Report - len.im/usr/uploads/2022/02/11018795.zip

Report Overview

Submitted URL
len.im/usr/uploads/2022/02/11018795.zip
IP
45.128.222.33
ASN
#55933 Cloudie Limited
Submitted
2024-04-25 11:47:43
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
len.im	unknown	unknown	2020-04-27	2023-11-09	493 B	1.4 MB	45.128.222.33

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
len.im/usr/uploads/2022/02/11018795.zip
IP
45.128.222.33
ASN
#55933 Cloudie Limited

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.4 MB (1388445 bytes)
Hash
2161ff909f34e3f3d96a9a4233f167ec
219d27aca1e2a681a3d646ad69f609ad70b57c95
a6dd0fda5e671726af377009d23b103325584337cbcd1353a72a3f3433cc721f

Archive (60)

Filename

Md5

File type

AppdataInfo.txt

66839d97fc7f78f90689116bc159aa44

Unicode text, UTF-16, little-endian text, with CRLF line terminators

excludepath.txt

dda8fbcadceea33c21eb1cac61baf073

Unicode text, UTF-16, little-endian text, with CRLF line terminators

folder.txt

0201ee92161eca8d5de7b5330aec65bf

Unicode text, UTF-16, little-endian text, with CRLF line terminators

GitCode��.vbs

3a976611187b9ea1b9a0a2e254a457d8

assembler source, ISO-8859 text, with CRLF line terminators

Gitee��.vbs

557a581a299b79d43c44b0aa4af946d7

assembler source, ISO-8859 text, with CRLF line terminators

scanpath.txt

0269b9f9f3869630bf0cf9302ab842a6

Unicode text, UTF-16, little-endian text, with CRLF line terminators

sign.txt

ef4d8dfddc220a65d1786fd71613644a

Unicode text, UTF-16, little-endian text, with CRLF line terminators

whitepath.txt

f6210f542c5c2fd33d48a16236bb4b76

Unicode text, UTF-16, little-endian text, with CRLF line terminators

��folder˵��.txt

3a15803e2cdb5cff172604dcf22c8bb2

Unicode text, UTF-16, little-endian text, with CRLF line terminators

��ǩsign˵��.txt

0bdf859c1235bc2039e0635adfc9d519

Unicode text, UTF-16, little-endian text, with CRLF line terminators

��˵��.txt

1bfb46579a4a49f162c2f70fc60fda41

ISO-8859 text, with CRLF line terminators

SoftCnKiller.exe

fae706f5b746d53b441296ac315e5353

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

ʹ��ǰ��å��.bat

4ada6bfd85c9e261903011c4f29c608d

DOS batch file, ISO-8859 text, with CRLF line terminators

��λ.exe

588daac86508164ed190ec7360db89ba

PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections

΢��.png

9e0dc55f094eea396eb679d47bc9944d

PNG image data, 1037 x 1037, 8-bit/color RGBA, non-interlaced

bat.reg

27f43a775df908cfe0c3882caa49e01f

Windows Registry little-endian text (Win2K or above)

cmd.reg

7ccf003d830711b738e852e82595b999

Windows Registry little-endian text (Win2K or above)

com.reg

9c85e5dec22d116537aab872765c6701

Windows Registry little-endian text (Win2K or above)

exe.reg

16411f056a92b0d6a7cd4428aa623418

Windows Registry little-endian text (Win2K or above)

ini.reg

263438b84ce8e812c69fee5e2cdd9a8a

Windows Registry little-endian text (Win2K or above)

lnk.reg

9eb851f41dc83118ad24eb769f8aa40a

Windows Registry little-endian text (Win2K or above)

log.reg

42508377c3ac10a72355243e49adc66b

Windows Registry little-endian text (Win2K or above)

pif.reg

b4adbbd8ba4104073c7c8b32d6fe42ec

Windows Registry little-endian text (Win2K or above)

txt.reg

0d8b79ab3a8b7afaa2c7056cf4f1168b

Windows Registry little-endian text (Win2K or above)

vbs.reg

16b8a9b7ebbc852e6f8fca66d8a7d1ef

Windows Registry little-endian text (Win2K or above)

ȫ��.bat

ba0e77c589fd70ccc9cec6273bb6b1db

DOS batch file, ASCII text, with CRLF line terminators

bat.reg

27f43a775df908cfe0c3882caa49e01f

Windows Registry little-endian text (Win2K or above)

cmd.reg

7ccf003d830711b738e852e82595b999

Windows Registry little-endian text (Win2K or above)

com.reg

134e749d1443574d3bfcd1e3bbfc5f3c

Windows Registry little-endian text (Win2K or above)

exe.reg

14c81b4106064f1b6f4fb674e2a9c774

Windows Registry little-endian text (Win2K or above)

ini.reg

7a4ee3cea6a2df30e83de0c02ffa0c31

Windows Registry little-endian text (Win2K or above)

lnk.reg

402496f016c4a995ada19c8bdd47fc6e

Windows Registry little-endian text (Win2K or above)

log.reg

3753c417ce3e2a8e28eb4e6e7ee9210c

Windows Registry little-endian text (Win2K or above)

pif.reg

0f0e410dfe9459cbd8bfb0e7ffd47c18

Windows Registry little-endian text (Win2K or above)

txt.reg

1a829f6b8cf60c15aec02006aaf5d2d4

Windows Registry little-endian text (Win2K or above)

vbs.reg

16b8a9b7ebbc852e6f8fca66d8a7d1ef

Windows Registry little-endian text (Win2K or above)

ȫ��.bat

ba0e77c589fd70ccc9cec6273bb6b1db

DOS batch file, ASCII text, with CRLF line terminators

bat.reg

27f43a775df908cfe0c3882caa49e01f

Windows Registry little-endian text (Win2K or above)

cmd.reg

7ccf003d830711b738e852e82595b999

Windows Registry little-endian text (Win2K or above)

com.reg

9c85e5dec22d116537aab872765c6701

Windows Registry little-endian text (Win2K or above)

exe.reg

7137433c37014640d215e63f5638c45e

Windows Registry little-endian text (Win2K or above)

ini.reg

263438b84ce8e812c69fee5e2cdd9a8a

Windows Registry little-endian text (Win2K or above)

lnk.reg

054c353019f6cf7e81c9a2334a8f3490

Windows Registry little-endian text (Win2K or above)

log.reg

42508377c3ac10a72355243e49adc66b

Windows Registry little-endian text (Win2K or above)

pif.reg

4ad499cde88cad01999cad6b2fb4a4cf

Windows Registry little-endian text (Win2K or above)

txt.reg

258a8b3aa238b49100a8f341dba00da4

Windows Registry little-endian text (Win2K or above)

vbs.reg

16b8a9b7ebbc852e6f8fca66d8a7d1ef

Windows Registry little-endian text (Win2K or above)

ȫ��.bat

ba0e77c589fd70ccc9cec6273bb6b1db

DOS batch file, ASCII text, with CRLF line terminators

bat.reg

faab8720c3395986de9bd3c75218d105

Windows Registry little-endian text (Win2K or above)

cmd.reg

abf75c976cc69e2f9579db8963a41404

Windows Registry little-endian text (Win2K or above)

com.reg

538839aa98bfe6901e05d00f3fa0b6bc

Windows Registry little-endian text (Win2K or above)

exe.reg

66786556b56ebc37ae02a38d40a7445f

Windows Registry little-endian text (Win2K or above)

ini.reg

eeafee5673d3ae474f82bbd9639daa57

Windows Registry little-endian text (Win2K or above)

lnk.reg

828fab31636da3a6c18ec7913e9bc233

Windows Registry little-endian text (Win2K or above)

log.reg

6719ced656ccfd2cbee33519374fb4d3

Windows Registry little-endian text (Win2K or above)

pif.reg

49190255871c36e0a611f2799fcc1ad7

Windows Registry little-endian text (Win2K or above)

txt.reg

6cbf21d463aaafea8394e9ec4dfe2fee

Windows Registry little-endian text (Win2K or above)

vbs.reg

9d4819493830e4f70aa93c5af52550a0

Windows Registry little-endian text (Win2K or above)

ȫ��.bat

24a05f77e9d615fd175aa196caf198bd

ASCII text, with CRLF line terminators

ѡ��ǰϵͳ��ͬ��ļ��н��룬ɱ��

d41d8cd98f00b204e9800998ecf8427e

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

len.im/usr/uploads/2022/02/11018795.zip

45.128.222.33

200 OK

1.4 MB

URL User Request GET HTTP/2
len.im/usr/uploads/2022/02/11018795.zip
IP
45.128.222.33:443
ASN
#55933 Cloudie Limited

Certificate
IssuerLet's Encrypt
Subjectlen.im
FingerprintF5:F2:E5:20:F8:DE:13:2D:A1:34:35:F9:43:F5:4F:36:1A:B1:C2:69
ValidityWed, 17 Apr 2024 15:10:27 GMT - Tue, 16 Jul 2024 15:10:26 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.4 MB (1388445 bytes)
Hash
2161ff909f34e3f3d96a9a4233f167ec
219d27aca1e2a681a3d646ad69f609ad70b57c95
a6dd0fda5e671726af377009d23b103325584337cbcd1353a72a3f3433cc721f

HTTP Headers

GET /usr/uploads/2022/02/11018795.zip HTTP/1.1
Host: len.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 11:47:18 GMT
content-type: application/zip
content-length: 1388445
last-modified: Thu, 17 Feb 2022 04:33:20 GMT
etag: "620dd010-152f9d"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2