Report Overview
Visitedpublic
2024-02-06 01:07:23
Tags
Submit Tags
URL
www.sordum.org/files/download/windows-update-blocker/Wub_v1.8.zip
Finishing URL
about:privatebrowsing
IP / ASN
185.146.22.240
#55293 A2HOSTING
Title
about:privatebrowsing

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Host Summary

HostRankRegisteredFirst SeenLast Seen
www.sordum.org
unknown2013-01-302013-02-02 12:06:182024-02-03 15:13:45

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected


OpenPhish

No alerts detected


PhishTank

No alerts detected


mnemonic secure dns

No alerts detected


Quad9 DNS

No alerts detected


ThreatFox

No alerts detected


File detected

URL
www.sordum.org/files/download/windows-update-blocker/Wub_v1.8.zip
IP / ASN
185.146.22.240
#55293 A2HOSTING
File Overview
File TypeZip archive data, at least v2.0 to extract, compression method=store
Size1.1 MB (1068831 bytes)
MD55fd1b0e659656435c16f04215c4623ae
SHA17ef526b3288b0bfa3fb4043c56e84b293041a410
Archive (4)
FilenameMD5File type
ReadMe.txte5316699929d6736e9c0c3b638ec8c2aISO-8859 text, with CRLF line terminators
Wub.exe82aff8883099cf75462057c4e47e88acPE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
Wub.inia16bf55cd2ef7d9e56565b0ed1aa208aUnicode text, UTF-16, little-endian text, with CRLF line terminators
Wub_x64.exe9d6778f7f274f7ecd4e7e875a7268b64PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

Detections

AnalyzerVerdictAlert
YARAhub by abuse.chmalware
meth_get_eip
Public InfoSec YARA rulesmalware
Identifies compiled AutoIT script (as EXE).
Public InfoSec YARA rulesmalware
Identifies compiled AutoIT script (as EXE).

JavaScript (0)

HTTP Transactions (1)

URLIPResponseSize