Report - cdn.discordapp.com/attachments/1236287126266708041/1236312439830614077/Zenix_Beta.zip?ex=66378d2f&is=66363baf&hm=d2b0d18703bd8b4888858a4f1c228689b62786d86f966bac41a23ec1cc014b40&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1236287126266708041/1236312439830614077/Zenix_Beta.zip?ex=66378d2f&is=66363baf&hm=d2b0d18703bd8b4888858a4f1c228689b62786d86f966bac41a23ec1cc014b40&
IP
162.159.133.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-04 14:51:09
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-05-03	632 B	3.9 MB	162.159.130.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1236287126266708041/1236312439830614077/Zenix_Beta.zip?ex=66378d2f&is=66363baf&hm=d2b0d18703bd8b4888858a4f1c228689b62786d86f966bac41a23ec1cc014b40&
IP
162.159.130.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.9 MB (3942564 bytes)
Hash
9e831ad9cdc3da903242f10749212f2e
c8cfe902b8e109814a2cba87e3e97d0e4028faaa
3cfb7db6f7e834b074311938c063982d7228576e6a563d220fb4e3938ab1ac93

Archive (25)

Filename

Md5

File type

api-ms-win-crt-convert-l1-1-0.dll

0485c463cd8d2ae1cbd42df6f0591246

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

api-ms-win-crt-filesystem-l1-1-0.dll

1193f810519fbc07beb3ffbad3247fc4

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

api-ms-win-crt-heap-l1-1-0.dll

a22f9a4cbd701209842b204895fedf37

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

api-ms-win-crt-locale-l1-1-0.dll

ba17b278fff2c18e34e47562ddde8166

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

api-ms-win-crt-math-l1-1-0.dll

c4cac2d609bb5e0da9017ebb535634ce

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

api-ms-win-crt-runtime-l1-1-0.dll

894e538fbd29d9af2dac82abbb798aa8

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

api-ms-win-crt-stdio-l1-1-0.dll

5df2410c0afd30c9a11de50de4798089

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

api-ms-win-crt-string-l1-1-0.dll

aacade02d7aaf6b5eff26a0e3a11c42d

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

libcurl.dll

e31f5136d91bad0fcbce053aac798a30

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

Microsoft.Web.WebView2.Core.dll

851fee9a41856b588847cf8272645f58

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Web.WebView2.WinForms.dll

4cf94ffa50fd9bdc0bb93cceaede0629

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Web.WebView2.Wpf.dll

34ec990ed346ec6a4f14841b12280c20

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

msvcp140.dll

7b92a6cb5d2cad407c457ab12d2b211d

PE32+ executable (DLL) (console) x86-64, for MS Windows, 7 sections

Newtonsoft.Json.dll

195ffb7167db3219b217c4fd439eedd6

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Solara.dll

901c7a2b9a298ca8e012077b3863845b

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

vcruntime140.dll

7a2b8cfcd543f6e4ebca43162b67d610

PE32+ executable (DLL) (console) x86-64, for MS Windows, 7 sections

WebView2Loader.dll

7bf24896b80f336c1d16b488f89fef34

PE32+ executable (DLL) (console) x86-64, for MS Windows, 10 sections

Wpf.Ui.dll

aead90ab96e2853f59be27c4ec1e4853

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

ws2_32.dll

f1fafc04216614ec5c7b8c6a82394dfd

PE32+ executable (DLL) (console) x86-64, for MS Windows, 8 sections

Zenix.deps.json

70370975776b82a44c01722e475c6d14

JSON text data

Zenix.dll

8b69167cb9fd6c7493b8f96dd7a513f8

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Zenix.exe

09e3ea010f34de3fd0b45a2c4978f5e1

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

Zenix.pdb

2623ba553c319bf0c1ba5541c964fab4

Microsoft Roslyn C# debugging symbols version 1.0

Zenix.runtimeconfig.json

186a65581e2f29258f54d396660409fa

JSON text data

zlib1.dll

75365924730b0b2c1a6ee9028ef07685

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 1/67

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

cdn.discordapp.com/attachments/1236287126266708041/1236312439830614077/Zenix_Beta.zip?ex=66378d2f&is=66363baf&hm=d2b0d18703bd8b4888858a4f1c228689b62786d86f966bac41a23ec1cc014b40&

162.159.130.233

200 OK

3.9 MB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1236287126266708041/1236312439830614077/Zenix_Beta.zip?ex=66378d2f&is=66363baf&hm=d2b0d18703bd8b4888858a4f1c228689b62786d86f966bac41a23ec1cc014b40&
IP
162.159.130.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.9 MB (3942564 bytes)
Hash
9e831ad9cdc3da903242f10749212f2e
c8cfe902b8e109814a2cba87e3e97d0e4028faaa
3cfb7db6f7e834b074311938c063982d7228576e6a563d220fb4e3938ab1ac93

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/67

HTTP Headers

GET /attachments/1236287126266708041/1236312439830614077/Zenix_Beta.zip?ex=66378d2f&is=66363baf&hm=d2b0d18703bd8b4888858a4f1c228689b62786d86f966bac41a23ec1cc014b40& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 14:50:41 GMT
content-type: application/zip
content-length: 3942564
cf-ray: 87e94df9c9ebb524-OSL
cf-cache-status: HIT
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="Zenix_Beta.zip"
etag: "9e831ad9cdc3da903242f10749212f2e"
expires: Sun, 04 May 2025 14:50:41 GMT
last-modified: Sat, 04 May 2024 13:44:15 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1714830255290366
x-goog-hash: crc32c=iys/PQ==, md5=noMa2c3D2pAyQvEHSSEvLg==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 3942564
x-guploader-uploadid: ABPtcPr_8vHyt8lZc75wgyqt_k5MzfFF7Pr7IEKv4pqN3or2f5f6PC5m-D6X1XGpfiHO3IevRLqH3EJk9w
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nIj6KMfu7Oqa6kU70NmE9%2FoN78J%2FMx3L%2Bms0%2BZiZloZDcJOIfpPhf%2BoVwDib%2FGr%2F88lMi5RkLSvcmYrJMJOjqcVneFIQVR2KaYD3cYtH09TAYJhhTAG62BGNx2Y749h%2B0TgiQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=CSWqu2fhhCTjcNNEsHaKgNOyfw.aM0KfwG4zXauHquo-1714834241-1.0.1.1-j7wpQTEyUW.os_VmR.JvhHi4kBVecfyUlWeAB.kOFV7gZprr2c6Fvo6gGEO2MVJ0Ep11tXnR8MYgzm2bITSzmg; path=/; expires=Sat, 04-May-24 15:20:41 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=4yQUVUmW..k68vCf88QNPNaK8B2lnkinQ33GNtom2rI-1714834241612-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2