Report - xero1.ucoz.com/VBA-M.app.zip

Report Overview

Submitted URL
xero1.ucoz.com/VBA-M.app.zip
IP
213.174.157.140
ASN
#39572 DataWeb Global Group B.V.
Submitted
2024-05-04 17:26:22
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xero1.ucoz.com	unknown	unknown	No data	No data	482 B	2.0 MB	213.174.157.140

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
xero1.ucoz.com/VBA-M.app.zip
IP
213.174.157.140
ASN
#39572 DataWeb Global Group B.V.

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
2.0 MB (1988281 bytes)
Hash
a2a9d1ddf4c366567cdcff128d7bf050
d733e11cf719ed455d812210293fb32ddc3bfb56
d6de8ee12950ae595ed66df48997de44e432bfc64e74a80b69b9f0a8f6cfadbb

Archive (66)

Filename

Md5

File type

Headers

86c63de7bd8775780ac77380b5c049c4

ASCII text, with no line terminators

libpng

9db3c0c2fa9244b6f2f5e9e2ff2149d2

ASCII text, with no line terminators

Resources

e58c4cf10cc7c8ef7d7167ccb641aeb4

ASCII text, with no line terminators

png.h

39b35c9e79be217a660d2b81853c719f

ASCII text

pngconf.h

f32df73bdf960cb2fb9ec68eafe21437

C source, ASCII text

libpng

ce0bcb6f90e563e838be02b8b88ed7d5

InfoPlist.strings

7d0c1a957d1ef34b7dedeabab9ead5bd

Unicode text, UTF-16, big-endian text

Info.plist

3193695c6fde5acd676a25f6594e4eac

XML 1.0 document, ASCII text

Current

d0638b94054c44b2ca8199723136b528

ASCII text, with no line terminators

Headers

86c63de7bd8775780ac77380b5c049c4

ASCII text, with no line terminators

Resources

e58c4cf10cc7c8ef7d7167ccb641aeb4

ASCII text, with no line terminators

SDL

19cb956db0b4f4f53c2c0700007e6b69

ASCII text, with no line terminators

begin_code.h

d84f779eb86f87f1be2d6ed9477b209c

C source, ASCII text

close_code.h

ba0ae2ef243d053c20d3d81f261610a4

C source, ASCII text

SDL.h

fbdcf67587a4ec39c4c97eb156107119

C source, ASCII text

SDL_active.h

f4eee2eb92cf7c2b8a38023a57b67482

C source, ASCII text

SDL_audio.h

a52f71de86a3cc31a17c70aa729d8ed4

C source, ASCII text

SDL_byteorder.h

08177fdd5fb5b51efc2ce7b22e9e6ea0

C source, ASCII text

SDL_cdrom.h

f1656681e9f24a939666b6af15bf4151

C source, ASCII text

SDL_config.h

a8d6c9e43b8c9c9d39f2f080d5547f25

C source, ASCII text

SDL_config_dreamcast.h

666b0b8adaabb6b81fb9340c1953989a

C source, ASCII text

SDL_config_macos.h

3058443f16d77964157f15de48f05bf2

C source, ASCII text

SDL_config_macosx.h

2c9ebfdad1b95ed716e6440b53b04b86

C source, ASCII text

SDL_config_os2.h

9066f4cb6313bbbf90986ece079c96b2

C source, ASCII text

SDL_config_win32.h

18f34348d1a2e7bfb252a9a22badc905

C source, ASCII text

SDL_copying.h

d60fc164984abd8aba9aea3bb08391b3

ASCII text

SDL_cpuinfo.h

2cea8ec0a7278fa34a0c8baadf89d45c

C source, ASCII text

SDL_endian.h

11cd9b0bd7710a02df805174d3a852e4

C source, ASCII text

SDL_error.h

5fb3271472ef250fae59ae26284cbe1b

C source, ASCII text

SDL_events.h

7920b92adf094e7e6ad1ea1a45345112

C source, ASCII text

SDL_getenv.h

72d7e927397c7be73144e840657f1dfd

C source, ASCII text

SDL_joystick.h

d3767c4c82853bba6911aeceda748ab4

C source, ASCII text

SDL_keyboard.h

93cd0fdcc785ee41ea2238cfa0fc0e19

C source, ASCII text

SDL_keysym.h

202b3164e8c4d9e6e630c756a4e5c267

C source, ASCII text

SDL_loadso.h

309c13fe741cb6809ad9d461c7d4f078

C source, ASCII text

SDL_main.h

561c05ab16012d3a24de7a93c23bd856

C source, ASCII text

SDL_mouse.h

277adbd6e5a4fb5b1fa4fbd86980ad9d

C source, ASCII text

SDL_mutex.h

baacfba3f27f1d5e69f5bee0be0ec109

C source, ASCII text

SDL_name.h

bf4e5f8b4e5bdab7119db8b5b0e7e6da

C source, ASCII text

SDL_opengl.h

5fbb38356d8fb5431c9c52afa402b114

C source, ASCII text

SDL_platform.h

dbbd3e343c0a36b6db3bfd0141790cc1

C source, ASCII text

SDL_quit.h

c028400f2d8591931dcc8d77c6e99398

C source, ASCII text

SDL_rwops.h

4717901ca6ba876f905b7492930b6e84

C source, ASCII text

SDL_stdinc.h

8309a0f0e778da53ec7e28120f169975

C source, ASCII text

SDL_syswm.h

054f06a4909ab46703cac7fe152cd6d4

C source, ASCII text

SDL_thread.h

607c30e86334cc02d0f77727ab941ed7

C source, ASCII text

SDL_timer.h

8f16dc5d11365ecadda1637e0c69375f

C source, ASCII text

SDL_types.h

72d7e927397c7be73144e840657f1dfd

C source, ASCII text

SDL_version.h

a09972de0c288f55e31db27435c9d601

C source, ASCII text

SDL_video.h

bb65e44f481921603d362cc3f0d02f61

C source, ASCII text

Info.plist

0888173d76961f68f51fd99d67d3782f

XML 1.0 document, ASCII text

classes.nib

932739068c55c675c770a069f4e1092d

ASCII text

info.nib

a55f7edc4388f105fac671704fe9b462

XML 1.0 document, ASCII text

objects.nib

e67dca3646354f66774a2e5f50bcb01d

NeXT/Apple typedstream data, big endian, version 4, system 1000

SDL

cb7b985a88d4f41216e06eb4609f257c

Mach-O universal binary with 2 architectures: [i386: - Mach-O i386 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|SUBSECTIONS_VIA_SYMBOLS>] [ - ppc: - Mach-O ppc dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>]

Current

7fc56270e7a70fa81a5935b72eacbe29

very short file (no magic)

Info.plist

07259836a0d804bb8c32c82f02f9be1c

XML 1.0 document, ASCII text

VBA-M

e5cc58a9610cc69bd76d83f0c7557968

PkgInfo

23b7d7d024abb0f558420e098800bf27

ASCII text, with no line terminators

cart.icns

9b0630e7e3ef10e0678939fae49667d8

Mac OS X icon, 43520 bytes, "it32" type

InfoPlist.strings

b88069010de3f1173d68231830e056dc

Unicode text, UTF-16, big-endian text

designable.nib

1fb1dee26668076f5bab57411ecdced5

XML 1.0 document, ASCII text

keyedobjects.nib

e79299084f2d2f40b9c58abb33919bd0

Apple binary property list

savestate.icns

1cded01d1146a03d174136d54a478ee6

Mac OS X icon, 41161 bytes, "ics#" type

system.icns

3e96b25e30bd6a840f94d3d54bb80511

Mac OS X icon, 246721 bytes, "ics#" type

._VBA-M.app

70744e0173a6244a5fd0f9908d3a8d69

AppleDouble encoded Macintosh file

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	xero1.ucoz.com/VBA-M.app.zip	213.174.157.140	200 OK	2.0 MB
URL User Request GET HTTP/1.1 xero1.ucoz.com/VBA-M.app.zip IP 213.174.157.140:443 ASN #39572 DataWeb Global Group B.V. Certificate IssuerGoGetSSL Subject.ucoz.com Fingerprint45:F8:17:D4:21:32:FF:60:88:04:61:92:24:CF:49:48:62:F5:25:ED ValidityTue, 04 Jul 2023 00:00:00 GMT - Sat, 03 Aug 2024 23:59:59 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 2.0 MB (1988281 bytes) Hash a2a9d1ddf4c366567cdcff128d7bf050 d733e11cf719ed455d812210293fb32ddc3bfb56 d6de8ee12950ae595ed66df48997de44e432bfc64e74a80b69b9f0a8f6cfadbb HTTP Headers `GET /VBA-M.app.zip HTTP/1.1 Host: xero1.ucoz.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Date: Sat, 04 May 2024 17:25:56 GMT Content-Type: application/zip Content-Length: 1988281 Last-Modified: Tue, 11 Nov 2008 01:15:13 GMT Connection: keep-alive Keep-Alive: timeout=15 ETag: "4918dca1-1e56b9" Expires: Fri, 24 May 2024 17:25:56 GMT Cache-Control: max-age=1728000 X-Frame-Options: SAMEORIGIN Accept-Ranges: bytes`

xero1.ucoz.com/VBA-M.app.zip

213.174.157.140

200 OK

2.0 MB

URL User Request GET HTTP/1.1
xero1.ucoz.com/VBA-M.app.zip
IP
213.174.157.140:443
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerGoGetSSL
Subject*.ucoz.com
Fingerprint45:F8:17:D4:21:32:FF:60:88:04:61:92:24:CF:49:48:62:F5:25:ED
ValidityTue, 04 Jul 2023 00:00:00 GMT - Sat, 03 Aug 2024 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
2.0 MB (1988281 bytes)
Hash
a2a9d1ddf4c366567cdcff128d7bf050
d733e11cf719ed455d812210293fb32ddc3bfb56
d6de8ee12950ae595ed66df48997de44e432bfc64e74a80b69b9f0a8f6cfadbb

HTTP Headers

GET /VBA-M.app.zip HTTP/1.1
Host: xero1.ucoz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 May 2024 17:25:56 GMT
Content-Type: application/zip
Content-Length: 1988281
Last-Modified: Tue, 11 Nov 2008 01:15:13 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4918dca1-1e56b9"
Expires: Fri, 24 May 2024 17:25:56 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (66)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers