Report Overview
Visitedpublic
2024-08-01 15:08:00
Tags
Submit Tags
URL
raw.githubusercontent.com/returnvar/wce/master/wce.exe
Finishing URL
about:privatebrowsing
IP / ASN
185.199.110.133
Title
about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
r10.o.lencr.org | unknown | 2020-06-29 | 2024-06-06 21:45:11 | 2024-07-31 18:12:05 | 2.6 kB | 7.1 kB |  23.33.119.27 | |
raw.githubusercontent.com 8 alert(s) on this Host | 35802 | 2014-02-06 | 2014-03-01 08:08:08 | 2024-07-31 19:04:38 | 508 B | 209 kB | 185.199.110.133 |
Related reports
Threat Detection Systems
Public InfoSec YARA rules
| Scan Date | Severity | Indicator | Alert |
|---|---|---|---|
| 2024-08-01 | medium | raw.githubusercontent.com/returnvar/wce/master/wce.exe | Auto-generated rule - file iam-alt.exe |
| 2024-08-01 | medium | raw.githubusercontent.com/returnvar/wce/master/wce.exe | Detects different hacktools based on their imphash |
| 2024-08-01 | medium | raw.githubusercontent.com/returnvar/wce/master/wce.exe | wce |
| 2024-08-01 | medium | raw.githubusercontent.com/returnvar/wce/master/wce.exe | Windows Credential Editor |
| 2024-08-01 | medium | raw.githubusercontent.com/returnvar/wce/master/wce.exe | Detects Amplia Security Tool like Windows Credential Editor |
| 2024-08-01 | medium | raw.githubusercontent.com/returnvar/wce/master/wce.exe | Modified (packed) version of Windows Credential Editor |
| 2024-08-01 | medium | raw.githubusercontent.com/returnvar/wce/master/wce.exe | Identifies Windows Credentials Editor (WCE), post-exploitation tool. |
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
File detected
URL
raw.githubusercontent.com/returnvar/wce/master/wce.exe
IP / ASN
185.199.110.133
File Overview
File TypePE32 executable (console) Intel 80386, for MS Windows, 5 sections
Size208 kB (208384 bytes)
MD5df840ac27051d26555a109cc47d03fe4
SHA1bbe417463e04008bea15a5fe6d1dd5445a7d093c
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| Public Nextron YARA rules | malware | Auto-generated rule - file iam-alt.exe |
| Public Nextron YARA rules | malware | Detects different hacktools based on their imphash |
| Public Nextron YARA rules | malware | wce |
| Public Nextron YARA rules | malware | Windows Credential Editor |
| Public Nextron YARA rules | malware | Detects Amplia Security Tool like Windows Credential Editor |
| Public Nextron YARA rules | malware | Modified (packed) version of Windows Credential Editor |
| Public InfoSec YARA rules | malware | Identifies Windows Credentials Editor (WCE), post-exploitation tool. |
| VirusTotal | malicious |
JavaScript (0)
No JavaScripts
HTTP Transactions (9)
| URL | IP | Response | Size |
|---|