{"report_id":"4651450a-b67e-404b-863b-9c6e407efed9","version":6,"status":"done","tags":[],"date":"2024-11-21T11:18:24Z","url":{"schema":"http","addr":"hwres.ldmnq.com/remote/driver/adb_interface_usb_driver.7z","fqdn":"hwres.ldmnq.com","domain":"ldmnq.com","tld":"com"},"ip":{"addr":"90.84.161.21","port":0,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-01-30T11:18:23Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"hwres.ldmnq.com","ip":{"addr":"90.84.161.16","port":443,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":8505213,"sent_data":511,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"3bb8cdaddb894dd814e89143d7db57de","sha1":"c53f5978257e7c9628a33d070df2473f47f92a01","sha256":"348ec6f4e2addf7c62f5b8cc9414debfa93217fecbdeb70750345fe42a141b03","sha512":"2cc8ea3bcf85d3b2c9f90b66ba208597c8c81f9782b477eee070cec5a39dd6c0f6f2f15c8f8c159cef0de13f953896756dba3205c418a47983856b69d74bd529","magic":"7-zip archive data, version 0.4","size":8504452,"url":{"schema":"https","addr":"hwres.ldmnq.com/remote/driver/adb_interface_usb_driver.7z","fqdn":"hwres.ldmnq.com","domain":"ldmnq.com","tld":"com"},"ip":{"addr":"90.84.161.16","port":443,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"archive":[{"path":".DS_Store","filename":".DS_Store","modified":"","Modified":"2011-08-06T06:17:32Z","magic":"Apple Desktop Services Store","size":6148,"md5":"bd2b8f0608e095d1079f37acc1668367","sha1":"c4aa8de157fb485ef1800796e5236d57da7a12b7","sha256":"5d6192282242764e087b40d9b8e8b4671f3607af927d1773d4c486a92ffd6dba","sha512":"c82c406da778904ff01948dc8b20b2c78c3e46dc628ba7d682147620aadc03b6ac660e8dd0f713f5995d94a23c7574aa723110e95c2dac00d81e1ebbdc085091","alerts":{"urlquery":null,"analyzer":null}},{"path":"amd64/NOTICE","filename":"NOTICE","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"ASCII text","size":236,"md5":"ea7f2158b930baf2c0fe799566489716","sha1":"f103d72fd8ee8240aab21f526ed0e4c8ee3a1525","sha256":"a19b767b9ddda7306c78232e4a223d0ba966471b74dce3c0c995307cab5bf7b7","sha512":"20351c59a906dff9622625f12e3bbe0b2260999913d4b2f18ec43e66656f1a9251e2462f269c7919f59c89a9b4569d505a095b50d8cfccfe0d37c0abf9ff79cb","alerts":{"urlquery":null,"analyzer":null}},{"path":"androidwinusb86.cat","filename":"androidwinusb86.cat","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"DER Encoded PKCS#7 Signed Data","size":9103,"md5":"fc66bc6e13ba86196f5a5ba805955556","sha1":"d9ede73877a0cd581b33fa5a0e014893c9b73185","sha256":"e5b47fba7ae210bf4543ba134bf7bbd89efe0e6e938416d6c2d1d30706d4b469","sha512":"158bc16a36b92de28a6115d86f9719d20c85dbccdc588da76f4924e2984a5aebcbcd6fc1328b251696450c2a7aacbd80f69c38e09edddcb293f1ff438edc58dd","alerts":{"urlquery":null,"analyzer":null}},{"path":"androidwinusba64.cat","filename":"androidwinusba64.cat","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"DER Encoded PKCS#7 Signed Data","size":9139,"md5":"fce8a89a4f1ffe187ed7301eb9b336e1","sha1":"1b60fb129b4fac082ce2a7dbe08ab12386d05ee9","sha256":"789ed6bbaeff32b57c23cb5e695f3c7e3409b88325b47d82110b0a1be88f4b4e","sha512":"a22b29aa6fc3114f5cab23591eac8589a19e875ed622285005940db18a4cd4f2a1f42f4a9502be4c97463037f8c204557d288ddc1445aeeb4aac89d0503e7c12","alerts":{"urlquery":null,"analyzer":null}},{"path":"android_winusb.inf","filename":"android_winusb.inf","modified":"","Modified":"2011-08-24T09:08:04Z","magic":"Windows setup INFormation","size":2660,"md5":"3820d8f28c63d7bec307a881a60fbc20","sha1":"3dc4dfae92a9892cf4be9bd6c2d01f667462a0e8","sha256":"0ccdc1d638abbd213d3714146194f43e23fae8af8617a2ec9c67dbcfeaf7c60c","sha512":"949e2e0d88867791f3ae16ed1f626065b10a8e6691c7b265e4886528ee1b49b86adab863889106696236d0a76159fe58d0ad5fdd79b3bc8bd85f8b9b2b4aae3e","alerts":{"urlquery":null,"analyzer":null}},{"path":"en-US/PnPutil.exe.mui","filename":"PnPutil.exe.mui","modified":"","Modified":"2011-04-12T14:45:21Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows","size":8192,"md5":"8d057cdf57cc8e684251a87d4b754952","sha1":"d8834148974b966535f23790c6bee6f84851fd65","sha256":"7070f15dba92fe886f6c8c4b8f0aa442b9ef57fd6fe76fbb1a0806131cb037e6","sha512":"c32f08772da791a2a0ed5554bfd3df881fa6f912c7a7e8a8c695865dc5491b5662c22e579c8786a552b12e1e59b3315f024098912f40ff8206d52435cad89664","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-21","alert":"Detect pe file that no import table","trigger":"en-US/PnPutil.exe.mui","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"i386/NOTICE","filename":"NOTICE","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"ASCII text","size":236,"md5":"ea7f2158b930baf2c0fe799566489716","sha1":"f103d72fd8ee8240aab21f526ed0e4c8ee3a1525","sha256":"a19b767b9ddda7306c78232e4a223d0ba966471b74dce3c0c995307cab5bf7b7","sha512":"20351c59a906dff9622625f12e3bbe0b2260999913d4b2f18ec43e66656f1a9251e2462f269c7919f59c89a9b4569d505a095b50d8cfccfe0d37c0abf9ff79cb","alerts":{"urlquery":null,"analyzer":null}},{"path":"linux.inf","filename":"linux.inf","modified":"","Modified":"2011-08-24T09:08:24Z","magic":"Windows setup INFormation","size":6507,"md5":"2563aebd3b08266b1c2db0f96a4d27a3","sha1":"8938504d15350bda04b6b9e56c518294de6a2809","sha256":"c93593a4bde00427ad9cc992aba76d596f1d4dcd52a8f3db2022b1be1a9f0cac","sha512":"fb1053fdd256ca1ea05f0232469b9fd7cfb2b826e3cb72fe9b0f9d5916ed4e8367c84f513ec9a3840648d8ffb043c96d4fcc1f023dc79ae257cd57e1c4e0f2e9","alerts":{"urlquery":null,"analyzer":null}},{"path":"source.properties","filename":"source.properties","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"ASCII text, with very long lines (16110), with CRLF line terminators","size":16444,"md5":"b7bf2bbe67dc8672d568af77c0bc3eeb","sha1":"a60d375268c2a78f9ab67a465d68773a906e299c","sha256":"d8edfae25b39759c30b9426325313266759d065a67759910a76b2bc2578ec969","sha512":"2019079d60ed00fcf36a6f8e3ba78f1453b2d5eabae60149d43396af55cd8e612032c7edcbefb338072a91f7816b0d51b220ab0e1ab894de35f7814d1e42f3c4","alerts":{"urlquery":null,"analyzer":null}},{"path":"zh-CN/PnPutil.exe.mui","filename":"PnPutil.exe.mui","modified":"","Modified":"2011-04-12T14:45:20Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows","size":6656,"md5":"1985a9607c2cf38ddd84528f65244d38","sha1":"088613193e53169c1133703ad073c06694e5a4ac","sha256":"5baac5edff1d033f617f4631ea6b69bb24d2affba072034a9cf438f2e8d43298","sha512":"f1636259b86931314e8349e133db6723c724eeb97ffa2973aa082d896c3bdafe019975d19742398a61dcafc21846a3e3f72b0dd3cb392bebf40b7a9918dfae74","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-21","alert":"Detect pe file that no import table","trigger":"zh-CN/PnPutil.exe.mui","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"amd64/WdfCoInstaller01009.dll","filename":"WdfCoInstaller01009.dll","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections","size":1721576,"md5":"4da5da193e0e4f86f6f8fd43ef25329a","sha1":"68a44d37ff535a2c454f2440e1429833a1c6d810","sha256":"18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e","sha512":"b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853","alerts":{"urlquery":null,"analyzer":null}},{"path":"amd64/winusbcoinstaller2.dll","filename":"winusbcoinstaller2.dll","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections","size":1002728,"md5":"246900ce6474718730ecd4f873234cf5","sha1":"0c84b56c82e4624824154d27926ded1c45f4b331","sha256":"981a17effddbc20377512ddaec9f22c2b7067e17a3e2a8ccf82bb7bb7b2420b6","sha512":"6a9e305bfbfb57d8f8fd16edabef9291a8a97e4b9c2ae90622f6c056e518a0a731fbb3e33a2591d87c8e4293d0f983ec515e6a241792962257b82401a8811d5c","alerts":{"urlquery":null,"analyzer":null}},{"path":"amd64/WUDFUpdate_01009.dll","filename":"WUDFUpdate_01009.dll","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections","size":2152176,"md5":"ebf9ee8a7671f3b260ed9b08fcee0cc5","sha1":"d9688d1849a86dd209732529375c6ada272ff8fd","sha256":"015f26bbcd619a0b67b5eaa985b69582bac27d5cbca99ce747a76532fcde4aff","sha512":"ea869026b73b4c3d0249beb1fe81efc8b2686d66c5ddf916d314c21989e68a12191efc2a32ef13caf2676327159e95fc4e69100fc09df5a7bbf5c019ea383dd8","alerts":{"urlquery":null,"analyzer":null}},{"path":"i386/WdfCoInstaller01009.dll","filename":"WdfCoInstaller01009.dll","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections","size":1461992,"md5":"a9970042be512c7981b36e689c5f3f9f","sha1":"b0ba0de22ade0ee5324eaa82e179f41d2c67b63e","sha256":"7a6bf1f950684381205c717a51af2d9c81b203cb1f3db0006a4602e2df675c77","sha512":"8377049f0aaef7ffcb86d40e22ce8aa16e24cad78da1fb9b24edfbc7561e3d4fd220d19414fa06964692c54e5cbc47ec87b1f3e2e63440c6986cb985a65ce27d","alerts":{"urlquery":null,"analyzer":null}},{"path":"i386/winusbcoinstaller2.dll","filename":"winusbcoinstaller2.dll","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections","size":851176,"md5":"8e7b9f81e8823fee2d82f7de3a44300b","sha1":"1633b3715014c90d1c552cd757ef5de33c161dee","sha256":"ebe3b7708dd974ee87efed3113028d266af87ca8dbae77c47c6f7612824d3d6c","sha512":"9ae37b2747589a0eb312473d895ef87404f4a395a27e15855826a75b4711ea934ca9a2b289df0abe0a8825dec2d5654a0b1603cf0b039fe25662359b730ce1a9","alerts":{"urlquery":null,"analyzer":null}},{"path":"i386/WUDFUpdate_01009.dll","filename":"WUDFUpdate_01009.dll","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections","size":1837296,"md5":"e1bbe9e3568cf54598e9a8d23697b67e","sha1":"92e15dcab8dda0d4bf9cc9ae98e273567d3ecd57","sha256":"a902bb3bff785faaeb6432be76f798627a80b2cc45441e16440e46e6d7340f2c","sha512":"01a04dda0ee36196054d2cc45c9aea7c9467d9f46ee9cf354d8f93260519bd1968b340dc2be3e4ce966bbb6e332f5aa72f29edc1bfb8e8d19decba7c2df3106e","alerts":{"urlquery":null,"analyzer":null}},{"path":"PnPutil.exe","filename":"PnPutil.exe","modified":"","Modified":"2009-07-14T01:39:27Z","magic":"PE32+ executable (console) x86-64, for MS Windows, 5 sections","size":36352,"md5":"9d6b34dd63e99f06637c2dfb3ddb8e4d","sha1":"e1d3061892288aba7a87b5be4d100b6b5d02ab5c","sha256":"de26ce66ebdc5533ab82ca6d2557d554f1be35d1c35025076aef37da3b465b4d","sha512":"22da641a7e4bed105ed4c7a6d9514cafe428c8a85e22f39e78fb290e549378431187839a1ee8c1dffb309c8f28cb385875ca3ee0d386d0dbd3cb64496898a264","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-21","alert":"Detect pe file that no import table","trigger":"en-US/PnPutil.exe.mui","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-21","alert":"Detect pe file that no import table","trigger":"zh-CN/PnPutil.exe.mui","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"3bb8cdaddb894dd814e89143d7db57de","sha1":"c53f5978257e7c9628a33d070df2473f47f92a01","sha256":"348ec6f4e2addf7c62f5b8cc9414debfa93217fecbdeb70750345fe42a141b03","sha512":"2cc8ea3bcf85d3b2c9f90b66ba208597c8c81f9782b477eee070cec5a39dd6c0f6f2f15c8f8c159cef0de13f953896756dba3205c418a47983856b69d74bd529","magic":"7-zip archive data, version 0.4","size":8504452,"url":{"schema":"https","addr":"hwres.ldmnq.com/remote/driver/adb_interface_usb_driver.7z","fqdn":"hwres.ldmnq.com","domain":"ldmnq.com","tld":"com"},"ip":{"addr":"90.84.161.16","port":443,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"archive":[{"path":".DS_Store","filename":".DS_Store","modified":"","Modified":"2011-08-06T06:17:32Z","magic":"Apple Desktop Services Store","size":6148,"md5":"bd2b8f0608e095d1079f37acc1668367","sha1":"c4aa8de157fb485ef1800796e5236d57da7a12b7","sha256":"5d6192282242764e087b40d9b8e8b4671f3607af927d1773d4c486a92ffd6dba","sha512":"c82c406da778904ff01948dc8b20b2c78c3e46dc628ba7d682147620aadc03b6ac660e8dd0f713f5995d94a23c7574aa723110e95c2dac00d81e1ebbdc085091","alerts":{"urlquery":null,"analyzer":null}},{"path":"amd64/NOTICE","filename":"NOTICE","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"ASCII text","size":236,"md5":"ea7f2158b930baf2c0fe799566489716","sha1":"f103d72fd8ee8240aab21f526ed0e4c8ee3a1525","sha256":"a19b767b9ddda7306c78232e4a223d0ba966471b74dce3c0c995307cab5bf7b7","sha512":"20351c59a906dff9622625f12e3bbe0b2260999913d4b2f18ec43e66656f1a9251e2462f269c7919f59c89a9b4569d505a095b50d8cfccfe0d37c0abf9ff79cb","alerts":{"urlquery":null,"analyzer":null}},{"path":"androidwinusb86.cat","filename":"androidwinusb86.cat","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"DER Encoded PKCS#7 Signed Data","size":9103,"md5":"fc66bc6e13ba86196f5a5ba805955556","sha1":"d9ede73877a0cd581b33fa5a0e014893c9b73185","sha256":"e5b47fba7ae210bf4543ba134bf7bbd89efe0e6e938416d6c2d1d30706d4b469","sha512":"158bc16a36b92de28a6115d86f9719d20c85dbccdc588da76f4924e2984a5aebcbcd6fc1328b251696450c2a7aacbd80f69c38e09edddcb293f1ff438edc58dd","alerts":{"urlquery":null,"analyzer":null}},{"path":"androidwinusba64.cat","filename":"androidwinusba64.cat","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"DER Encoded PKCS#7 Signed Data","size":9139,"md5":"fce8a89a4f1ffe187ed7301eb9b336e1","sha1":"1b60fb129b4fac082ce2a7dbe08ab12386d05ee9","sha256":"789ed6bbaeff32b57c23cb5e695f3c7e3409b88325b47d82110b0a1be88f4b4e","sha512":"a22b29aa6fc3114f5cab23591eac8589a19e875ed622285005940db18a4cd4f2a1f42f4a9502be4c97463037f8c204557d288ddc1445aeeb4aac89d0503e7c12","alerts":{"urlquery":null,"analyzer":null}},{"path":"android_winusb.inf","filename":"android_winusb.inf","modified":"","Modified":"2011-08-24T09:08:04Z","magic":"Windows setup INFormation","size":2660,"md5":"3820d8f28c63d7bec307a881a60fbc20","sha1":"3dc4dfae92a9892cf4be9bd6c2d01f667462a0e8","sha256":"0ccdc1d638abbd213d3714146194f43e23fae8af8617a2ec9c67dbcfeaf7c60c","sha512":"949e2e0d88867791f3ae16ed1f626065b10a8e6691c7b265e4886528ee1b49b86adab863889106696236d0a76159fe58d0ad5fdd79b3bc8bd85f8b9b2b4aae3e","alerts":{"urlquery":null,"analyzer":null}},{"path":"en-US/PnPutil.exe.mui","filename":"PnPutil.exe.mui","modified":"","Modified":"2011-04-12T14:45:21Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows","size":8192,"md5":"8d057cdf57cc8e684251a87d4b754952","sha1":"d8834148974b966535f23790c6bee6f84851fd65","sha256":"7070f15dba92fe886f6c8c4b8f0aa442b9ef57fd6fe76fbb1a0806131cb037e6","sha512":"c32f08772da791a2a0ed5554bfd3df881fa6f912c7a7e8a8c695865dc5491b5662c22e579c8786a552b12e1e59b3315f024098912f40ff8206d52435cad89664","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-21","alert":"Detect pe file that no import table","trigger":"en-US/PnPutil.exe.mui","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"i386/NOTICE","filename":"NOTICE","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"ASCII text","size":236,"md5":"ea7f2158b930baf2c0fe799566489716","sha1":"f103d72fd8ee8240aab21f526ed0e4c8ee3a1525","sha256":"a19b767b9ddda7306c78232e4a223d0ba966471b74dce3c0c995307cab5bf7b7","sha512":"20351c59a906dff9622625f12e3bbe0b2260999913d4b2f18ec43e66656f1a9251e2462f269c7919f59c89a9b4569d505a095b50d8cfccfe0d37c0abf9ff79cb","alerts":{"urlquery":null,"analyzer":null}},{"path":"linux.inf","filename":"linux.inf","modified":"","Modified":"2011-08-24T09:08:24Z","magic":"Windows setup INFormation","size":6507,"md5":"2563aebd3b08266b1c2db0f96a4d27a3","sha1":"8938504d15350bda04b6b9e56c518294de6a2809","sha256":"c93593a4bde00427ad9cc992aba76d596f1d4dcd52a8f3db2022b1be1a9f0cac","sha512":"fb1053fdd256ca1ea05f0232469b9fd7cfb2b826e3cb72fe9b0f9d5916ed4e8367c84f513ec9a3840648d8ffb043c96d4fcc1f023dc79ae257cd57e1c4e0f2e9","alerts":{"urlquery":null,"analyzer":null}},{"path":"source.properties","filename":"source.properties","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"ASCII text, with very long lines (16110), with CRLF line terminators","size":16444,"md5":"b7bf2bbe67dc8672d568af77c0bc3eeb","sha1":"a60d375268c2a78f9ab67a465d68773a906e299c","sha256":"d8edfae25b39759c30b9426325313266759d065a67759910a76b2bc2578ec969","sha512":"2019079d60ed00fcf36a6f8e3ba78f1453b2d5eabae60149d43396af55cd8e612032c7edcbefb338072a91f7816b0d51b220ab0e1ab894de35f7814d1e42f3c4","alerts":{"urlquery":null,"analyzer":null}},{"path":"zh-CN/PnPutil.exe.mui","filename":"PnPutil.exe.mui","modified":"","Modified":"2011-04-12T14:45:20Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows","size":6656,"md5":"1985a9607c2cf38ddd84528f65244d38","sha1":"088613193e53169c1133703ad073c06694e5a4ac","sha256":"5baac5edff1d033f617f4631ea6b69bb24d2affba072034a9cf438f2e8d43298","sha512":"f1636259b86931314e8349e133db6723c724eeb97ffa2973aa082d896c3bdafe019975d19742398a61dcafc21846a3e3f72b0dd3cb392bebf40b7a9918dfae74","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-21","alert":"Detect pe file that no import table","trigger":"zh-CN/PnPutil.exe.mui","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"amd64/WdfCoInstaller01009.dll","filename":"WdfCoInstaller01009.dll","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections","size":1721576,"md5":"4da5da193e0e4f86f6f8fd43ef25329a","sha1":"68a44d37ff535a2c454f2440e1429833a1c6d810","sha256":"18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e","sha512":"b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853","alerts":{"urlquery":null,"analyzer":null}},{"path":"amd64/winusbcoinstaller2.dll","filename":"winusbcoinstaller2.dll","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections","size":1002728,"md5":"246900ce6474718730ecd4f873234cf5","sha1":"0c84b56c82e4624824154d27926ded1c45f4b331","sha256":"981a17effddbc20377512ddaec9f22c2b7067e17a3e2a8ccf82bb7bb7b2420b6","sha512":"6a9e305bfbfb57d8f8fd16edabef9291a8a97e4b9c2ae90622f6c056e518a0a731fbb3e33a2591d87c8e4293d0f983ec515e6a241792962257b82401a8811d5c","alerts":{"urlquery":null,"analyzer":null}},{"path":"amd64/WUDFUpdate_01009.dll","filename":"WUDFUpdate_01009.dll","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections","size":2152176,"md5":"ebf9ee8a7671f3b260ed9b08fcee0cc5","sha1":"d9688d1849a86dd209732529375c6ada272ff8fd","sha256":"015f26bbcd619a0b67b5eaa985b69582bac27d5cbca99ce747a76532fcde4aff","sha512":"ea869026b73b4c3d0249beb1fe81efc8b2686d66c5ddf916d314c21989e68a12191efc2a32ef13caf2676327159e95fc4e69100fc09df5a7bbf5c019ea383dd8","alerts":{"urlquery":null,"analyzer":null}},{"path":"i386/WdfCoInstaller01009.dll","filename":"WdfCoInstaller01009.dll","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections","size":1461992,"md5":"a9970042be512c7981b36e689c5f3f9f","sha1":"b0ba0de22ade0ee5324eaa82e179f41d2c67b63e","sha256":"7a6bf1f950684381205c717a51af2d9c81b203cb1f3db0006a4602e2df675c77","sha512":"8377049f0aaef7ffcb86d40e22ce8aa16e24cad78da1fb9b24edfbc7561e3d4fd220d19414fa06964692c54e5cbc47ec87b1f3e2e63440c6986cb985a65ce27d","alerts":{"urlquery":null,"analyzer":null}},{"path":"i386/winusbcoinstaller2.dll","filename":"winusbcoinstaller2.dll","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections","size":851176,"md5":"8e7b9f81e8823fee2d82f7de3a44300b","sha1":"1633b3715014c90d1c552cd757ef5de33c161dee","sha256":"ebe3b7708dd974ee87efed3113028d266af87ca8dbae77c47c6f7612824d3d6c","sha512":"9ae37b2747589a0eb312473d895ef87404f4a395a27e15855826a75b4711ea934ca9a2b289df0abe0a8825dec2d5654a0b1603cf0b039fe25662359b730ce1a9","alerts":{"urlquery":null,"analyzer":null}},{"path":"i386/WUDFUpdate_01009.dll","filename":"WUDFUpdate_01009.dll","modified":"","Modified":"2011-07-07T09:47:50Z","magic":"PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections","size":1837296,"md5":"e1bbe9e3568cf54598e9a8d23697b67e","sha1":"92e15dcab8dda0d4bf9cc9ae98e273567d3ecd57","sha256":"a902bb3bff785faaeb6432be76f798627a80b2cc45441e16440e46e6d7340f2c","sha512":"01a04dda0ee36196054d2cc45c9aea7c9467d9f46ee9cf354d8f93260519bd1968b340dc2be3e4ce966bbb6e332f5aa72f29edc1bfb8e8d19decba7c2df3106e","alerts":{"urlquery":null,"analyzer":null}},{"path":"PnPutil.exe","filename":"PnPutil.exe","modified":"","Modified":"2009-07-14T01:39:27Z","magic":"PE32+ executable (console) x86-64, for MS Windows, 5 sections","size":36352,"md5":"9d6b34dd63e99f06637c2dfb3ddb8e4d","sha1":"e1d3061892288aba7a87b5be4d100b6b5d02ab5c","sha256":"de26ce66ebdc5533ab82ca6d2557d554f1be35d1c35025076aef37da3b465b4d","sha512":"22da641a7e4bed105ed4c7a6d9514cafe428c8a85e22f39e78fb290e549378431187839a1ee8c1dffb309c8f28cb385875ca3ee0d386d0dbd3cb64496898a264","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-21","alert":"Detect pe file that no import table","trigger":"en-US/PnPutil.exe.mui","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-21","alert":"Detect pe file that no import table","trigger":"zh-CN/PnPutil.exe.mui","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"hwres.ldmnq.com/remote/driver/adb_interface_usb_driver.7z","fqdn":"hwres.ldmnq.com","domain":"ldmnq.com","tld":"com"},"ip":{"addr":"90.84.161.16","port":443,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-21T11:17:57.621Z","timestamp":1732187877621,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ldmnq.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 18 Sep 2024 00:00:00 GMT","end":"Thu, 18 Sep 2025 23:59:59 GMT"},"fingerprint":{"sha1":"D2:D3:0A:53:A0:A8:C2:08:AF:98:D5:AB:38:B6:0E:57:2C:06:1D:F1","sha256":"01:6C:63:72:54:15:90:05:42:7A:07:78:08:81:6C:45:2C:21:5A:4B:96:20:3B:80:30:1C:5C:38:C8:6B:D5:C2"}}},"request":{"raw":"GET /remote/driver/adb_interface_usb_driver.7z HTTP/1.1\r\nHost: hwres.ldmnq.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 21 Nov 2024 11:17:59 GMT\r\nContent-Type: application/x-7z-compressed\r\nContent-Length: 8504452\r\nConnection: keep-alive\r\nServer: openresty\r\nCloudServiceDiscount: CDN\r\nx-obs-request-id: 000001906D08EBC741451A84755B2023\r\nETag: \"3bb8cdaddb894dd814e89143d7db57de\"\r\nLast-Modified: Tue, 18 Jun 2024 06:55:59 GMT\r\nContent-Disposition: attachment\r\nx-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCS2KVHxHCMeT29WDrGMQkPA6m1RMCu1s\r\nvia: EU-GER-frankfurt-EDGE5-CACHE3[28],EU-GER-frankfurt-EDGE5-CACHE6[0,TCP_HIT,27],EU-FRA-paris-GLOBAL1-CACHE30[642],EU-FRA-paris-GLOBAL1-CACHE20[422,TCP_MISS,640]\r\nx-hcs-proxy-type: 1\r\nX-CCDN-CacheTTL: 2592000\r\nnginx-hit: 1\r\nAge: 1844808\r\nX-CCDN-Expires: 747192\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8504452,"size_decoded":8504452,"mime_type":"application/x-7z-compressed","magic":"7-zip archive data, version 0.4","md5":"3bb8cdaddb894dd814e89143d7db57de","sha1":"c53f5978257e7c9628a33d070df2473f47f92a01","sha256":"348ec6f4e2addf7c62f5b8cc9414debfa93217fecbdeb70750345fe42a141b03","sha512":"2cc8ea3bcf85d3b2c9f90b66ba208597c8c81f9782b477eee070cec5a39dd6c0f6f2f15c8f8c159cef0de13f953896756dba3205c418a47983856b69d74bd529","ssdeep":"196608:NQ7CgNq3j1nlwp8J3BoYzFevbDpCU+teDb0SIA5Ewx6D+Ed:sCc0j3KsFADpAtQb0iPs+a","tlshash":"e38633efb75205e412e9a7b9eb3d001bf31c810d82997119737b5e28fd8b88db47a245","first_seen":"2024-02-05T15:54:27Z","last_seen":"2025-05-26T21:50:52.439062Z","times_seen":47,"resource_available":false,"data":null}},"time_used":4067,"timings":{"blocked":1767,"dns":1674,"connect":32,"send":0,"wait":65,"receive":467,"ssl":59},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}