZDD variant, original size: 614532 bytes

layout.bin

06396309824e2f43927e82a9aa4744ec

data

MYOB.ico

c82f8b3aae2f29d4389a53c4d0609c34

MS Windows icon resource - 9 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel

Setup.bmp

24b819972a9fae2a4604be9bfa2777d1

PC bitmap, Windows 3.x format, 503 x 303 x 32, image size 609638, resolution 2834 x 2834 px/m, cbSize 609692, bits offset 54

Setup.exe

e0927f427281ccde747e10f17df53318

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Setup.ini

c9ff3cf92e236ca3e9565a5455ef6231

Generic INItialization configuration [Languages]

setup.inx

ed9fba3f641317048afea639a7efe392

data

launchIE.exe

3cfb8e14181123481501f024b286278a

PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections

launchIE.ini

2077f2d3546b1b5e259482d455cd3b29

ASCII text, with CRLF line terminators

launchadobe.exe

3cfb8e14181123481501f024b286278a

PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections

launchadobe.ini

982860bea1518044671c4cbdb2066da2

ASCII text, with CRLF line terminators

launchbrowse.exe

3cfb8e14181123481501f024b286278a

PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections

launchbrowse.ini

288fde6db4c16c5716ae5e73d6fbc046

ASCII text, with CRLF line terminators

launchrmsaossetup.exe

3cfb8e14181123481501f024b286278a

PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections

launchrmsaossetup.ini

10aa60a85e602e1c3f4eac00887e4c90

ASCII text, with CRLF line terminators

launchrmssetup.exe

3cfb8e14181123481501f024b286278a

PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections

launchrmssetup.ini

5cf55e84b58fa6f5b0881bf3e1490e1b

ASCII text, with CRLF line terminators

launchrmsug.exe

3cfb8e14181123481501f024b286278a

PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections

launchrmsug.ini

9f2096f769a33c39f6601691523492b1

ASCII text, with CRLF line terminators

launchrn.exe

3cfb8e14181123481501f024b286278a

PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections

launchrn.ini

5c4b97e000168a01cb5a9ddcb40d1cfd

ASCII text, with CRLF line terminators

vssver.scc

90d09c6d1dbb6fa9b2ee154904ff093b

data

Audit-0 Centralised Updates.rpt

e536d4bd02251e08c2e50db48d78f2f6

Composite Document File V2 Document, Little Endian, Os: Windows, Version 4.10, Code page: 1252, Title: Centralised Updates Report, Subject: Centralised Updates Report, Keywords: CentralisedUpdates, Revision Number: 31, Total Editing Time: 2d+08:37:25, Last Printed: Fri May 28 06:51:06 2004, Last Saved Time/Date: Wed May 24 19:44:36 2006, Create Time/Date: Wed Nov 18 00:18:55 1998, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Name of Creating Application: Crystal

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/64

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

partners.myob.com/AUS/Retail/RM%20Ent/Retail%20Ent%20Shop%20v3.zip

143.204.55.7

200 OK

6.6 MB

URL User Request GET HTTP/2
partners.myob.com/AUS/Retail/RM%20Ent/Retail%20Ent%20Shop%20v3.zip
IP
143.204.55.7:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectpartners.myob.com
Fingerprint06:9C:C8:E5:70:72:B1:97:A3:A3:B8:33:B9:23:CB:B3:84:C7:A6:CC
ValidityWed, 04 Oct 2023 00:00:00 GMT - Thu, 31 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
6.6 MB (6583250 bytes)
Hash
fa4a04f5afb4b38cdfbc073be33459a1
1585f2e618c71597db8cd7810537757c1f45c6dd
687191f3dca229522e194d4144c11b4773b53dda21eefacaa8d46ca1bfa2de43

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/64

HTTP Headers

GET /AUS/Retail/RM%20Ent/Retail%20Ent%20Shop%20v3.zip HTTP/1.1
Host: partners.myob.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/zip
content-length: 6583250
date: Wed, 24 Apr 2024 10:29:34 GMT
last-modified: Sun, 02 Feb 2014 00:14:29 GMT
etag: "fa4a04f5afb4b38cdfbc073be33459a1"
x-amz-meta-s3cmd-attrs: uid:12889/gname:s3/uname:s3migrate/gid:10001/mode:33261/mtime:1389007045/atime:1389007037/ctime:1389007045
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: MayGy-KgSV5p9E9R5lRKc_3eQ-mNCO6MfNN1byN2dQduUN_LvRXZGQ==
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=ugfB_qFMWiCLe4menfy57usLjgaaGQodZ-A4HCUOFDjA2JlHwXKHW81tM1JkbUKVlakff8YGJ_QslnAm9CKwOj0GnwCmuZmklbiv7W4fj_mIzshtz6EMRz3HpTNPmmNc
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
date: Wed, 24 Apr 2024 10:29:48 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 3
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2