Report - 203.86.233.138/Dism.zip

Report Overview

Submitted URL
203.86.233.138/Dism.zip
IP
203.86.233.138
ASN
#133380 Layerstack Limited
Submitted
2024-04-25 06:52:17
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
203.86.233.138	unknown	unknown	2013-11-27	2022-05-03	477 B	3.8 MB	203.86.233.138

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	203.86.233.138	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
203.86.233.138/Dism.zip
IP
203.86.233.138
ASN
#133380 Layerstack Limited

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
3.8 MB (3768666 bytes)
Hash
6da9c7006340c218499c500754c468ce
8f313a038d26c07105806529fc2d48de05136b63
3d49daaf15d31eb8e3a72a2c843879e7864754ee74ba98e9741af911e7d1f245

Archive (44)

Filename

Md5

File type

bcdboot.exe

be14be7c8f7f0f4e397b89979cb9cf6b

PE32+ executable (console) x86-64, for MS Windows, 6 sections

CBSHost.dll

dd139df87a896b894335e03ece2973bf

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

NCleaner.dll

c2058bcb1607ffb1a9fefd67c2e8f94a

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

wimgapi.dll

80826a2374b051468ffbd6e85993137d

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

wofadk.sys

fba28d5ac166714737d1d8cdf0aef078

PE32+ executable (native) x86-64, for MS Windows, 11 sections

CBSHost.dll

d81098bec9f475c3a86e0fa38aeaa537

PE32+ executable (DLL) (GUI) Aarch64, for MS Windows, 6 sections

NCleaner.dll

6f7a31f96e95d9467f755ec806b768ec

PE32+ executable (DLL) (GUI) Aarch64, for MS Windows, 6 sections

Config.ini

168e4e4925e5686edfe7b4b5bc6717ac

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Data.zip

c3df4642551b01ee38bc10bc4a06bad6

Zip archive data, at least v2.0 to extract, compression method=deflate

default.ui.zip

e4b7bef45a8f48832ba59396509dcb76

Zip archive data, at least v2.0 to extract, compression method=deflate

Dism++.log

1596d3d9a3a1c1d05d6aa98412dfe7f1

Unicode text, UTF-16, little-endian text, with CRLF line terminators

bg.zip

d2efe76e6991016ea78d7e65db60a640

Zip archive data, at least v2.0 to extract, compression method=deflate

cs.zip

753bec76c97eacffb76a014dad3a1ce7

Zip archive data, at least v2.0 to extract, compression method=deflate

de.zip

bcfbc20c0a8f1b98bfae74f34226c2d1

Zip archive data, at least v2.0 to extract, compression method=deflate

en.zip

fd842ba14e068be060d796189a3e8c5f

Zip archive data, at least v2.0 to extract, compression method=deflate

es.zip

7722877e0a3b724b1ab8376b15c55cde

Zip archive data, at least v2.0 to extract, compression method=deflate

fr.zip

171bb9ae7e23a67851580c836f3854e8

Zip archive data, at least v2.0 to extract, compression method=deflate

hu.xml

2a4a6d7d07527d443249f93418a02733

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (500), with CRLF line terminators

hu.zip

41a6e34ae471cc90b9726944f7a62ea1

Zip archive data, at least v2.0 to extract, compression method=deflate

it.zip

eb6d9f6500ba05402346cc565ba91f98

Zip archive data, at least v2.0 to extract, compression method=deflate

ja.zip

b2cb62a938632c49691d1695fc154797

Zip archive data, at least v2.0 to extract, compression method=deflate

ko.zip

9c33b2de43d59605edad7cb749191491

Zip archive data, at least v2.0 to extract, compression method=deflate

pl-PL.zip

9b585f34f8ad92d5d53d535c9f2c9a7c

Zip archive data, at least v2.0 to extract, compression method=deflate

pt.zip

ea45df438d131254b09d6273038b9571

Zip archive data, at least v2.0 to extract, compression method=deflate

ru.zip

781309626cd2bb7c1d775d86b59c6307

Zip archive data, at least v2.0 to extract, compression method=deflate

tr.zip

9d38e9b05583e41ec75c845e1da8d5c4

Zip archive data, at least v2.0 to extract, compression method=deflate

zh-Hans.zip

a4fa2b5a0f9bc8da19549442aaa0d62d

Zip archive data, at least v2.0 to extract, compression method=deflate

zh-Hant.zip

e3c343994338e738b4e21adeca9b68a3

Zip archive data, at least v2.0 to extract, compression method=deflate

Plugin.amd64.dll

67cbf66af892412815d9dd6fc52b693a

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections

Plugin.arm64.dll

17854fc434cb208b3c590fa627a802ed

PE32+ executable (DLL) (GUI) Aarch64, for MS Windows, 8 sections

Plugin.x86.dll

da5b87e7cbc4fff5cc2702b3bf48f372

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

PluginRes.dll

cab1ebc67ee075f4844c0836b6b29d73

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

bcdboot.exe

805a3acfb09848ce0255d20f7b993313

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

CBSHost.dll

9966252f6b62752f38bde0ff2970300d

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

NCleaner.dll

8fd2598d9c61ed8dff6d7bf661bf8287

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

wimgapi.dll

75faa0992273718b30295af7dd378cc3

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

wofadk.sys

b58305136c4ce3508c0a3c9e48432ac9

PE32 executable (native) Intel 80386, for MS Windows, 10 sections

Dism++ARM64.exe

0d97098aca8f5cad88148c8dba117b93

PE32+ executable (GUI) Aarch64, for MS Windows, 6 sections

Dism++x64.exe

a1a058ff98dc1f9320195b398aa06167

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

Dism++x86.exe

8a5438a49bc5cf8e32aab67d697ceb67

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

ReadMe for NCleaner.txt

4388f4b427e15c948147685eb5957da7

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

What's New(Public).txt

f35ac674e9aa1fc6687b2b788c53f4e8

Unicode text, UTF-16, little-endian text, with CRLF line terminators

˫�� Dism++x86 ��.txt

d41d8cd98f00b204e9800998ecf8427e

��Ƚ�ѹ��Ȼ��У��.txt

d41d8cd98f00b204e9800998ecf8427e

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

203.86.233.138/Dism.zip

203.86.233.138

200 OK

3.8 MB

URL User Request GET HTTP/2
203.86.233.138/Dism.zip
IP
203.86.233.138:443
ASN
#133380 Layerstack Limited

Certificate
IssuerZeroSSL
Subject203.86.233.138
Fingerprint70:D4:2F:4B:B0:F0:6B:48:24:EA:3D:63:A9:34:09:CD:C4:62:F4:A4
ValiditySat, 20 Apr 2024 00:00:00 GMT - Fri, 19 Jul 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
3.8 MB (3768666 bytes)
Hash
6da9c7006340c218499c500754c468ce
8f313a038d26c07105806529fc2d48de05136b63
3d49daaf15d31eb8e3a72a2c843879e7864754ee74ba98e9741af911e7d1f245

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Dism.zip HTTP/1.1
Host: 203.86.233.138
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-zip-compressed
last-modified: Thu, 18 Apr 2024 20:22:46 GMT
accept-ranges: bytes
etag: "9c693e2dce91da1:0"
server: Microsoft-IIS/10.0
date: Thu, 25 Apr 2024 06:51:50 GMT
content-length: 3768666
X-Firefox-Spdy: h2