Report - da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910

Report Overview

Submitted URL
da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.1.1021.0.zip
IP
89.41.180.194
ASN
#25198 Interkvm Host Srl
Submitted
2024-04-20 13:10:33
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
da-4.xyz	unknown	2023-06-04	2023-06-04	2024-04-18	517 B	8.1 MB	89.41.180.194

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-20 13:10:03	medium	89.41.180.194	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.1.1021.0.zip
IP
89.41.180.194
ASN
#25198 Interkvm Host Srl

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
8.1 MB (8124587 bytes)
Hash
a7a4e58faaabd4abcbe4289dee3b3d56
8a764ef37a1523e1cff42b433c64f7a968993b75
6eed24a777bca2c9be228e0fc941196ade1d363d135ed67865df918768fbfff4

Archive (26)

Filename

Md5

File type

DevManagerCore.dll

34e0b690eeee5241036cb869d073958b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

LVAFT.cfg

835c775a6871d2a2ea6fc343b6b4c9a2

data

LVUI2.dll

baea03bc8d6752b1568573a6c8b125a6

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

LVUI2RC.dll

a6c6583ebb4fda658e204b3edb04f79a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

LVUI64.dll

5670f34d72070f4416e855dd41cdba3b

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

LVUIRC64.dll

a8ccb46f10668f772901de8d31837b96

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

LogiDPP.dll

38d0e324831bf91128e614268034f659

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

LogiDPPApp.exe

799a360bf1900ace8e903d0609eae99e

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Repository.reg

e19be28990f4e6d2f63774c0eca66583

Windows Registry little-endian text (Win2K or above)

Resolution.xml

2cadc36d6bad6a405e78430166d57a84

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

WUApp64.exe

43b50431c699b9e43e302684dc78517b

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

lPRO564c.inf

e845a96aa0d0cc348ed4bbb08e9870c8

Windows setup INFormation

lPRO564s.inf

2ab245e07fa7234b23c8ed3e30a627ef

Windows setup INFormation

lPRO564v.inf

266a918140e1b503467c290ba7ce220c

Windows setup INFormation

lpro564c.cat

d7aec90c8e60f669ecfbd9f2de268876

DER Encoded PKCS#7 Signed Data

lpro564s.cat

971ce2f34d3fe168200dd664320d7095

DER Encoded PKCS#7 Signed Data

lpro564v.cat

64f1813aa342f85b41e507d2340d10ed

DER Encoded PKCS#7 Signed Data

lvbflt64.sys

2eaba681a28e8669c439f93eb2910b0a

PE32+ executable (native) x86-64, for MS Windows, 6 sections

lvcod64.dll

e82507c4ccfe6143c1a98ff717b658b2

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

lvcodec2.dll

4522295564a69018c6e69b1d005ada5d

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

lvcoin64.dll

44502d4de76d559ab721255a4ad97a3e

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

lvcoin64.ini

85ab59411ce928b9e08fad937c165e22

ASCII text, with CRLF line terminators

lvpopf64.sys

c586cc39820b6e7fe3657fed8329d300

PE32+ executable (native) x86-64, for MS Windows, 9 sections

lvrs64.sys

224ab3850f573a419f921c41a15d7f5b

PE32+ executable (native) x86-64, for MS Windows, 9 sections

lvsels64.sys

ec9c95d256fc08eb4b998a3b201b5432

PE32+ executable (native) x86-64, for MS Windows, 8 sections

lvuvc64.sys

bfba84b8a9c233ae42b11cf7bdfc6c01

PE32+ executable (native) x86-64, for MS Windows, 11 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.1.1021.0.zip	89.41.180.194	200 OK	8.1 MB
URL User Request GET HTTP/1.1 da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.1.1021.0.zip IP 89.41.180.194:443 ASN #25198 Interkvm Host Srl Certificate IssuerLet's Encrypt Subjectda-4.xyz Fingerprint91:57:E2:93:DE:BB:C6:22:C5:82:A0:FC:3A:D6:83:C9:1E:2A:DA:02 ValidityMon, 12 Feb 2024 17:40:23 GMT - Sun, 12 May 2024 17:40:22 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 8.1 MB (8124587 bytes) Hash a7a4e58faaabd4abcbe4289dee3b3d56 8a764ef37a1523e1cff42b433c64f7a968993b75 6eed24a777bca2c9be228e0fc941196ade1d363d135ed67865df918768fbfff4 HTTP Headers GET /drv/common/Logitech_HD_Pro_Webcam_C910_13.1.1021.0.zip HTTP/1.1 Host: da-4.xyz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Server: nginx-n.wtf/1.25.2 Date: Sat, 20 Apr 2024 13:10:03 GMT Content-Type: application/zip Content-Length: 8124587 Last-Modified: Wed, 26 Oct 2022 18:46:10 GMT Connection: keep-alive ETag: "63598072-7bf8ab" Accept-Ranges: bytes`

da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.1.1021.0.zip

89.41.180.194

200 OK

8.1 MB

URL User Request GET HTTP/1.1
da-4.xyz/drv/common/Logitech_HD_Pro_Webcam_C910_13.1.1021.0.zip
IP
89.41.180.194:443
ASN
#25198 Interkvm Host Srl

Certificate
IssuerLet's Encrypt
Subjectda-4.xyz
Fingerprint91:57:E2:93:DE:BB:C6:22:C5:82:A0:FC:3A:D6:83:C9:1E:2A:DA:02
ValidityMon, 12 Feb 2024 17:40:23 GMT - Sun, 12 May 2024 17:40:22 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
8.1 MB (8124587 bytes)
Hash
a7a4e58faaabd4abcbe4289dee3b3d56
8a764ef37a1523e1cff42b433c64f7a968993b75
6eed24a777bca2c9be228e0fc941196ade1d363d135ed67865df918768fbfff4

HTTP Headers

GET /drv/common/Logitech_HD_Pro_Webcam_C910_13.1.1021.0.zip HTTP/1.1
Host: da-4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx-n.wtf/1.25.2
Date: Sat, 20 Apr 2024 13:10:03 GMT
Content-Type: application/zip
Content-Length: 8124587
Last-Modified: Wed, 26 Oct 2022 18:46:10 GMT
Connection: keep-alive
ETag: "63598072-7bf8ab"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (26)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers