Report - github.com/Flowseal/zapret-discord-youtube/releases/download/1.6.5/zapret-discord-youtube-1.6.5.zip

Report Overview

Visitedpublic

2025-04-24 18:19:30

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
github.com	1423	2007-10-09	2016-07-13	2025-04-23	567 B	1.3 MB	140.82.121.4
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2025-04-23	989 B	1.3 MB	185.199.111.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

objects.githubusercontent.com/github-production-release-asset-2e65be/869741127/3de501fa-c80b-47e8-87f1-b59a5ec471f6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250424%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250424T181857Z&X-Amz-Expires=300&X-Amz-Signature=653d5fb9dd904f6c92619ac7a8e042fc5f33c921043dd675d1530aca22460293&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dzapret-discord-youtube-1.6.5.zip&response-content-type=application%2Foctet-stream

IP / ASN

185.199.111.133

#54113 FASTLY

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=store

Size1.3 MB (1306115 bytes)

MD53f108330ccbebee2d2ef2ed59fd45f7c

SHA1f84c7cc864c9cdf70b486871acd052bc4a081522

SHA256730764ddbdfc482d723f843a4271e73db9adbb5d3b810e836551d20e138b439e

Archive (25)

Modified	Filename	Size	MD5	File type
2025-04-01 20:02	cygwin1.dll	3.0 MB	a1c82ed072dc079dd7851f82d9aa7678	PE32+ executable (DLL) (console) x86-64, for MS Windows, 14 sections
2025-04-01 20:02	quic_initial_www_google_com.bin	1.2 kB	312526d39958d89b1f8ab67789ab985f	data
2025-04-01 20:02	tls_clienthello_www_google_com.bin	681 B	41e47557f16690df1781f67c8712714e	data
2025-04-01 20:02	WinDivert.dll	48 kB	b2014d33ee645112d5dc16fe9d9fcbff	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections
2025-04-01 20:02	WinDivert64.sys	94 kB	89ed5be7ea83c01d0de33d3519944aa5	PE32+ executable (native) x86-64, for MS Windows, 8 sections
2025-04-01 20:02	winws.exe	166 kB	ec12efe5edcbfb6a3f04f433734aea76	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections
2025-04-01 20:02	check_updates.bat	1.4 kB	36f51b1fa2b4409e0eca7acc03ec4e50	DOS batch file, ASCII text, with CRLF line terminators
2025-04-01 20:02	discord.bat	763 B	6717bd1f6b165e102781520c134539b2	DOS batch file, ASCII text, with CRLF line terminators
2025-04-01 20:02	general (ALT).bat	1.4 kB	44c78e0fdec6bd68537d2de3943e88f4	DOS batch file, ASCII text, with CRLF line terminators
2025-04-01 20:02	general (ALT2).bat	1.4 kB	beed776c1fe3612f435161af55d799fa	DOS batch file, ASCII text, with CRLF line terminators
2025-04-01 20:02	general (ALT3).bat	1.3 kB	ed66b1ff2170e48e50accbde8e906c8d	DOS batch file, ASCII text, with CRLF line terminators
2025-04-01 20:02	general (ALT4).bat	1.4 kB	5f7d5cfc0de9812c1525ccf2a676a3f2	DOS batch file, ASCII text, with CRLF line terminators
2025-04-01 20:02	general (ALT5).bat	1.1 kB	413f9095499936948e630730ba7b091d	DOS batch file, ASCII text, with CRLF line terminators
2025-04-01 20:02	general (FAKE TLS MOD).bat	1.2 kB	f7624127fe73cf76f1135782d0a8394e	DOS batch file, ASCII text, with CRLF line terminators
2025-04-01 20:02	general (��).bat	1.4 kB	e15b4c26cf28fef7ded350c9108d4842	DOS batch file, ASCII text, with CRLF line terminators
2025-04-01 20:02	general (��2).bat	1.4 kB	6131185da2e029fa858f1d3c0a705b24	DOS batch file, ASCII text, with CRLF line terminators
2025-04-01 20:02	general.bat	1.4 kB	d05473d7509de480c08411a5fa6182d7	DOS batch file, ASCII text, with CRLF line terminators
2025-04-01 20:02	ipset-cloudflare.txt	244 B	d256a743a5963f779ce3ede0b1ff4659	ASCII text, with CRLF line terminators
2025-04-01 20:02	ipset-discord.txt	12 kB	d5b37e29762fbeabc4b54668528833bd	ASCII text, with CRLF line terminators
2025-04-01 20:02	list-discord.txt	447 B	c51a0326ffa03cd00c659a1772a4e3fc	ASCII text, with CRLF line terminators
2025-04-01 20:02	list-general.txt	797 B	56aa64ba9ee5ea3ec57f15b32db81ee1	ASCII text, with CRLF line terminators
2025-04-01 20:02	README.md	9.1 kB	0b8df5a40d1c48efd021844c07ae697b	HTML document, Unicode text, UTF-8 text, with very long lines (301), with CRLF line terminators
2025-04-01 20:02	service_install.bat	3.3 kB	4590b515dd01bd8c34839e09fe76de5c	DOS batch file, ASCII text, with CRLF line terminators
2025-04-01 20:02	service_remove.bat	452 B	cd1c7eec85e77b38aec99aae5a1b4db9	DOS batch file, ASCII text, with CRLF line terminators
2025-04-01 20:02	service_status.bat	783 B	a7fe0d591a90692afb3a19699520b2c9	DOS batch file, ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects WinDivert User-Mode packet capturing driver
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 3/65

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size