Report - www.morkoskhalaf.com/ankhtech/Toolbox/ATToolbox/Temp/Portable/compressed/Wub.exe

Report Overview

Visitedpublic

2025-01-20 11:20:21

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
www.morkoskhalaf.com	unknown	2020-03-24	2023-03-28	2025-01-14	721 B	1.1 MB	172.67.161.108

No alerts detected

No alerts detected

No alerts detected

No alerts detected

No alerts detected

URL

www.morkoskhalaf.com/ankhtech/Toolbox/ATToolbox/Temp/Portable/compressed/Wub.exe

IP / ASN

104.21.90.214

#13335 CLOUDFLARENET

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=store

Size1.1 MB (1069677 bytes)

MD539787969b6d7f5ed64faf3385442335b

SHA161b312e1cc2721a785b9596b27687541f5b8169f

SHA256ba2563e06801d3c7360c5ba2459cc24456f301e546489393d86b97ab82d7c0c2

Archive (4)

Modified	Filename	Size	MD5	File type
2023-06-08 21:35	VersionInfo.txt	2.8 kB	e5316699929d6736e9c0c3b638ec8c2a	ISO-8859 text, with CRLF line terminators
2023-06-09 21:57	Wub.exe	810 kB	82aff8883099cf75462057c4e47e88ac	PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
2024-09-26 23:12	Wub.ini	102 kB	dde773082a46430b53bbfee19d8bb56f	Unicode text, UTF-16, little-endian text, with CRLF line terminators
2023-06-09 21:57	Wub_x64.exe	962 kB	9d6778f7f274f7ecd4e7e875a7268b64	PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies compiled AutoIT script (as EXE).
Public InfoSec YARA rules	malware	Identifies compiled AutoIT script (as EXE).

	URL	IP	Response	Size