Report - downloads.cmcloud.cn/kis/kiscloud/stable/private/KISCloudClient.exe

Report Overview

Submitted URL
downloads.cmcloud.cn/kis/kiscloud/stable/private/KISCloudClient.exe
IP
14.29.101.169
ASN
#4134 Chinanet
Submitted
2024-03-28 20:55:25
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.trust-provider.cn	unknown	2015-04-09	2022-02-10	2024-03-28	668 B	2.8 kB	112.50.95.96
downloads.cmcloud.cn	unknown	2011-02-10	2013-04-22	2024-03-21	521 B	9.2 MB	14.29.101.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-03-28	medium	downloads.cmcloud.cn/kis/kiscloud/stable/private/KISCloudClient.exe	Detects an SFX archive with automatic script execution

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
downloads.cmcloud.cn/kis/kiscloud/stable/private/KISCloudClient.exe
IP
14.29.101.168
ASN
#4134 Chinanet

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
Size
9.2 MB (9249424 bytes)
Hash
0f35ad1ada3cbd89b54b27ab07f4ee0d
69940c58dac8b3f46d020c58f6a959db468e05d0
10e60613394aa48b99b5bbaa13df6d5209912e64612e8dd2d09d24546e09d74f

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects an SFX archive with automatic script execution
VirusTotal	suspicious	VirusTotal - Scan result 2/69

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

ocsp.trust-provider.cn/

112.50.95.96

599 B

URL
ocsp.trust-provider.cn/
IP
112.50.95.96:0
ASN
#9808 China Mobile Communications Group Co., Ltd.

File type
data
Size
599 B (599 bytes)
Hash
656d2f76ef6ae2d99f67ac7771229b06
fef22bdf6460e43b15f7883070bf05c670437131
8c3866c4061729e8568eb56eaf7374d58a6e57e0998c2b80d815a0d9628b0bba

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 599
Connection: keep-alive
cf-cache-status: EXPIRED
accept-ranges: bytes
request-id: 6605d917fe8deb93d472391460d2b0d1
ctl-cache-status: HIT from hk-xianggang4-ca06, HIT from cq-yuzhong1-ca20
date: Thu, 28 Mar 2024 20:54:47 GMT
etag: "fef22bdf6460e43b15f7883070bf05c670437131"
expires: Mon, 01 Apr 2024 08:53:21 GMT
cf-ray: 869df8538ad384eb-HKG
cache-control: max-age=3600
last-modified: Mon, 25 Mar 2024 08:53:22 GMT
x-frame-options: SAMEORIGIN
x-ccacdn-proxy-id: scdpinlb5
age: 3020
via: n172-013-214.fzmp.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 1711659287b8237a961544ef467cb4edbbf368ec43
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=34, edge;dur=0

ocsp.trust-provider.cn/

112.50.95.96

599 B

URL
ocsp.trust-provider.cn/
IP
112.50.95.96:0
ASN
#9808 China Mobile Communications Group Co., Ltd.

File type
data
Size
599 B (599 bytes)
Hash
656d2f76ef6ae2d99f67ac7771229b06
fef22bdf6460e43b15f7883070bf05c670437131
8c3866c4061729e8568eb56eaf7374d58a6e57e0998c2b80d815a0d9628b0bba

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 599
Connection: keep-alive
cf-cache-status: EXPIRED
accept-ranges: bytes
last-modified: Mon, 25 Mar 2024 08:53:22 GMT
cf-ray: 869df8538ad384eb-HKG
request-id: 6605d917e6415499cb61c724cba79a5e
age: 2908
ctl-cache-status: HIT from hk-xianggang4-ca06, HIT from js-nanjing1-ca39
etag: "fef22bdf6460e43b15f7883070bf05c670437131"
cache-control: max-age=3600
expires: Mon, 01 Apr 2024 08:53:21 GMT
date: Thu, 28 Mar 2024 20:54:47 GMT
x-frame-options: SAMEORIGIN
x-ccacdn-proxy-id: scdpinlb5
via: n172-013-213.fzmp.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 1711659287975de583ee60c82717f90945853edffb
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=33, edge;dur=0

downloads.cmcloud.cn/kis/kiscloud/stable/private/KISCloudClient.exe

14.29.101.168

200 OK

9.2 MB

URL User Request GET HTTP/2
downloads.cmcloud.cn/kis/kiscloud/stable/private/KISCloudClient.exe
IP
14.29.101.168:443
ASN
#4134 Chinanet

Certificate
IssuerDNSPod, Inc.
Subject*.cmcloud.cn
FingerprintD2:80:BB:A4:D7:94:C1:5F:0F:27:A7:8F:82:5C:17:64:41:DB:4E:48
ValidityFri, 26 May 2023 00:00:00 GMT - Mon, 24 Jun 2024 23:59:59 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
Size
9.2 MB (9249424 bytes)
Hash
0f35ad1ada3cbd89b54b27ab07f4ee0d
69940c58dac8b3f46d020c58f6a959db468e05d0
10e60613394aa48b99b5bbaa13df6d5209912e64612e8dd2d09d24546e09d74f

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects an SFX archive with automatic script execution
VirusTotal	suspicious	VirusTotal - Scan result 2/69

HTTP Headers

GET /kis/kiscloud/stable/private/KISCloudClient.exe HTTP/1.1
Host: downloads.cmcloud.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Thu, 28 Mar 2024 20:54:47 GMT
content-type: application/octet-stream
content-length: 9249424
last-modified: Wed, 23 Aug 2023 03:23:47 GMT
cache-control: max-age=3600
ctl-cache-status: HIT from js-changzhou7-ca02, HIT from gd-guangzhou8-ca10
request-id: 6605d917fb9205178c705456fcc96701
age: 304
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (3)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers