Report Overview
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
203.86.233.138 | unknown | unknown | 2013-11-27 | 2022-05-03 | 477 B | 3.8 MB | 203.86.233.138 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
No alerts detected
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
Scan Date | Severity | Indicator | Alert |
---|---|---|---|
2024-04-25 | medium | 203.86.233.138 | Sinkholed |
ThreatFox
No alerts detected
Files detected
URL
203.86.233.138/Dism.zip
IP
203.86.233.138
ASN
#133380 Layerstack Limited
File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
3.8 MB (3768666 bytes)
Hash
6da9c7006340c218499c500754c468ce
8f313a038d26c07105806529fc2d48de05136b63
Archive (44)
Filename | Md5 | File type | |||
---|---|---|---|---|---|
bcdboot.exe | be14be7c8f7f0f4e397b89979cb9cf6b | PE32+ executable (console) x86-64, for MS Windows, 6 sections | |||
CBSHost.dll | dd139df87a896b894335e03ece2973bf | PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections | |||
NCleaner.dll | c2058bcb1607ffb1a9fefd67c2e8f94a | PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections | |||
wimgapi.dll | 80826a2374b051468ffbd6e85993137d | PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections | |||
wofadk.sys | fba28d5ac166714737d1d8cdf0aef078
| PE32+ executable (native) x86-64, for MS Windows, 11 sections | |||
CBSHost.dll | d81098bec9f475c3a86e0fa38aeaa537 | PE32+ executable (DLL) (GUI) Aarch64, for MS Windows, 6 sections | |||
NCleaner.dll | 6f7a31f96e95d9467f755ec806b768ec | PE32+ executable (DLL) (GUI) Aarch64, for MS Windows, 6 sections | |||
Config.ini | 168e4e4925e5686edfe7b4b5bc6717ac | Unicode text, UTF-16, little-endian text, with CRLF line terminators | |||
Data.zip | c3df4642551b01ee38bc10bc4a06bad6 | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
default.ui.zip | e4b7bef45a8f48832ba59396509dcb76 | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
Dism++.log | 1596d3d9a3a1c1d05d6aa98412dfe7f1 | Unicode text, UTF-16, little-endian text, with CRLF line terminators | |||
bg.zip | d2efe76e6991016ea78d7e65db60a640 | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
cs.zip | 753bec76c97eacffb76a014dad3a1ce7 | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
de.zip | bcfbc20c0a8f1b98bfae74f34226c2d1 | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
en.zip | fd842ba14e068be060d796189a3e8c5f | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
es.zip | 7722877e0a3b724b1ab8376b15c55cde | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
fr.zip | 171bb9ae7e23a67851580c836f3854e8 | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
hu.xml | 2a4a6d7d07527d443249f93418a02733 | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (500), with CRLF line terminators | |||
hu.zip | 41a6e34ae471cc90b9726944f7a62ea1 | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
it.zip | eb6d9f6500ba05402346cc565ba91f98 | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
ja.zip | b2cb62a938632c49691d1695fc154797 | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
ko.zip | 9c33b2de43d59605edad7cb749191491 | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
pl-PL.zip | 9b585f34f8ad92d5d53d535c9f2c9a7c | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
pt.zip | ea45df438d131254b09d6273038b9571 | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
ru.zip | 781309626cd2bb7c1d775d86b59c6307 | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
tr.zip | 9d38e9b05583e41ec75c845e1da8d5c4 | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
zh-Hans.zip | a4fa2b5a0f9bc8da19549442aaa0d62d | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
zh-Hant.zip | e3c343994338e738b4e21adeca9b68a3 | Zip archive data, at least v2.0 to extract, compression method=deflate | |||
Plugin.amd64.dll | 67cbf66af892412815d9dd6fc52b693a
| PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections | |||
Plugin.arm64.dll | 17854fc434cb208b3c590fa627a802ed | PE32+ executable (DLL) (GUI) Aarch64, for MS Windows, 8 sections | |||
Plugin.x86.dll | da5b87e7cbc4fff5cc2702b3bf48f372
| PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections | |||
PluginRes.dll | cab1ebc67ee075f4844c0836b6b29d73 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections | |||
bcdboot.exe | 805a3acfb09848ce0255d20f7b993313 | PE32 executable (console) Intel 80386, for MS Windows, 5 sections | |||
CBSHost.dll | 9966252f6b62752f38bde0ff2970300d | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||
NCleaner.dll | 8fd2598d9c61ed8dff6d7bf661bf8287 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||
wimgapi.dll | 75faa0992273718b30295af7dd378cc3 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||
wofadk.sys | b58305136c4ce3508c0a3c9e48432ac9
| PE32 executable (native) Intel 80386, for MS Windows, 10 sections | |||
Dism++ARM64.exe | 0d97098aca8f5cad88148c8dba117b93 | PE32+ executable (GUI) Aarch64, for MS Windows, 6 sections | |||
Dism++x64.exe | a1a058ff98dc1f9320195b398aa06167 | PE32+ executable (GUI) x86-64, for MS Windows, 5 sections | |||
Dism++x86.exe | 8a5438a49bc5cf8e32aab67d697ceb67 | PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections | |||
ReadMe for NCleaner.txt | 4388f4b427e15c948147685eb5957da7 | Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | |||
What's New(Public).txt | f35ac674e9aa1fc6687b2b788c53f4e8 | Unicode text, UTF-16, little-endian text, with CRLF line terminators | |||
˫�� Dism++x86 ��������.txt | d41d8cd98f00b204e9800998ecf8427e | ||||
���Ƚ�ѹ��Ȼ�������У�����.txt | d41d8cd98f00b204e9800998ecf8427e |
Detections
Analyzer | Verdict | Alert |
---|---|---|
YARAhub by abuse.ch | malware | signed_sys_with_vulnerablity |
YARAhub by abuse.ch | malware | signed_sys_with_vulnerablity |
JavaScript (0)
HTTP Transactions (1)
URL | IP | Response | Size | |||||||
---|---|---|---|---|---|---|---|---|---|---|
203.86.233.138/Dism.zip | 203.86.233.138 | 200 OK | 3.8 MB | |||||||
Detections
HTTP Headers
| ||||||||||