Report - d171.dvdfab.cn/download/67_13026_3f942afe/dvdfab13_x64

Report Overview

Visitedpublic

2025-03-11 11:49:40

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
d171.dvdfab.cn	unknown	2014-03-10	2024-03-06	2025-02-28	532 B	26 MB	172.67.69.59

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-03-11	medium	d171.dvdfab.cn/download/67_13026_3f942afe/dvdfab13_x64_13026.exe	Detect pe file that no import table

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

d171.dvdfab.cn/download/67_13026_3f942afe/dvdfab13_x64_13026.exe

IP / ASN

172.67.69.59

#13335 CLOUDFLARENET

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Size26 MB (25820893 bytes)

MD58b52f2d1f504637985932b0bd75c8608

SHA1036b58c7790e5316ecfd4a32c218fc40e32b6cb1

SHA25662bce7176dfe5d14ba402233be117c47ffaa6e94b5fd62fab1924762f14cf7e7

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET d171.dvdfab.cn/download/67_13026_3f942afe/dvdfab13_x64_13026.exe

172.67.69.59

200 OK

26 MB

URL User Request GET HTTPS

d171.dvdfab.cn/download/67_13026_3f942afe/dvdfab13_x64_13026.exe

IP / ASN

172.67.69.59

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

First Seen2025-03-11

Last Seen2025-04-11

Times Seen2

Size26 MB (25820893 bytes)

MD58b52f2d1f504637985932b0bd75c8608

SHA1036b58c7790e5316ecfd4a32c218fc40e32b6cb1

SHA25662bce7176dfe5d14ba402233be117c47ffaa6e94b5fd62fab1924762f14cf7e7

Certificate Info

IssuerGoogle Trust Services

Subjectdvdfab.cn

Fingerprint17:6D:F0:26:C9:98:C5:37:5B:86:7C:12:D5:9E:6B:F5:B8:0B:53:F0

ValiditySat, 25 Jan 2025 13:19:33 GMT - Fri, 25 Apr 2025 14:19:23 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table

HTTP Headers

GET /download/67_13026_3f942afe/dvdfab13_x64_13026.exe HTTP/1.1
Host: d171.dvdfab.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 11 Mar 2025 11:49:19 GMT
content-type: application/octet-stream
content-length: 329056264
cf-ray: 91ead3e7dc900b55-OSL
cf-cache-status: DYNAMIC
accept-ranges: bytes
etag: "66d6f277-139d0008"
last-modified: Tue, 03 Sep 2024 11:26:47 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=awCBCTeavq8CiKL269o9cHqKx4lnFTbBxNyO%2FCn80yQHlNbbasOga5LjHradVDteMlAARM97olJ7oefNFPOx7Z4tLHZHOLm9aM1WmUcq7j%2B2uQaPxVtHcBbCCXgShyr%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
server-timing: cfCacheStatus;desc="DYNAMIC", cfL4;desc="?proto=TCP&rtt=63362&min_rtt=57349&rtt_var=23885&sent=8&recv=9&lost=0&retrans=0&sent_bytes=3187&recv_bytes=1160&delivery_rate=63333&cwnd=250&unsent_bytes=0&cid=f66c03dd42e0c078&ts=1371&x=0"
X-Firefox-Spdy: h2