Report - fileservice.gtainside.com/downloads/ftpl/1614966092_simple_native_trainer_1.2.0.43_eng.zip

Report Overview

Submitted URL
fileservice.gtainside.com/downloads/ftpl/1614966092_simple_native_trainer_1.2.0.43_eng.zip
IP
104.26.6.91
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-17 20:04:08
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
9

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fileservice.gtainside.com	unknown	2004-05-20	2020-01-03	2024-04-17	544 B	4.6 MB	104.26.6.91

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
fileservice.gtainside.com/downloads/ftpl/1614966092_simple_native_trainer_1.2.0.43_eng.zip
IP
104.26.6.91
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
4.6 MB (4617115 bytes)
Hash
df69159b8767994cf70d667910138dd8
e4efb424cb3f71b3bb6164f79b00d8adc7510d80
0fb0233115ddcc28c8317bb472bcf55c0e27dd697d9f399ee5d3588c1a4daf06

Archive (12)

Filename

Md5

File type

dsound.dll

73e2e1a9d20821cc529207d5e37a0e38

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

ScriptHook.dll

7260b388aac8329c3cf615084aa7db83

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ScriptHookDotNet.asi

870d4c53bf5a48148ab18614e60e7745

PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 5 sections

Trainer.asi

b3bbdbf239e71d94a3a2b0be56a15d7c

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

trainer.ini

58740f4873a2c4b4422ca4445526fef7

ASCII text, with CRLF line terminators

Trainertbogt.asi

3ab5f740e783211ce14738383c611018

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

trainertbogt.ini

b92eda32a0a585aa9f41db5c53925b77

ASCII text, with CRLF line terminators

Trainertlad.asi

5a3f1e2d05d705037574375f2cecfcef

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

trainertlad.ini

321f98640fc882a60fec178daa50eafc

ASCII text, with CRLF line terminators

aCompleteEditionHook.asi

341d75d3f13e29c6db855f227657373c

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

AdvancedHook.dll

a379ebcb8ea38326864f97d74b11552b

PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 5 sections

AdvancedHookInit.asi

c757e1f4106ad96236d5c3672ae537bc

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

fileservice.gtainside.com/downloads/ftpl/1614966092_simple_native_trainer_1.2.0.43_eng.zip

104.26.6.91

200 OK

4.6 MB

URL User Request GET HTTP/2
fileservice.gtainside.com/downloads/ftpl/1614966092_simple_native_trainer_1.2.0.43_eng.zip
IP
104.26.6.91:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint8E:48:16:87:A6:02:FE:C1:5E:31:EF:8A:3E:AA:4B:26:C6:C3:67:6F
ValiditySun, 28 May 2023 00:00:00 GMT - Mon, 27 May 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
4.6 MB (4617115 bytes)
Hash
df69159b8767994cf70d667910138dd8
e4efb424cb3f71b3bb6164f79b00d8adc7510d80
0fb0233115ddcc28c8317bb472bcf55c0e27dd697d9f399ee5d3588c1a4daf06

HTTP Headers

GET /downloads/ftpl/1614966092_simple_native_trainer_1.2.0.43_eng.zip HTTP/1.1
Host: fileservice.gtainside.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 20:03:40 GMT
content-type: application/zip
content-length: 4617115
last-modified: Fri, 05 Mar 2021 17:41:32 GMT
etag: "46739b-5bccd983f1647"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pa2%2F7gMwpOa1N0KyfNQcE985SvIFGX3QQ0VsJLQFE5eCE5%2B0ies0JkZiUzisVbuUPg696afbhBCRSaB3nbkvUTgFaNSVnfcwHp0uphIRS8UCR8833QBJYNpMayid5tAxRcSkeobZm%2BSNRn8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875f0512e95256a4-OSL
X-Firefox-Spdy: h2