Report - github.com/zealot-rvn/z-enemy/releases/download/kawpow262/z-enemy-2.6.2-win-cuda9.1.zip

Report Overview

Submitted URL
github.com/zealot-rvn/z-enemy/releases/download/kawpow262/z-enemy-2.6.2-win-cuda9.1.zip
IP
140.82.121.3
ASN
#36459 GITHUB
Submitted
2024-03-28 15:21:01
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2024-03-24	541 B	4.0 kB	140.82.121.3
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2024-03-28	1.0 kB	19 MB	185.199.111.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
objects.githubusercontent.com/github-production-release-asset-2e65be/261728188/baa1a380-9837-11ea-8e22-be3f942fd59b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240328T152030Z&X-Amz-Expires=300&X-Amz-Signature=f06625be293c65c6ee1ccfeb1882bff903da2131914132a5aebdd5f8734c42fa&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=261728188&response-content-disposition=attachment%3B%20filename%3Dz-enemy-2.6.2-win-cuda9.1.zip&response-content-type=application%2Foctet-stream
IP
185.199.111.133
ASN
#54113 FASTLY

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
19 MB (19193821 bytes)
Hash
ba17610af3cfbc449568660bfce71c6c
6eb001d8b4d1b12af87046cface9d4775207616a
fb8fa6d03a819efec9c0e038c08f3eaceac025fdd21e00c996b65e75f69a5585

Archive (19)

Filename

Md5

File type

RVN(kawpow)-bsod.pw.cmd

7351fe1d68b462fd6a95b3e440f60b4c

DOS batch file, ASCII text, with CRLF line terminators

RVN(kawpow)-minermore.com(EU).cmd

7577b929112822472c435051da19a9c3

DOS batch file, ASCII text, with CRLF line terminators

RVN(kawpow)-ravenminer.cmd

4a4838dcf31f1a703ef7f6cc6ecf822a

DOS batch file, ASCII text, with CRLF line terminators

RVN(kawpow)-woolypooly.com.cmd

548b3eff4499a304bb3a90ebeb515e5e

DOS batch file, ASCII text, with CRLF line terminators

RVN-FAILOVER-POOL-SAMPLES.cmd

c96a2b4a6cdcdcc8cf44aaf427e4dea9

DOS batch file, ASCII text, with CRLF line terminators

skunk-temp-limit-sample.cmd

0cf692d9ad97aa7e5ae83911e2ae6020

DOS batch file, ASCII text, with CRLF line terminators

vcruntime140.dll

edf9d5c18111d82cf10ec99f6afa6b47

PE32+ executable (DLL) (console) x86-64, for MS Windows, 7 sections

x17-[XVG]-zpool.ca.cmd

2c26dcbb7f044c3da358868881364323

DOS batch file, ASCII text, with CRLF line terminators

z-enemy.exe

5f7213da79b746f38e116db0d39d842b

PE32+ executable (console) x86-64, for MS Windows, 14 sections

[BCD]-Bitcoin_Diamond.cmd

ecb32edf74cb580c2762d67a05db9b13

DOS batch file, ASCII text, with CRLF line terminators

bitcore-[BTX]-zergpool.com.cmd

bed89e6cf00732dcf4985614906bbd66

DOS batch file, ASCII text, with CRLF line terminators

config.json

e977a31641c45462f95b5ab1e8966f3a

JSON text data

help.txt

6fbeae30bf75e0f5048eed330f800659

ASCII text, with CRLF line terminators

json_api_help.txt

d9af4444e413fceeba85738a5f2b8412

ASCII text, with CRLF line terminators

nvrtc64_91.dll

f0002b24de3791b4a61c495a31135878

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

nvrtc-builtins64_91.dll

1bc7b8d01451f8aec3b7436545d9670b

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 5 sections

phi2-[LuX]-Bsod.cmd

7355d3ef9cf1167180b0979ea1e54a47

DOS batch file, ASCII text, with CRLF line terminators

README.txt

78b3f74473f8a8d733b00912e4484de8

ASCII text, with CRLF line terminators

restart-fix.reg

467021c84869bb9db9e6ebcac7e76caf

Windows Registry little-endian text (Win2K or above)

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
Public Nextron YARA rules	malware	Detects command line parameters often used by crypto mining software
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
Public Nextron YARA rules	malware	Detects command line parameters often used by crypto mining software
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
Public Nextron YARA rules	malware	Detects command line parameters often used by crypto mining software
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
Public Nextron YARA rules	malware	Detects command line parameters often used by crypto mining software
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
Public Nextron YARA rules	malware	Detects command line parameters often used by crypto mining software
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
Public Nextron YARA rules	malware	Detects command line parameters often used by crypto mining software
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
Public Nextron YARA rules	malware	Detects command line parameters often used by crypto mining software
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
Public Nextron YARA rules	malware	Detects command line parameters often used by crypto mining software
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
Public Nextron YARA rules	malware	Detects command line parameters often used by crypto mining software
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
Public Nextron YARA rules	malware	Detects command line parameters often used by crypto mining software
VirusTotal	malicious	VirusTotal - Scan result 23/62

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

github.com/zealot-rvn/z-enemy/releases/download/kawpow262/z-enemy-2.6.2-win-cuda9.1.zip

140.82.121.3

302 Found

0 B

URL User Request GET HTTP/2
github.com/zealot-rvn/z-enemy/releases/download/kawpow262/z-enemy-2.6.2-win-cuda9.1.zip
IP
140.82.121.3:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zealot-rvn/z-enemy/releases/download/kawpow262/z-enemy-2.6.2-win-cuda9.1.zip HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Thu, 28 Mar 2024 15:20:30 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/261728188/baa1a380-9837-11ea-8e22-be3f942fd59b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240328T152030Z&X-Amz-Expires=300&X-Amz-Signature=f06625be293c65c6ee1ccfeb1882bff903da2131914132a5aebdd5f8734c42fa&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=261728188&response-content-disposition=attachment%3B%20filename%3Dz-enemy-2.6.2-win-cuda9.1.zip&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: B2BF:1806DD:1248B0A:1271287:66058ABE
X-Firefox-Spdy: h2

objects.githubusercontent.com/github-production-release-asset-2e65be/261728188/baa1a380-9837-11ea-8e22-be3f942fd59b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240328T152030Z&X-Amz-Expires=300&X-Amz-Signature=f06625be293c65c6ee1ccfeb1882bff903da2131914132a5aebdd5f8734c42fa&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=261728188&response-content-disposition=attachment%3B%20filename%3Dz-enemy-2.6.2-win-cuda9.1.zip&response-content-type=application%2Foctet-stream

185.199.111.133

200 OK

19 MB

URL User Request GET HTTP/2
objects.githubusercontent.com/github-production-release-asset-2e65be/261728188/baa1a380-9837-11ea-8e22-be3f942fd59b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240328T152030Z&X-Amz-Expires=300&X-Amz-Signature=f06625be293c65c6ee1ccfeb1882bff903da2131914132a5aebdd5f8734c42fa&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=261728188&response-content-disposition=attachment%3B%20filename%3Dz-enemy-2.6.2-win-cuda9.1.zip&response-content-type=application%2Foctet-stream
IP
185.199.111.133:443
ASN
#54113 FASTLY

Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
19 MB (19193821 bytes)
Hash
ba17610af3cfbc449568660bfce71c6c
6eb001d8b4d1b12af87046cface9d4775207616a
fb8fa6d03a819efec9c0e038c08f3eaceac025fdd21e00c996b65e75f69a5585

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 23/62

HTTP Headers

GET /github-production-release-asset-2e65be/261728188/baa1a380-9837-11ea-8e22-be3f942fd59b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240328T152030Z&X-Amz-Expires=300&X-Amz-Signature=f06625be293c65c6ee1ccfeb1882bff903da2131914132a5aebdd5f8734c42fa&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=261728188&response-content-disposition=attachment%3B%20filename%3Dz-enemy-2.6.2-win-cuda9.1.zip&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 13:09:50 GMT
etag: "0x8D9B982D9FB7B27"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2b3fed32-d01e-0064-1223-8110cd000000
x-ms-version: 2020-10-02
x-ms-creation-time: Tue, 17 Aug 2021 11:12:39 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=z-enemy-2.6.2-win-cuda9.1.zip
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 0
date: Thu, 28 Mar 2024 15:20:31 GMT
x-served-by: cache-iad-kcgs7200118-IAD, cache-hel1410024-HEL
x-cache: HIT, MISS
x-cache-hits: 4, 0
x-timer: S1711639231.623821,VS0,VE553
content-length: 19193821
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (19)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers