Report - drivers.plus/get/7/d/b/4/d/0004-RtsXStor

Report Overview

Submitted URL
drivers.plus/get/7/d/b/4/d/0004-RtsXStor_10.0.370.125.zip
IP
172.67.153.154
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-17 20:18:30
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
9

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
download-eu.drivers.plus	unknown	2019-04-20	2019-11-25	2024-04-12	576 B	18 MB	172.67.153.154
drivers.plus	102387	2019-04-20	2019-07-21	2024-04-12	513 B	18 MB	172.67.153.154

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
download-eu.drivers.plus/download/Pbif_pV7QWTYGwfqKw1oLw/1713386276/7/d/b/4/d/0004-RtsXStor_10.0.370.125.zip
IP
172.67.153.154
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
18 MB (18134764 bytes)
Hash
1d2f2a05c7cd04d528df38629b9f0e5c
00a8a41000d36b0343c724dc21caec5d3e0343dc
7db4deb0f6a9c73ced99b99cd0e8c6b2e6fdc64e587fd2cf9c3c0cd11de7de0f

Archive (96)

Filename

Md5

File type

0x0402.ini

6f82f2efc4a5da513e0222f47fb5fc2d

Unicode text, UTF-16, little-endian text, with very long lines (332), with CRLF line terminators

0x0403.ini

04b3d8be6e6f17f13a3be3f24e3ac1b0

Unicode text, UTF-16, little-endian text, with very long lines (340), with CRLF line terminators

0x0404.ini

ec1f8f71fa21c49bc96a17c81ad51598

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0405.ini

9fb56981dd06830b30cd9cadf54270d6

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0406.ini

7c6ad5705b8c076697c1ca0eb6229f6f

Unicode text, UTF-16, little-endian text, with very long lines (316), with CRLF line terminators

0x0407.ini

9a62da6c523506355c1bf1b30db73edd

Unicode text, UTF-16, little-endian text, with very long lines (324), with CRLF line terminators

0x0408.ini

c7a740c71fb3779c8ae2626729a44389

Unicode text, UTF-16, little-endian text, with very long lines (389), with CRLF line terminators

0x0409.ini

be345d0260ae12c5f2f337b17e07c217

Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators

0x040a.ini

e872c54c58eef055bc791d3eead093c3

Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators

0x040b.ini

48dd00b7d72fb37f937db5714bf8a725

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x040c.ini

35989450c8121207917f04d1ebe4ca2a

Unicode text, UTF-16, little-endian text, with very long lines (317), with CRLF line terminators

0x040e.ini

a143f6d5ac3832b025c9d04855a790fd

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0410.ini

f89fc24fce7b72a6c9a6e1f9e7b22d8a

Unicode text, UTF-16, little-endian text, with very long lines (304), with CRLF line terminators

0x0411.ini

6ebbb5d67423d8d85f1688b561bf5304

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0412.ini

73e70a6b9354e80237c8e2b3170830a0

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0413.ini

dc1c05a9fce06cf659c20aed317dd417

Unicode text, UTF-16, little-endian text, with very long lines (324), with CRLF line terminators

0x0414.ini

e526541768a0b9a3618a2894a8e2447e

Unicode text, UTF-16, little-endian text, with very long lines (327), with CRLF line terminators

0x0415.ini

3a87540523d5a3a31bdf99d89e3b7eec

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0416.ini

76740d1a6e424e9803e3808205b32003

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0418.ini

21b6308422fac36fadd143bc7166d082

Unicode text, UTF-16, little-endian text, with very long lines (339), with CRLF line terminators

0x0419.ini

d12957cbc8d709ddacb854ccb7e09bea

Unicode text, UTF-16, little-endian text, with very long lines (365), with CRLF line terminators

0x041a.ini

fb6a3f20ce97f400dbf455f7a1c204f0

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x041b.ini

0bee9dd7762e406f7a2396788a00d2c9

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x041d.ini

93369d4b2cce8b9de7c55e8e5fcedc30

Unicode text, UTF-16, little-endian text, with very long lines (343), with CRLF line terminators

0x041e.ini

8ffded15081f4deb72f57fa5d2311930

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x041f.ini

a27cbe2097f5b565ef28aa45ede705d8

Unicode text, UTF-16, little-endian text, with very long lines (306), with CRLF line terminators

0x0421.ini

71d320ad6f04473c8e9e6bb8d524d882

Unicode text, UTF-16, little-endian text, with very long lines (374), with CRLF line terminators

0x0424.ini

7231ba1301dba9e30ea0872f7cf0bbb0

Unicode text, UTF-16, little-endian text, with very long lines (342), with CRLF line terminators

0x042d.ini

7899609e5715a75703315c90b5587a47

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0804.ini

3d94ea458231bb249e464a3246e47d39

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0816.ini

778d180bc04720f5bbff25e3d750bbda

Unicode text, UTF-16, little-endian text, with very long lines (323), with CRLF line terminators

0x0c0c.ini

62888396ed6fa3cacd828b6819a2cedf

Unicode text, UTF-16, little-endian text, with very long lines (323), with CRLF line terminators

0x0c1a.ini

86c914540b0c3fed955c8720679d981a

Unicode text, UTF-16, little-endian text, with very long lines (329), with CRLF line terminators

config.ini

f24e0a763bf6003d21221ed75e525ba2

Generic INItialization configuration [IconMan Config]

Rmb.exe

8b23fb9dd8cdf72b7c8a598fe9e1336c

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

SDRTCPRM.dll

b280c40f4c33935d20056bfec3a18d8a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

SetEHCIKey.exe

a199bb131aa3d1e387e99ed774cdaa54

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

data1.cab

f68f87f190a988c4ae8b6682ce2d7df2

InstallShield CAB, version 0x4000834

data1.hdr

fe4a919cde86f401c6e0daed7da394ab

InstallShield setup header, version 0x4000834, descriptor size 0x779f

data2.cab

6d4c43c8d40f06fa06b8c1ab6cc491bf

InstallShield CAB, version 0x4000834

RealtekVerinfo.dll

0515e5959ecd4103b5132a88d49800b3

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

RsCRIcon.dll

152893cbdcfdac9ceca7b5ed9a570a0d

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

RtCRU32.exe

43a40908f978ff160600a9b709041117

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

RtCRX.dll

0ef79e9218603a4c4af8dd7a2455c79f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

RtsBaStor.sys

e3e40db4ea7761afc47fe664ed5179f0

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

rtsbastor32.cat

aa83512f2e6345667f684bc8e6beb893

DER Encoded PKCS#7 Signed Data

RtsBaStorX.inf

cc4573116692f0fa23203048ee20e9ed

Windows setup INFormation

RtsP2Stor.sys

b92835be07e07f4def4611ac1548a910

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

rtsp2stor32.cat

bb176ed7753557d9b59eb0a121af83eb

DER Encoded PKCS#7 Signed Data

RtsP2StorX.inf

70cd7453fd82ac07623124d83dcd5b2a

Windows setup INFormation

RtsPer.sys

4909fe1a64b3c2190286357a9f66ec4d

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

rtsper32.cat

e74811fa75f1baf5832ec160521417a6

DER Encoded PKCS#7 Signed Data

RtsPerX.inf

1e734b30fc1f08317261c73eb5a648ca

Windows setup INFormation

RtsPStor.sys

c765fde9d9e1986add9bc1da87096542

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

rtspstor32.cat

40b53c0c0b28fd4915ac90fd51bccb37

DER Encoded PKCS#7 Signed Data

RtsPStorX.inf

fe5eaa882b18aa0057c2777d4fb4770d

Windows setup INFormation

RtsUer.sys

51053b3d3cf8db997c850d21e73a3983

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

rtsuer32.cat

d4b2f388dae56f088d09f81a5b186cdb

DER Encoded PKCS#7 Signed Data

RtsUerXSDO.inf

00313ef53fddba033632ef5c65ecbc1b

Windows setup INFormation

SDRTCPRM.dll

b280c40f4c33935d20056bfec3a18d8a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

RealtekVerinfo.dll

992ce5f74dedee948326593353400576

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

RsCRIcon.dll

316a9e7e0eeea57050e19732ce5941e1

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 2 sections

RtCRU64.exe

bafe98d46bab095f7935c444dbf9a884

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

RtCRX64.dll

eabd549516bf670a684743eee6a1ada9

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

RtsBaStor.sys

4fd2bad595a2c366fc0312e30362e7ad

PE32+ executable (native) x86-64, for MS Windows, 8 sections

rtsbastor64.cat

7826d1293a3933348da206e08a046963

DER Encoded PKCS#7 Signed Data

RtsBaStorX.inf

2be7aef2ac5665d7c9cdecd6c5aa42c4

Windows setup INFormation

RtsP2Stor.sys

ca864d504a5e56af84a491b4aa1f8a98

PE32+ executable (native) x86-64, for MS Windows, 8 sections

rtsp2stor64.cat

275cb67761b94d0650e103bf06a82b5d

DER Encoded PKCS#7 Signed Data

RtsP2StorX.inf

4d63f9faf8f15a21e056bf437b429774

Windows setup INFormation

RtsPer.sys

390594592126d5ebe0c98c0a3094096e

PE32+ executable (native) x86-64, for MS Windows, 8 sections

rtsper64.cat

6aee9344a02ebec78dff447d8f61bf2d

DER Encoded PKCS#7 Signed Data

RtsPerX.inf

65f1b3dc72e2b380913e5dee376fa56d

Windows setup INFormation

RtsPStor.sys

5b8a2a5ef34109489d78bbb983b9242e

PE32+ executable (native) x86-64, for MS Windows, 8 sections

rtspstor64.cat

fc9f7da178157a123cefba17d6fa9e19

DER Encoded PKCS#7 Signed Data

RtsPStorX.inf

a89fe2b8a3197c76bf1a5e815ef75446

Windows setup INFormation

RtsUer.sys

ae4607d7c7aa83a863bfa214483e8ee4

PE32+ executable (native) x86-64, for MS Windows, 8 sections

rtsuer64.cat

32e08f61137500f5aa5e96d5b1bbb23f

DER Encoded PKCS#7 Signed Data

RtsUerXSDO.inf

f50b411b8040bb5d366d00a36635663e

Windows setup INFormation

SDRTCPRM.dll

b280c40f4c33935d20056bfec3a18d8a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ISSetup.dll

a17a7931b3524d05253c5aa3d06fd364

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed, 3 sections

layout.bin

4b0a11180eb5b6a1f6ab4838ac948338

data

pkgconf.ini

6e07d1c74e210e6b8531f5556d010b70

Generic INItialization configuration [RTSUSTOR_DEVLIST]

readme.txt

faf69564b34169a46a021371a47623be

ASCII text, with CRLF, CR line terminators

setup.exe

f0e454dbcea967dc638d9871ce0f44e6

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

setup.ini

2327a230ecc7dcefaaaece10cd4cfe6c

Unicode text, UTF-16, little-endian text, with CRLF line terminators

setup.inx

28fc0304b027218f852370bb117c6f1b

data

setup.isn

70c64eecbb4f86de7829c50000fcd18e

data

setup.iss

b4b107d49d836b42e2c6a7d0753f9bf2

Generic INItialization configuration [File Transfer]

SilentInstall.bat

15c354419c025e6939416607625e1725

ASCII text, with no line terminators

u2setup.iss

fcfd9d2afea35248a8128cc1b1b6d934

Generic INItialization configuration [File Transfer]

u3setup.iss

7010795fb4f487ae9c4ac7c7169ecdf2

Generic INItialization configuration [File Transfer]

usetup.iss

3824ae51ab3f4954ec60d6a8ce286b40

Generic INItialization configuration [File Transfer]

Display.ico

aa1430c6b82255759552373c3870e9ed

MS Windows icon resource - 4 icons, 256x256, 32 bits/pixel, 48x48, 32 bits/pixel

revcon32.exe

04f1988ddae69887b17aadbd676c642d

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

revcon64.exe

abd6c51076b59e5698d7332574b41f84

PE32+ executable (console) x86-64, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	download-eu.drivers.plus/download/Pbif_pV7QWTYGwfqKw1oLw/1713386276/7/d/b/4/d/0004-RtsXStor_10.0.370.125.zip	172.67.153.154	200 OK	18 MB
URL User Request GET HTTP/3 download-eu.drivers.plus/download/Pbif_pV7QWTYGwfqKw1oLw/1713386276/7/d/b/4/d/0004-RtsXStor_10.0.370.125.zip IP 172.67.153.154:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services LLC Subjectdrivers.plus Fingerprint8B:59:2F:9E:C5:04:34:88:AA:60:F0:62:B0:B8:86:4F:66:14:FA:7C ValidityThu, 07 Mar 2024 23:38:17 GMT - Wed, 05 Jun 2024 23:38:16 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 18 MB (18134764 bytes) Hash 1d2f2a05c7cd04d528df38629b9f0e5c 00a8a41000d36b0343c724dc21caec5d3e0343dc 7db4deb0f6a9c73ced99b99cd0e8c6b2e6fdc64e587fd2cf9c3c0cd11de7de0f HTTP Headers GET /download/Pbif_pV7QWTYGwfqKw1oLw/1713386276/7/d/b/4/d/0004-RtsXStor_10.0.370.125.zip HTTP/1.1 Host: download-eu.drivers.plus User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Wed, 17 Apr 2024 20:17:57 GMT content-type: application/zip content-length: 18134764 last-modified: Wed, 10 Apr 2019 11:36:13 GMT etag: "5cadd52d-114b6ec" x-frame-options: SAMEORIGIN strict-transport-security: max-age=15768000; includeSubDomains; preload; x-content-type-options: nosniff x-xss-protection: 1;mode=block referrer-policy: no-referrer-when-downgrade alt-svc: h3=":443"; ma=86400 cache-control: max-age=2678400 cf-cache-status: MISS accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TcUm43jEzketU0jL44brHgz9WzVnNFcejJqn75aR2T2DACsBuRxLy7QXkMTCUBJQHaL9ZCgi2rfM7mJ644b%2FBOHYDrNmzG2eLyCVE4d7a3aRQDbWXe%2FGGOsiBXzdPqnwAQZ5XyEFSZpUlu0%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 875f19fa3d7856c0-OSL

	drivers.plus/get/7/d/b/4/d/0004-RtsXStor_10.0.370.125.zip	172.67.153.154	302 Found	18 MB
URL User Request GET HTTP/2 drivers.plus/get/7/d/b/4/d/0004-RtsXStor_10.0.370.125.zip IP 172.67.153.154:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services LLC Subjectdrivers.plus Fingerprint8B:59:2F:9E:C5:04:34:88:AA:60:F0:62:B0:B8:86:4F:66:14:FA:7C ValidityThu, 07 Mar 2024 23:38:17 GMT - Wed, 05 Jun 2024 23:38:16 GMT File type Size 18 MB (18134764 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /get/7/d/b/4/d/0004-RtsXStor_10.0.370.125.zip HTTP/1.1 Host: drivers.plus User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 302 Found date: Wed, 17 Apr 2024 20:17:56 GMT content-type: text/html; charset=UTF-8 location: //download-eu.drivers.plus/download/Pbif_pV7QWTYGwfqKw1oLw/1713386276/7/d/b/4/d/0004-RtsXStor_10.0.370.125.zip x-frame-options: SAMEORIGIN strict-transport-security: max-age=15768000; includeSubDomains; preload; x-content-type-options: nosniff x-xss-protection: 1;mode=block referrer-policy: no-referrer-when-downgrade alt-svc: h3=":443"; ma=86400 cf-cache-status: BYPASS report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xlJW%2BNpv8GsM5kwER2NvFZMX%2FnhzPoEhfjNbQT9bi6aQ9tWvXd%2F%2FwumE1mTmo4G2JLAkizQfKbCHTjXg%2Bn1isukaV35ql2VkTSwabAApqtHuxpHM9fwL3MWgZMhSuVQ%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 875f19f8e80bb512-OSL X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (96)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/3

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers