Report - w12evo.com/ControleAcesso/Dll2.zip

Report Overview

Submitted URL
w12evo.com/ControleAcesso/Dll2.zip
IP
20.226.123.32
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2024-04-24 14:45:31
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
w12evo.com	unknown	2016-04-11	2016-09-30	2024-04-17	488 B	11 MB	20.226.123.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
w12evo.com/ControleAcesso/Dll2.zip
IP
20.226.123.32
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
11 MB (11378894 bytes)
Hash
e027dda17f752b58a02d4cd43a06813e
32765496f42c4d248af7e3bd8a9e0e6ef5b5cc62
546590bcfec283cbe0b58e79b58dfdd7c531b2f5a7eca00e8370916c0f4442e6

Archive (36)

Filename

Md5

File type

msvcp90.dll

871f979d70414c900b35e56222932daf

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

msvcp100.dll

e3c817f7fe44cc870ecdbcbc3ea36132

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

msvcp110.dll

3e29914113ec4b968ba5eb1f6d194a0a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

msvcp120.dll

fd5cabbe52272bd76007b68186ebaf00

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

msvcp140.dll

0a252601b942f683c2c60beacb4f1a72

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections

msvcr80.dll

e4fece18310e23b1d8fee993e35e7a6f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

msvcr90.dll

4d03ca609e68f4c90cf66515218017f8

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

msvcr100.dll

bf38660a9125935658cfa3e53fdc7d65

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

msvcr110.dll

4ba25d2cbe1587a841dcfb8c8c4a6ea6

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

msvcr120.dll

034ccadc1c073e4216e9466b720f9849

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

NBiometricClient.dll

12ca14cd326bfce42a8c02f25605c533

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

NBiometrics.dll

47b8d1c9536de9cf60a57c565ec90a47

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections

NCore.dll

1245175c117e748ebae75b393d72bd6b

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

NDevices.dll

a33e9dd8ab9b83b05fc4e7156009e32f

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

NdmMedia.dll

94999d9e169a9aa7d443e1a77c10e015

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

NdmMedia.ini

31cce394bd10feeea0289269331cfe63

Generic INItialization configuration [VideoSource]

NdmOnvif.dll

c79f40c22e508c429b5a2f310c2a983d

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

NdmOnvif.ini

af0d8c8e854d8575a7a95d5d4bfd12c2

ASCII text, with CRLF line terminators

NdmVirtual.dll

2f2a637123f58fe678edaf38c09116c9

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

Neurotec.Accelerator.Admin.Rest.dll

544434d4bde8aaa8b945918b8d838a5d

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Neurotec.Media.Processing.dll

1c2da23a44e76b850bb850754f0720ea

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

NLicensing.dll

599660b0406c433bbe553ae0332f25b5

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

NMedia.dll

ecd4b090ff9cdd1ac771bcf45f4261e9

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

NMediaProc.dll

ffbe14a0a38b62c83edbd88f0a570dbb

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

pg.exe

7eb49d84b10f0fdbbb539ea9f1199531

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

pgd.conf

799ff3bc26a186b52f13fa39c64bb0e6

ASCII text, with CRLF line terminators

vccorlib140.dll

2047ab819ee3ea68890d27cb327cfd99

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

vcruntime140.dll

f4b8a73c18e65eb5af950751eb71994a

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

ActivationWizard.exe

7e896e7298256d3e5875c06f881e8243

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

concrt140.dll

f0faacd505c45b84534eef1d29b7538b

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

cpprest140_2_9.dll

851346032fa12fb2cc44db55190ac35f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

id_gen.exe

07acfd2ad6cd0ba827602c31177092e2

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

libiomp5md.dll

b56f38b7a96296af0200c5358c7564c0

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 9 sections

LiveMedia.dll

0b9d9626865ea2ffc7cb41480e629d6a

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

mkl_tiny.dll

ae30f65206fd1be5369e472e8aa493d6

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

msvcp80.dll

4c8a880eabc0b4d462cc4b2472116ea1

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	w12evo.com/ControleAcesso/Dll2.zip	20.226.123.32	200 OK	11 MB
URL User Request GET HTTP/2 w12evo.com/ControleAcesso/Dll2.zip IP 20.226.123.32:443 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Certificate IssuerGoDaddy.com, Inc. Subjectwww.w12evo.com FingerprintDD:CC:0E:4F:33:AC:7A:30:AA:EB:7A:7A:2E:E7:63:2A:72:A9:76:D9 ValiditySun, 08 Oct 2023 18:05:46 GMT - Sun, 14 Jul 2024 23:56:07 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 11 MB (11378894 bytes) Hash e027dda17f752b58a02d4cd43a06813e 32765496f42c4d248af7e3bd8a9e0e6ef5b5cc62 546590bcfec283cbe0b58e79b58dfdd7c531b2f5a7eca00e8370916c0f4442e6 HTTP Headers `GET /ControleAcesso/Dll2.zip HTTP/1.1 Host: w12evo.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK content-type: application/x-zip-compressed last-modified: Wed, 01 Feb 2023 01:16:52 GMT accept-ranges: bytes etag: "113ef3ddda35d91:0" server: Microsoft-IIS/10.0 x-powered-by: ASP.NET date: Wed, 24 Apr 2024 14:44:58 GMT content-length: 11378894 X-Firefox-Spdy: h2`

w12evo.com/ControleAcesso/Dll2.zip

20.226.123.32

200 OK

11 MB

URL User Request GET HTTP/2
w12evo.com/ControleAcesso/Dll2.zip
IP
20.226.123.32:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerGoDaddy.com, Inc.
Subjectwww.w12evo.com
FingerprintDD:CC:0E:4F:33:AC:7A:30:AA:EB:7A:7A:2E:E7:63:2A:72:A9:76:D9
ValiditySun, 08 Oct 2023 18:05:46 GMT - Sun, 14 Jul 2024 23:56:07 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
11 MB (11378894 bytes)
Hash
e027dda17f752b58a02d4cd43a06813e
32765496f42c4d248af7e3bd8a9e0e6ef5b5cc62
546590bcfec283cbe0b58e79b58dfdd7c531b2f5a7eca00e8370916c0f4442e6

HTTP Headers

GET /ControleAcesso/Dll2.zip HTTP/1.1
Host: w12evo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-zip-compressed
last-modified: Wed, 01 Feb 2023 01:16:52 GMT
accept-ranges: bytes
etag: "113ef3ddda35d91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 24 Apr 2024 14:44:58 GMT
content-length: 11378894
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (36)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers