Report - up.asklink.com.cn:8769/AskLink-Installer-v3.5.6.1-x64-20240904-1548.exe

Report Overview

Visitedpublic

2024-10-31 20:51:31

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
up.asklink.com.cn	unknown	2024-07-17	2024-10-31	2024-10-31	441 B	20 MB	117.143.60.202

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-10-31 20:51:05	high	117.143.60.202	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-10-31	medium	up.asklink.com.cn:8769/AskLink-Installer-v3.5.6.1-x64-20240904-1548.exe	pe_detect_tls_callbacks

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

up.asklink.com.cn:8769/AskLink-Installer-v3.5.6.1-x64-20240904-1548.exe

IP / ASN

117.143.60.202

#24400 Shanghai Mobile Communications Co.,Ltd.

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 11 sections

Size20 MB (20173544 bytes)

MD59d9c8796e7b0d159e20b13ae230925de

SHA1b01da7569c38d92a904ff33ef6aaaab581c18434

SHA2569c5ed4681b88992a0b0035089c65365c0a699a95c9831be91daf16ccf41191b7

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	pe_detect_tls_callbacks
VirusTotal	suspicious	VirusTotal - Scan result 1/73

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

up.asklink.com.cn:8769/AskLink-Installer-v3.5.6.1-x64-20240904-1548.exe

117.143.60.202

200 OK

20 MB

URL HTTP

up.asklink.com.cn:8769/AskLink-Installer-v3.5.6.1-x64-20240904-1548.exe

IP / ASN

117.143.60.202

#24400 Shanghai Mobile Communications Co.,Ltd.

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 11 sections

First Seen2024-10-31

Last Seen2024-10-31

Times Seen1

Size20 MB (20173544 bytes)

MD59d9c8796e7b0d159e20b13ae230925de

SHA1b01da7569c38d92a904ff33ef6aaaab581c18434

SHA2569c5ed4681b88992a0b0035089c65365c0a699a95c9831be91daf16ccf41191b7

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	pe_detect_tls_callbacks
VirusTotal	suspicious	VirusTotal - Scan result 1/73

HTTP Headers

GET /AskLink-Installer-v3.5.6.1-x64-20240904-1548.exe HTTP/1.1
Host: up.asklink.com.cn:8769
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Nginx
Date: Thu, 31 Oct 2024 20:51:03 GMT
Content-Type: application/octet-stream
Content-Length: 20173544
Last-Modified: Wed, 04 Sep 2024 07:48:52 GMT
Connection: close
ETag: "66d810e4-133d2e8"
Accept-Ranges: bytes