Report - www.ramq.gouv.qc.ca/sites/default/files/documents/non_indexes/visualiseur-dsq

Report Overview

Submitted URL
www.ramq.gouv.qc.ca/sites/default/files/documents/non_indexes/visualiseur-dsq_v5-12.zip
IP
142.213.20.178
ASN
#11489 BACI
Submitted
2024-05-07 14:42:30
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
11

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.entrust.net	1208	1997-07-28	2014-01-10	2024-05-06	328 B	2.0 kB	184.24.45.171
www.ramq.gouv.qc.ca	780066	2000-10-23	2017-02-03	2023-10-24	541 B	20 MB	142.213.20.178

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.ramq.gouv.qc.ca/sites/default/files/documents/non_indexes/visualiseur-dsq_v5-12.zip
IP
142.213.20.178
ASN
#11489 BACI

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
20 MB (20342150 bytes)
Hash
2733b943eaba75091669536bdfc0ae09
f0848e54ca8da1b2f84155fa84a09c43a17e5e91
4c12f3fdcbf50ee32f5df576cdc3f2ec3de32c0a48e3f5ba1a2e2799618f5d08

Archive (72)

Filename

Md5

File type

LisezMoi 5.11.docx

9720bcd3bcee73e9212d06579d63986c

Microsoft Word 2007+

LisezMoi 5.11.pdf

e39d0c6a818196e65c4a13136239b9e1

PDF document, version 1.5, 2 pages (zip deflate encoded)

Args.ps1

33a41bab3132069a6f98d0ce241f982e

ISO-8859 text, with CRLF line terminators

Config.ps1

6500cd3712cc4c52d5bfdf515b8c4202

ISO-8859 text, with CRLF line terminators

Constantes.ps1

f27e70eeb3b755b1399098a39047f1b4

ISO-8859 text, with CRLF line terminators

IEIntegration.ps1

a78bde31a1773182da49ec8df4577d14

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Install.ps1

0378aa74de98c19c85895b7d3c878e69

Unicode text, UTF-8 text, with CRLF line terminators

Lib.ps1

e9c931243e1d1f522240fe735ffd9251

ISO-8859 text, with CRLF line terminators

PostUninstall.ps1

22f4576c7531b4315c14ac192cb51279

ISO-8859 text, with CRLF line terminators

PreUninstall.ps1

4bd46380f85aecac9fcf0aa1329da983

ISO-8859 text, with CRLF line terminators

Uninstall.ps1

2e94705c016997b6835d84076cc85a5b

Unicode text, UTF-8 text, with CRLF line terminators

Variables.ps1

8daeec251264feff845bc4697e1f469b

Unicode text, UTF-8 text, with CRLF line terminators

Infos.txt

648c5e23f25bb63b817a87dfa741adaf

Unicode text, UTF-8 text, with CRLF line terminators

Installation_Visualiseur.cmd

06182e1bc4d1c0397e8d20872e929624

DOS batch file, ASCII text, with CRLF line terminators

ScriptInstall.ps1

dc5df2c56cf7f042441b0478159b5212

ISO-8859 text, with CRLF line terminators

atl80.dll

3c7def3cbbca6284867aa4621d5d8a54

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

capicom.dll

9130cce19b5db3d2e31f9f789263fc4a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

crypt32.dll

efc958396a7a7ef7e6d4a52b97512e18

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

CryptoHelper.inf

a6e7c4d48eae56b9394d6f2711ce4487

Windows setup INFormation

CryptoHelperATL.dll

3d2b67df122f2c0e461034873f2f75a6

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

mfc80.dll

1b7524806d0270b81360c63a2fa047cb

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

Microsoft.VC80.ATL.manifest

d5a659b220ec3694c39a3ed33f4637ca

XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators

Microsoft.VC80.CRT.manifest

541423a06efdcd4e4554c719061f82cf

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF line terminators

Microsoft.VC80.MFC.manifest

97b859f11538bbe20f17dfb9c0979a1c

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF line terminators

msvcm80.dll

cae6861b19a2a7e5d42fefc4dfdf5ccf

PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 5 sections

msvcr80.dll

e4fece18310e23b1d8fee993e35e7a6f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

AC_emettrice_G3.cer

272bc25bf1c259a03c1f02edf5c49dd1

Certificate, Version=3

AC_emettrice_PARTE_G3.cer

8d73a73a96017dd2b259042906bb0082

Certificate, Version=3

certadm.dll

aed39116fe12c5550975043da1d1b244

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

certutil.exe

711db2ef10b6c2ab2080698aec6c6d08

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

PKI2015-racineparteG32015.cer

ff1bd7f3ca10e3390b5b6ec3ae9ecefa

Certificate, Version=3

PKI2015-racinesecursanteG32015.cer

1ff1cbb3a9a9ba481c859ce496a1ce69

Certificate, Version=3

FortiToken-FTK300-Minidriver-Setup_x64.msi

1fb9419674cdbcaf9d85b86ab1210ec2

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: FortiToken Installer, Author: Hypersecu Information Systems Inc, Keywords: Mindriver Installer, Comments: FortiToken is developed by Hypersecu., Template: x64;1033, Revision Number: {A7E0A946-5ACB-407F-A36C-80E8AA30D8BA}, Create Time/Date: Fri May 12 08:00:30 2023, Last Saved Time/Date: Fri May 12 08:00:30 2023, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2

FortiToken-FTK300-Setup_x64.msi

069410b20af9cfea9dd405cad3252dd3

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: FortiToken Installer, Author: Hypersecu Information Systems Inc, Keywords: Mindriver Installer, Comments: FortiToken is developed by Hypersecu., Template: x64;1033, Revision Number: {D8AF5215-1D7A-483C-87C3-7CB54087FBFE}, Create Time/Date: Fri Aug 25 01:42:40 2023, Last Saved Time/Date: Fri Aug 25 01:42:40 2023, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2

axaltocm.dll

d0334b10bc93a7629b64b207ab74805a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

axaltocm_x64.dll

ad4006ec753d6cc3c194f7ad23dc380c

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

SafeNet.Minidriver.IDPrime.cat

77ded97b8e31b9e08c5334c377fa8863

DER Encoded PKCS#7 Signed Data

SafeNet.Minidriver.IDPrime.inf

c057a5df2609401636d9de9d2c1c63f1

Windows setup INFormation

SafenetMD.dll

e8fea28e0932fc1b46fdce873e4aa8af

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

SafenetMD_x64.dll

f04dc9f7db6d5118d2c607cdf74333e4

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

GemCCID.cat

2a03294119edf2420b9f65bcc06142b1

DER Encoded PKCS#7 Signed Data

gemccid.inf

8a4b3b2cdc241735e98be7681c34ae8d

Windows setup INFormation

gemccid.PNF

7e3f91246f7a1927a11c9b287d504c86

Windows Precompiled iNF, version 3.1 (Windows Vista-8.1), flags 0x1000083, unicoded, has strings, at 0x4980 "Signature", InfVersionLastWriteTime Mon Oct 17 20:29:42 2016, at 0x60 WinDirPath, LanguageID 40c

GemCCID.sys

d9dd4df7c7ff10f4dbbb1fc3a0193bb8

PE32+ executable (native) x86-64, for MS Windows, 8 sections

GemCCID.pdb

25b56cb3ee3fd7f024df91ba1e7f1542

MSVC program database ver 7.00, 1024*867 bytes

GemCCID.cat

c3cd219380a6be669552e520c2f11781

DER Encoded PKCS#7 Signed Data

gemccid.inf

7b22ce6b6ca60852b1f716b0090298fa

Windows setup INFormation

GemCCID.sys

bc918d0a06770b25b083fd045fa18c08

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

GemCCID.pdb

2e1689b448e11f0df9846df6ebe15871

MSVC program database ver 7.00, 1024*987 bytes

GemPcCCID_en-us_32.msi

40c1f130d30c72fa7f26a955cafbe081

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: GemPcCCID Version 2.0.5, Author: Gemalto, Keywords: Installer, Comments: GemPcCCID Installer Version 2.0.5 for Windows 2000 32-bits and next OS releases, Template: Intel;1033, Revision Number: {2BF0728C-3216-4AFB-815F-DEE582A0E9DF}, Create Time/Date: Tue Nov 11 09:49:20 2014, Last Saved Time/Date: Tue Nov 11 09:49:20 2014, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.5.2519.0), Security: 2

GemPcCCID_en-us_64.msi

6a2ce47081a86d2d5ffe9c4406e11d35

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: GemPcCCID Version 2.0.5, Author: Gemalto, Keywords: Installer, Comments: GemPcCCID Installer Version 2.0.5 for Windows XP 64-bits and next OS releases, Template: x64;1033, Revision Number: {98F2DF03-86E4-4B2D-B2FA-96C91F7AFE28}, Create Time/Date: Tue Nov 11 09:51:10 2014, Last Saved Time/Date: Tue Nov 11 09:51:10 2014, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.5.2519.0), Security: 2

GemPcCCID_fr-fr_32.msi

a158cdeb7d3e52fc021da65afb21a33b

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: GemPcCCID Version 2.0.5, Author: Gemalto, Keywords: Installer, Comments: GemPcCCID Installer Version 2.0.5 for Windows 2000 32-bits and next OS releases, Template: Intel;1036, Revision Number: {FDA7B8B2-D518-44B9-BE20-12F86A04D665}, Create Time/Date: Tue Nov 11 09:50:02 2014, Last Saved Time/Date: Tue Nov 11 09:50:02 2014, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.5.2519.0), Security: 2

GemPcCCID_fr-fr_64.msi

bb27922b1511466172ff260b48d62dde

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: GemPcCCID Version 2.0.5, Author: Gemalto, Keywords: Installer, Comments: GemPcCCID Installer Version 2.0.5 for Windows XP 64-bits and next OS releases, Template: x64;1036, Revision Number: {29208F50-8174-4D3D-AEC8-CD31AA450D67}, Create Time/Date: Tue Nov 11 09:51:26 2014, Last Saved Time/Date: Tue Nov 11 09:51:26 2014, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.5.2519.0), Security: 2

create_shorcut_dsq_labo.vbs

ac3ad5d9c8b3e9631e523bfbd51cef74

ASCII text, with CRLF line terminators

Installation_Visualiseur Labortoire.bat

7dcace89a3e591e2dc77379c6bfa018a

Unicode text, UTF-8 (with BOM) text, with CRLF, LF line terminators

LogoDSQ.ico

37a7a5d6599cb4ae7f0f628e0ee37372

MS Windows icon resource - 6 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel

DSQ Formation.lnk

05c364b735038fb6c53cd1e1a56ffd6d

MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Fri May 21 13:17:07 2021, mtime=Tue Oct 12 13:10:58 2021, atime=Mon Oct 11 07:23:31 2021, length=3379608, window=hide

DSQ Production.lnk

ee68da29f3975da7739aac61b6d58366

Portail libre-service.rdp

18dc9cd795948a641deb507a297f4f89

Unicode text, UTF-16, little-endian text, with CRLF line terminators

ActiveX_x64.reg

dcc288ecd084e212a056bc26f969cc95

Windows Registry little-endian text (Win2K or above)

IE10_SiteDeConfiance_x64.reg

2aeff6e77947502a84c37e7f1d31e08e

Windows Registry little-endian text (Win2K or above)

IE10_SiteDeConfiance_x86.reg

ff662250e524054713fa1ebf22dced49

Windows Registry little-endian text (Win2K or above)

IE11_SiteDeConfiance_Win8.1_x64.reg

22f3a6f51da4c1e38c7bfdf3a9cdcbdf

Windows Registry little-endian text (Win2K or above)

IE11_SiteDeConfiance_x64.reg

9c455ac7f3ca6e6eb81986bb661b4991

Windows Registry little-endian text (Win2K or above)

IE11_SiteDeConfiance_x86.reg

c2d3b55b93610c8ca755fb9ee94519c7

Windows Registry little-endian text (Win2K or above)

IE9_CompatibilityView_x64.reg

d02e5dd0d46c64497d83cfc7f8044057

Unicode text, UTF-16, little-endian text, with CRLF line terminators

IE9_CompatibilityView_x86.reg

d02e5dd0d46c64497d83cfc7f8044057

Unicode text, UTF-16, little-endian text, with CRLF line terminators

ModuleUsage_x64.reg

548d0cacd1488f29a6395133bc847033

Windows Registry little-endian text (Win2K or above)

TrustedSites_x64.reg

8ec390833fa4668490c1fafb9d264f07

Windows Registry little-endian text (Win2K or above)

TrustedSites_x86.reg

98c7c796995a497609d61841d1bc2cff

Windows Registry little-endian text (Win2K or above)

TrustedSites_x86.reg.temp

742c8d6d7d4b4bae9a7e0b5b747102e3

Windows Registry little-endian text (Win2K or above)

Visualiseur DSQ_V5.12_WIN7_Edge (1).zip

1cb110dc6b41468da53d85abd38be5d4

Zip archive data, at least v2.0 to extract, compression method=store

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies download artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies download artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	ocsp.entrust.net/	184.24.45.171		1.6 kB
URL ocsp.entrust.net/ IP 184.24.45.171:0 ASN #16625 AKAMAI-AS File type data Size 1.6 kB (1588 bytes) Hash 0850ae3738d414d8f3a63c5a7ae0966e b665a27b0fc7fd05baf44b198b84bfe419369731 8f99dd1ea2494b61f117a1768ace021a88c2c09f0bbbb31311c095fd68d52cec HTTP Headers `POST / HTTP/1.1 Host: ocsp.entrust.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response ETag: "8F99DD1EA2494B61F117A1768ACE021A88C2C09F0BBBB31311C095FD68D52CEC" Last-Modified: Tue, 07 May 2024 04:00:00 UTC Content-Length: 1588 Cache-Control: public, no-transform, must-revalidate, max-age=3568 Expires: Tue, 07 May 2024 15:41:26 GMT Date: Tue, 07 May 2024 14:41:58 GMT Connection: keep-alive`

	www.ramq.gouv.qc.ca/sites/default/files/documents/non_indexes/visualiseur-dsq_v5-12.zip	142.213.20.178	200 OK	20 MB
URL User Request GET HTTP/1.1 www.ramq.gouv.qc.ca/sites/default/files/documents/non_indexes/visualiseur-dsq_v5-12.zip IP 142.213.20.178:443 ASN #11489 BACI Certificate IssuerEntrust, Inc. Subject.ramq.gouv.qc.ca FingerprintB8:55:E3:9A:D1:74:9E:22:CC:BC:A2:08:B4:EC:60:3E:FA:98:F8:D3 ValidityTue, 19 Sep 2023 15:48:02 GMT - Tue, 15 Oct 2024 15:48:01 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 20 MB (20342150 bytes) Hash 2733b943eaba75091669536bdfc0ae09 f0848e54ca8da1b2f84155fa84a09c43a17e5e91 4c12f3fdcbf50ee32f5df576cdc3f2ec3de32c0a48e3f5ba1a2e2799618f5d08 HTTP Headers GET /sites/default/files/documents/non_indexes/visualiseur-dsq_v5-12.zip HTTP/1.1 Host: www.ramq.gouv.qc.ca User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 OK via: varnish content-length: 20342150 content-type: application/zip expires: Wed, 07 May 2025 14:41:58 GMT last-modified: Thu, 11 Apr 2024 20:29:55 GMT accept-ranges: bytes age: 0 server: Microsoft-IIS/10.0 x-content-type-options: nosniff x-request-id: v-f54b4c6e-0c7f-11ef-994c-c7a28419d912 x-ah-environment: prod x-cache: MISS x-powered-by: ARR/3.0, ASP.NET date: Tue, 07 May 2024 14:41:58 GMT set-cookie: eth834=5030\|Zjo9u\|Zjo9u; path=/; Secure cache-control: max-age=31536000, private strict-transport-security: max-age=31536000; includeSubDomains; preload;

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (72)

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers