Report - installpack.net/InstallPack.exe?preselecteditems=wise-disk-cleaner&ga_cn=direct&ga

Report Overview

Visitedpublic

2024-04-03 01:06:17

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
installpack.net	unknown	2015-07-03	2015-07-04 17:12:10	2024-03-28 04:29:20	565 B	568 B	176.99.5.252
scdn.softcdn.ru	unknown	2015-08-26	2016-03-22 14:58:16	2024-03-28 04:29:00	583 B	740 B	195.201.247.90
ip.apps-windows.com	unknown	2018-11-13	2019-02-20 02:31:46	2024-03-28 11:42:16	776 B	2.8 MB	195.201.247.90

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-04-03	medium	ip.apps-windows.com/InstallPack.exe?preselecteditems=wise-disk-cleaner&cid=&uid=&type=ip&ga_ci=blknstl_ruopera&singleRename=1&sign=1&ga_an=&ga_cn=direct&ga_cs=isg&ga_cm=&ga_ck=isg&ga_cc=&utm_source=&utm_campaign=&utm_medium=&uagent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&abs=1	Detects suspicious SFX as used by Gamaredon group

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

ip.apps-windows.com/InstallPack.exe?preselecteditems=wise-disk-cleaner&cid=&uid=&type=ip&ga_ci=blknstl_ruopera&singleRename=1&sign=1&ga_an=&ga_cn=direct&ga_cs=isg&ga_cm=&ga_ck=isg&ga_cc=&utm_source=&utm_campaign=&utm_medium=&uagent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&abs=1

IP / ASN

195.201.247.90

#24940 Hetzner Online GmbH

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Size2.8 MB (2798808 bytes)

MD57501d485f2602bb23f5bdd9e1c1ba45c

SHA165020b17ac53fc7bb4a8db723220f9a2bc11a547

SHA256915deb6fb5559c5feaf1991f13ecda7f42c6fba8c1ceea99b701ed4ae95b8fd1

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects suspicious SFX as used by Gamaredon group
VirusTotal	malicious	VirusTotal - Scan result 26/71

JavaScript (0)

HTTP Transactions (3)

	URL	IP	Response	Size