Report - download.iciba.com/pc/plug/ktpcntr.exe

Report Overview

Visited public
2023-08-29 13:09:01
Tags
URL
download.iciba.com/pc/plug/ktpcntr.exe
Finishing URL
about:privatebrowsing
IP / ASN
153.0.231.6
#4837 CHINA UNICOM China169 Backbone
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
download.iciba.com	167886	2000-05-23	2012-06-20 19:02:05	2023-08-29 15:08:07	494 B	2.0 MB	14.215.89.6
ocsp.dcocsp.cn	33518	2018-05-02	2018-11-07 14:15:36	2023-08-29 05:11:07	328 B	959 B	47.246.44.230

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-08-29	medium	download.iciba.com/pc/plug/ktpcntr.exe	meth_get_eip

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
download.iciba.com/pc/plug/ktpcntr.exe
IP
14.215.89.6
ASN
#4134 Chinanet

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
2.0 MB (1973880 bytes)
Hash
c7077353ccc17466b93c8a821f23accd
0ac7e68966a362d39885b4b0d535e0ffcc1dd49f
3e1b9dda35aea344ef2ef7bb6aff15c865de42f26b41335396234bb9db9d7cf7

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	suspicious	VirusTotal - Scan result 1/71

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

ocsp.dcocsp.cn/

47.246.44.230

471 B

URL
ocsp.dcocsp.cn/
IP
47.246.44.230:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
d0dcedfe609bfe9a12647ae0b6962e4c
5b4dccb504b13b687d74aa51cce8cfe3618fe008
3148ed2a8722bd2b01354f1b7166a320c4ad2a8ba689e810c3303718c4dc768b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Tue, 29 Aug 2023 12:33:57 GMT
Ali-Swift-Global-Savetime: 1693312437
Via: cache21.l2de2[0,0,200-0,H], cache2.l2de2[1,0], cache8.se1[23,22,200-0,M], cache8.se1[24,0]
Age: 2086
X-Cache: MISS TCP_REFRESH_MISS dirn:1:383663017
X-Swift-SaveTime: Tue, 29 Aug 2023 13:08:43 GMT
X-Swift-CacheTime: 1514
Timing-Allow-Origin: *
EagleId: 2ff62c9c16933145238445114e

download.iciba.com/pc/plug/ktpcntr.exe

14.215.89.6

200 OK

2.0 MB

URL User Request GET HTTP/1.1
download.iciba.com/pc/plug/ktpcntr.exe
IP
14.215.89.6:443
ASN
#4134 Chinanet

Certificate
IssuerDigiCert Inc
Subject*.iciba.com
Fingerprint50:8D:58:9C:22:FE:7B:92:9C:5B:E1:39:F0:11:88:70:AB:9C:D3:10
ValidityWed, 14 Dec 2022 00:00:00 GMT - Thu, 14 Dec 2023 23:59:59 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
2.0 MB (1973880 bytes)
Hash
c7077353ccc17466b93c8a821f23accd
0ac7e68966a362d39885b4b0d535e0ffcc1dd49f
3e1b9dda35aea344ef2ef7bb6aff15c865de42f26b41335396234bb9db9d7cf7

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	suspicious	VirusTotal - Scan result 1/71

HTTP Headers

GET /pc/plug/ktpcntr.exe HTTP/1.1
Host: download.iciba.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 1973880
Connection: keep-alive
Server: nginx
ETag: "5a4462d8-1e1e78"
Date: Sun, 16 Apr 2023 18:58:45 GMT
Last-Modified: Thu, 28 Dec 2017 03:19:52 GMT
Expires: Wed, 13 Apr 2033 18:58:45 GMT
Age: 11642999
Cache-Control: max-age=315360000
Accept-Ranges: bytes
x-link-via: chaozct01:443;lygmp21:80;
X-Cache-Status: HIT from KS-CLOUD-LYG-MP-21-20, HIT from KS-CLOUD-CHAOZ-CT-01-01
X-Cdn-Request-ID: b76ea1afece00e8cf698f5cdae1a1f05

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers