Report - github.com/pal1000/Realtek-UAD-generic/releases/download/6.0.9661.1/Unofficial-Realtek-UAD-generic-6.0.9661.1-r2.7z

Report Overview

Submitted URL
github.com/pal1000/Realtek-UAD-generic/releases/download/6.0.9661.1/Unofficial-Realtek-UAD-generic-6.0.9661.1-r2.7z
IP
140.82.121.3
ASN
#36459 GITHUB
Submitted
2024-05-07 04:43:48
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
11

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2024-03-24	569 B	4.0 kB	140.82.121.3
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2024-05-06	1.0 kB	19 MB	185.199.110.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
objects.githubusercontent.com/github-production-release-asset-2e65be/180331793/fdff876b-ead7-4969-a3ee-dd99b5edfe80?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240507%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240507T044245Z&X-Amz-Expires=300&X-Amz-Signature=a4e98bfbbb42933d0e66846167f69858fbd6c7c287c073568f89b21bc6ab010d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=180331793&response-content-disposition=attachment%3B%20filename%3DUnofficial-Realtek-UAD-generic-6.0.9661.1-r2.7z&response-content-type=application%2Foctet-stream
IP
185.199.110.133
ASN
#54113 FASTLY

File type
7-zip archive data, version 0.4
Size
19 MB (19089037 bytes)
Hash
047169341f82f874176e1d9f932a16ab
3670a53c5b9ecbbb0ebd5ff6f245d3a39192bdc8
1cc49cc5780d690967973d3fe0463bc01a00bac9d0935fd24ae3522ea9dd7112

Archive (53)

Filename

Md5

File type

audiotype.cmd

1a7937ddaa54adc022dc898d33b69f58

DOS batch file, ASCII text, with CRLF line terminators

defeatpnplock.cmd

9f5202bc39fec028aebc9f739edb327f

DOS batch file, ASCII text, with CRLF line terminators

forceupdater.cmd

9548d031f0c6f70162a906f9229a23c2

DOS batch file, ASCII text, with CRLF line terminators

HKR.cmd

4fbb12a715175b0fbfe2d03d95dc2743

ASCII text, with CRLF line terminators

regedit.cmd

e10269d1f108aecb9e2b5e25e1d16df8

DOS batch file, ASCII text, with CRLF line terminators

autostart.cmd

55a7c3687d1e944a4d144bb17d084e45

ASCII text, with CRLF line terminators

deluadcomponent.cmd

ead011c1bfb366fba6467b001540a95b

ASCII text, with CRLF line terminators

finduadservices.vbs

b893be2fc026c115206cca9f7f4e0cd9

ASCII text, with CRLF line terminators

getshell.vbs

4d394f7b60bcbd9a2913e15d5b9bdc63

ASCII text, with CRLF line terminators

uadserviceremove.cmd

a7b617797aae7bfcf0e8ab8371eddfb2

ASCII text, with CRLF line terminators

uadserviceusermode.vbs

8ab9cd78563d870fc7d71fcf9e67a1ce

ASCII text, with CRLF line terminators

README.md

d9056cdab02a58b387469cbc1c50044c

ASCII text, with very long lines (505), with CRLF line terminators

setup.cmd

40e44fb35e6f05b9571c2a30947c22d2

DOS batch file, ASCII text, with CRLF line terminators

disablewindowsupdatedriversdownload.cmd

5ed55077a1352f6ca3048e355178970a

DOS batch file, ASCII text, with CRLF line terminators

enablewindowsupdatedriversdownload.cmd

7fea6ea3983825c20b8843c67bf18ea7

DOS batch file, ASCII text, with CRLF line terminators

removesetupautostart.cmd

df6e5f23d8e54c9628395a9950a05981

DOS batch file, ASCII text, with CRLF line terminators

restorewindowsnormalstartup.cmd

486437bdf37ce690be3c49264dd66b8a

DOS batch file, ASCII text, with CRLF line terminators

HDXRT.inf

125f5c9d599f838704953fe9503a8fe6

Windows setup INFormation

HDXRTSST.inf

298040402bae4928e5454a19ac888bda

Windows setup INFormation

HDXRTU.CAT

261e9712b1690a149b9dc3eef4235b28

DER Encoded PKCS#7 Signed Data

RTAIODAT.DAT

2b3052d5073a0fc986593a70f1d38a73

DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 576460821022900224.000000, slope 170141710803118926675118326344417542144.000000

HDXRT.inf

1f3d94cb0c78d9111ef036e36f7121ab

Windows setup INFormation

HDXRTSST.inf

b814450eb949d73669138da905b73f69

Windows setup INFormation

HDXRTU.CAT

bf6039313f45a4a758c335429f044de8

DER Encoded PKCS#7 Signed Data

RTAIODAT.DAT

5a1170433af209dabdfc72d13f5ffcdd

hdxrtext.cat

69580f3619b7bec20a9715b8d93ec5d5

DER Encoded PKCS#7 Signed Data

HDX_GenericExt_RTK.inf

cf5f6840f096ae460847d0df79d78fbf

Windows setup INFormation

realtekapo.cat

93230ed75acaaafc1f1bd348d3fae04f

DER Encoded PKCS#7 Signed Data

RealtekAPO.inf

d0fb88accb1366b3e4028de31c20ab27

Windows setup INFormation

realtekapo.cat

7d662e5075f1688fba6e75d5f309ec73

DER Encoded PKCS#7 Signed Data

RealtekAPO.inf

3567be508f45bed0cf1bf30a66d55a02

Windows setup INFormation

realtekhsa.cat

352f66e8964acda32c482c7a4903c189

DER Encoded PKCS#7 Signed Data

RealtekHSA.inf

b106aae7764f905793c8e6037208ce08

Windows setup INFormation

RealtekService.cat

348697948fb28689997ad87156a21fb7

DER Encoded PKCS#7 Signed Data

realtekservice.inf

46581b1e2b884eb84fbad2611c10e19f

Windows setup INFormation

RTAIODAT.DAT

ee21689dba1264b3e96aad7527d140ca

devcon.exe

4a4b27f0b7eed3b55c896630e8ace441

PE32+ executable (console) x86-64, for MS Windows, 6 sections

nircmd.exe

5ed4728caa339c2a7479102f0c04c087

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

nircmdc.exe

a89a436cd742f2aed183ae3aac6f575f

PE32+ executable (console) x86-64, for MS Windows, 5 sections

RTKVHD64.sys

e8deaccb145ef4ba30084625a1ec3e72

PE32+ executable (native) x86-64, for MS Windows, 10 sections

RTKVHD64.sys

85601f02a809535c62df53d1102ad1a5

PE32+ executable (native) x86-64, for MS Windows, 10 sections

RltkAPOU64.dll

fbbed24cee779d45377938c52855cab6

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 12 sections

RltkAPOU64.dll

fee613bf5005484025e6f82fac2d415a

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 12 sections

MonoSeparationEnrollDll.dll

1bda6655b8b943b5294fde4fad4d0c8f

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

RtCOM64.dll

caad5fcc39532a7d4e0bbae87b4a9aa7

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

RtDataProc64.dll

f244c3e11267253e91135cc4403ec653

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 10 sections

RtkApi64U.dll

123bb93fdff6b7763c95e3456d583d1e

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

RtkAudUService64.exe

632c2ae1fd9e7bf3dcc6a91bb2b39742

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

RtkAudUServiceConf64.dll

49316b54fca8940d21f0a52ae2b05774

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

RtkAudUServiceRes64.dll

338fbb7c7dd638b04c881103001a42b0

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

RtkCfg64.dll

56449ccbe9e632af86c76584da650baf

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

SpeakerVerfDll.dll

53af63298416a9e8cea76be6a68e13e1

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

RTKVHD64.sys

2740f54ba3bb9e93111783a27b2dc101

PE32+ executable (native) x86-64, for MS Windows, 9 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	bumblebee_win_generic
YARAhub by abuse.ch	malware	bumblebee_win_generic
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	bumblebee_win_generic
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	github.com/pal1000/Realtek-UAD-generic/releases/download/6.0.9661.1/Unofficial-Realtek-UAD-generic-6.0.9661.1-r2.7z	140.82.121.3	302 Found	0 B
URL User Request GET HTTP/2 github.com/pal1000/Realtek-UAD-generic/releases/download/6.0.9661.1/Unofficial-Realtek-UAD-generic-6.0.9661.1-r2.7z IP 140.82.121.3:443 ASN #36459 GITHUB Certificate IssuerSectigo Limited Subjectgithub.com FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0 ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /pal1000/Realtek-UAD-generic/releases/download/6.0.9661.1/Unofficial-Realtek-UAD-generic-6.0.9661.1-r2.7z HTTP/1.1 Host: github.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found server: GitHub.com date: Tue, 07 May 2024 04:42:45 GMT content-type: text/html; charset=utf-8 vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/180331793/fdff876b-ead7-4969-a3ee-dd99b5edfe80?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240507%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240507T044245Z&X-Amz-Expires=300&X-Amz-Signature=a4e98bfbbb42933d0e66846167f69858fbd6c7c287c073568f89b21bc6ab010d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=180331793&response-content-disposition=attachment%3B%20filename%3DUnofficial-Realtek-UAD-generic-6.0.9661.1-r2.7z&response-content-type=application%2Foctet-stream cache-control: no-cache strict-transport-security: max-age=31536000; includeSubdomains; preload x-frame-options: deny x-content-type-options: nosniff x-xss-protection: 0 referrer-policy: no-referrer-when-downgrade content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ content-length: 0 x-github-request-id: EA2F:38CDE3:262A188A:26C0D059:6639B145 X-Firefox-Spdy: h2

	objects.githubusercontent.com/github-production-release-asset-2e65be/180331793/fdff876b-ead7-4969-a3ee-dd99b5edfe80?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240507%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240507T044245Z&X-Amz-Expires=300&X-Amz-Signature=a4e98bfbbb42933d0e66846167f69858fbd6c7c287c073568f89b21bc6ab010d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=180331793&response-content-disposition=attachment%3B%20filename%3DUnofficial-Realtek-UAD-generic-6.0.9661.1-r2.7z&response-content-type=application%2Foctet-stream	185.199.110.133	200 OK	19 MB
URL User Request GET HTTP/2 objects.githubusercontent.com/github-production-release-asset-2e65be/180331793/fdff876b-ead7-4969-a3ee-dd99b5edfe80?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240507%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240507T044245Z&X-Amz-Expires=300&X-Amz-Signature=a4e98bfbbb42933d0e66846167f69858fbd6c7c287c073568f89b21bc6ab010d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=180331793&response-content-disposition=attachment%3B%20filename%3DUnofficial-Realtek-UAD-generic-6.0.9661.1-r2.7z&response-content-type=application%2Foctet-stream IP 185.199.110.133:443 ASN #54113 FASTLY Certificate IssuerDigiCert Inc Subject.github.io Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28 ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT File type 7-zip archive data, version 0.4 Size 19 MB (19089037 bytes) Hash 047169341f82f874176e1d9f932a16ab 3670a53c5b9ecbbb0ebd5ff6f245d3a39192bdc8 1cc49cc5780d690967973d3fe0463bc01a00bac9d0935fd24ae3522ea9dd7112 HTTP Headers GET /github-production-release-asset-2e65be/180331793/fdff876b-ead7-4969-a3ee-dd99b5edfe80?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240507%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240507T044245Z&X-Amz-Expires=300&X-Amz-Signature=a4e98bfbbb42933d0e66846167f69858fbd6c7c287c073568f89b21bc6ab010d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=180331793&response-content-disposition=attachment%3B%20filename%3DUnofficial-Realtek-UAD-generic-6.0.9661.1-r2.7z&response-content-type=application%2Foctet-stream HTTP/1.1 Host: objects.githubusercontent.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK content-type: application/octet-stream last-modified: Mon, 06 May 2024 20:25:30 GMT etag: "0x8DC6E0AAC6A72A8" server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 6fb2ab50-e01e-0022-70f5-9f244a000000 x-ms-version: 2020-10-02 x-ms-creation-time: Mon, 06 May 2024 20:25:30 GMT x-ms-lease-status: unlocked x-ms-lease-state: available x-ms-blob-type: BlockBlob content-disposition: attachment; filename=Unofficial-Realtek-UAD-generic-6.0.9661.1-r2.7z x-ms-server-encrypted: true via: 1.1 varnish, 1.1 varnish accept-ranges: bytes age: 0 date: Tue, 07 May 2024 04:42:46 GMT x-served-by: cache-iad-kiad7000075-IAD, cache-hel1410029-HEL x-cache: HIT, MISS x-cache-hits: 23, 0 x-timer: S1715056966.710693,VS0,VE490 content-length: 19089037 X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (53)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers