Report - download.niulinkcloud.com/init/antup-win.exe

Report Overview

Visitedpublic

2025-05-24 14:05:13

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
download.niulinkcloud.com	unknown	2022-02-15	2022-10-12	2025-05-22	512 B	2.3 MB	115.231.29.24

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-05-24	medium	download.niulinkcloud.com/init/antup-win.exe	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

download.niulinkcloud.com/init/antup-win.exe

IP / ASN

115.231.29.24

#58461 CT-HangZhou-IDC

File Overview

File TypePE32+ executable (console) x86-64, for MS Windows, 3 sections

Size2.3 MB (2348032 bytes)

MD5d99018e39b8ad1bd8fe106f0509be072

SHA1a4ffc7560d40dddc928fcf114e71251b9350e4e1

SHA256fb95aa9d246ff415569c259fefd7bf9f0a74709470463b2e416da2d00cb89ced

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
VirusTotal	malicious	VirusTotal - Scan result 13/72

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET download.niulinkcloud.com/init/antup-win.exe

115.231.29.24

200 OK

2.3 MB

URL User Request GET HTTPS

download.niulinkcloud.com/init/antup-win.exe

IP / ASN

115.231.29.24

#58461 CT-HangZhou-IDC

Requested byN/A

Resource Info

File typePE32+ executable (console) x86-64, for MS Windows, 3 sections

First Seen2025-05-22

Last Seen2025-05-24

Times Seen2

Size2.3 MB (2348032 bytes)

MD5d99018e39b8ad1bd8fe106f0509be072

SHA1a4ffc7560d40dddc928fcf114e71251b9350e4e1

SHA256fb95aa9d246ff415569c259fefd7bf9f0a74709470463b2e416da2d00cb89ced

Certificate Info

IssuerTrustAsia Technologies, Inc.

Subject*.niulinkcloud.com

Fingerprint36:14:EF:41:9C:C1:B3:A7:02:7D:CA:2B:D8:1C:D1:65:AE:49:FE:47

ValidityMon, 17 Feb 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
VirusTotal	malicious	VirusTotal - Scan result 13/72

HTTP Headers

GET /init/antup-win.exe HTTP/1.1
Host: download.niulinkcloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Sat, 24 May 2025 14:04:42 GMT
content-type: application/x-msdownload
content-length: 2348032
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: X-Log, X-Reqid
access-control-max-age: 2592000
cache-control: public, max-age=31536000
content-disposition: inline; filename="antup-win.exe"; filename*=utf-8''antup-win.exe
content-md5: 2ZAY45uK0b2P4QbwUJvgcg==
content-transfer-encoding: binary
etag: "FqT_x1YNQN3cko_PEU5xJRuTUOTh"
last-modified: Sun, 27 Apr 2025 01:16:53 GMT
x-reqid: fmsAAABUSFyUe0IY
x-svr: IO
x-qiniu-zone: 0
x-log: X-Log
X-Firefox-Spdy: h2