Report - downloads.wisecleaner.com/soft/WDCFree_11.1.1.826.zip

Report Overview

Submitted URL
downloads.wisecleaner.com/soft/WDCFree_11.1.1.826.zip
IP
142.171.175.146
ASN
#35916 MULTA-ASN1
Submitted
2024-04-26 12:22:41
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
downloads.wisecleaner.com	unknown	2006-11-12	2014-05-22	2021-08-30	507 B	7.1 MB	142.171.175.146

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
downloads.wisecleaner.com/soft/WDCFree_11.1.1.826.zip
IP
142.171.175.146
ASN
#35916 MULTA-ASN1

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
7.1 MB (7119695 bytes)
Hash
759d029e59d770fc646f7db7d2b937e0
4f30c1cfad90cec2d16921680b9bee234b9adce6
75da93ad2aa6b3b3e8d6d6447bfe60a67766f80eaf57c731cf315425d8fd39f8

Archive (51)

Filename

Md5

File type

1c.ico

c5c8035a203ba637712ed2860371fdc0

MS Windows icon resource - 2 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 48x48, 32 bits/pixel

config.ini

d41d8cd98f00b204e9800998ecf8427e

DefragOptions.ini

fad2f00c21fab96a5adde991d0b5e949

Microsoft HTML Help Project

Abkhazian.ini

245e8595de029d92ee5a0f3523c5d419

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Arabic.ini

7505e6b99410f556a9fbcf222a6df9dc

Unicode text, UTF-16, little-endian text, with very long lines (309), with CRLF line terminators

Belarusian(Cyrillic).ini

ed6d4d5f12520bbb9825ed4d6e4b6e6b

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Belarusian(Latin).ini

02228ca6de51fca359f788a66441a203

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Bulgarian.ini

c3115a11b3ecad7765a21a7487657e4d

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Catalan(Spain).ini

2f1667e4f54e9dad050c30b8ad94c649

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Chinese(Simplified).ini

c42973dd8e472e474a8c3b5aba6bc725

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Chinese(Traditional).ini

302ea562fdc661f6122b49cd2a272d37

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Czech.ini

054568a3707a38eaf04e92d1f7020889

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Danish.ini

ed6087811269f0144bdb223848032341

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Dutch (Nederlands).ini

ac5c345da09248575109eee7fdd5e385

Unicode text, UTF-16, little-endian text, with CRLF line terminators

English.ini

d19b1ed3ce8e3a3c29d85291c635706b

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Finnish.ini

3975380ce3d4856f160224696c99dcad

Unicode text, UTF-16, little-endian text, with CRLF line terminators

French.ini

7641eb1a64d215a1ac90ae4f29b335f9

Unicode text, UTF-16, little-endian text, with CRLF line terminators

German.ini

1f4eb8a078a5d35419764a7b2d0e9aa5

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Greek.ini

b69ed1ffab3fda818a963e5cf172f73a

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Hebrew.ini

cb13b5f5000b68211e9dd5a6293697d0

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Hungarian.ini

ee8fd119d87c2d95d1cbe48b7c1d789d

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Indonesian.ini

2a7ac2152e5c59ecea3f7d5b3f23c711

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Italian.ini

4cfb02c92d021e33e7547270ee30f0ac

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Japanese.ini

74b8b01b6031467420fc8977e5c78c30

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Korean.ini

514e4a6988dc8f4ca8704b9b42c50779

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Nepali.ini

7dd6b28a38aaf440db85ad28da3822fb

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Norwegian (Bokmal).ini

045e86062f3c3ba0c5172534fcde5e09

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Norwegian (Nynorsk).ini

93a107859122635ffb657611e0043bcf

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Persian.ini

c0dba66732533737102118d154c719c0

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Polish.ini

21376e31698164f0b143182b5a2b697d

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Portuguese(Brasil).ini

8e6a4e317687d21000be8ad524c231eb

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Portuguese(Portugal).ini

98794dc6534a00f6bcd3f3a9eda2a341

Unicode text, UTF-16, little-endian text, with CRLF, CR line terminators

Romanian.ini

56851ab3c8f256bd9071332417b7aceb

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Russian.ini

c68a010bd0723fbe8b4922293361572e

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Serbian.ini

e193189a10d1973b8cc1ef9caa768694

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Slovak.ini

0f921415d36494ad182549309cd78fdc

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Slovenian.ini

f7e74092fe8d367a3812755e9defb467

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Spanish (Colombia).ini

17b9349e3602eba8cf0d93de625be0bc

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Spanish (Spain).ini

c170e134777b8abfa77ec14c2527ce53

Unicode text, UTF-16, little-endian text, with CRLF, LF line terminators

Swedish.ini

407a021dbec9c0159f7a5f986dcfb687

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Thai.ini

bb6aa1f48ddefed5541a2a5dd5936fe9

data

Turkish.ini

1c1bb574ecfcc92969fa41ce79d25ceb

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Ukrainian.ini

bedaa16df5158df88b96758cc6fb474c

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Welsh.ini

aefa8f137a585cd9d9c87e989dee9ce8

Unicode text, UTF-16, little-endian text, with CRLF line terminators

License.txt

4a0f1a666912e64f1ba811fc24d7135f

ASCII text, with very long lines (870), with CRLF line terminators

LiveUpdate.exe

7c88467822a9648654fa08f6f20eda1a

PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections

sqlite3.dll

dfa08af47fb6bbff6b92308bdce07fe8

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

WebView2Loader.dll

da3e0b4eaec1a1f4ae15aa461c89b46b

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 8 sections

WiseDefrag.dll

aef54c583b1cd8554537bd0a51398db6

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

WiseDiskCleaner.exe

aef50b196b222760f3c24d0a9130bc11

PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections

WJSLib.dll

b936056bd95fa2de3197f0267c07f529

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	suspicious	VirusTotal - Scan result 1/64

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

downloads.wisecleaner.com/soft/WDCFree_11.1.1.826.zip

142.171.175.146

200 OK

7.1 MB

URL User Request GET HTTP/2
downloads.wisecleaner.com/soft/WDCFree_11.1.1.826.zip
IP
142.171.175.146:443
ASN
#35916 MULTA-ASN1

Certificate
IssuerDigiCert Inc
Subjectdownloads.wisecleaner.com
Fingerprint50:F2:B1:E9:BA:CE:7F:F2:01:33:D3:E0:BA:53:1C:F1:D3:08:45:3C
ValidityThu, 03 Aug 2023 00:00:00 GMT - Sat, 03 Aug 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
7.1 MB (7119695 bytes)
Hash
759d029e59d770fc646f7db7d2b937e0
4f30c1cfad90cec2d16921680b9bee234b9adce6
75da93ad2aa6b3b3e8d6d6447bfe60a67766f80eaf57c731cf315425d8fd39f8

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/64

HTTP Headers

GET /soft/WDCFree_11.1.1.826.zip HTTP/1.1
Host: downloads.wisecleaner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 11:16:58 GMT
content-type: application/zip
content-length: 7119695
last-modified: Wed, 24 Apr 2024 08:00:07 GMT
etag: "6628bc07-6ca34f"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2