Report - neirong.funshion.com/client/funby/funby.7z

Report Overview

Submitted URL
neirong.funshion.com/client/funby/funby.7z
IP
61.184.10.39
ASN
#4134 Chinanet
Submitted
2024-05-03 20:16:30
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
9

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
neirong.funshion.com	271303	2005-08-22	2012-05-29	2021-10-27	496 B	3.4 MB	61.184.10.39

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
neirong.funshion.com/client/funby/funby.7z
IP
61.184.10.39
ASN
#4134 Chinanet

File type
7-zip archive data, version 0.4
Size
3.4 MB (3370070 bytes)
Hash
d798be5915f1746d97bfc44614c7734f
be235ad4f07c1c7264b93c9b2c41c7b5a3c51ce5
49253a8f570fec625e6b6504bae42dd290163480185d33ed659e0e6a266996be

Archive (16)

Filename

Md5

File type

byupdate.exe

28a0835d0ee854ebc644b6ec5ed0cd7c

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

CrashReport.exe

7cac008db55391eeeed57d0c703f2962

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

fskernel.exe

335fc9bc8d5688670baa7c48573ff592

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

funby.exe

55d1302640f89d68159fe8eedc3d67ab

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

funbyweb.exe

944f87886f76fe96597cab9791d57251

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Uninstall.exe

4d6a724b888f46ce5923a002ad690b4e

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

writeinfo.exe

1aa3ca6bb43a81e13c9fa559bed08e5d

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

gma.dll

0f35c14ffe3f0425e77099b618d6ebae

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

byupdate.en_US

46741b225186453b6b25e77d8bf819c0

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Uninstall.en_US

e37e3e945ba99477ec954d7df006176a

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

default.skin

481cc3bb8ab7824576bda4c4926e8741

Zip archive data, at least v2.0 to extract, compression method=store

Uninstall.skin

eb24d7ee393d993e4dcc00cec197ee58

Zip archive data, at least v2.0 to extract, compression method=store

upgradedefault.skin

4a278b04a327ca41f7c638b570d7504c

Zip archive data, at least v2.0 to extract, compression method=store

byupdate.zh_CN

27513d9c279b369df6d7bfd72acc2f6a

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

default.zh_CN

82660b2c337108f29f1ea28eb94d6883

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Uninstall.zh_CN

f7f4ff2b2d007ee098764f1e0e044715

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 34/59

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

neirong.funshion.com/client/funby/funby.7z

61.184.10.39

200 OK

3.4 MB

URL User Request GET HTTP/1.1
neirong.funshion.com/client/funby/funby.7z
IP
61.184.10.39:443
ASN
#4134 Chinanet

Certificate
IssuerGlobalSign nv-sa
Subject*.funshion.com
FingerprintF8:10:F5:4C:B9:67:72:C9:21:4E:FD:9E:37:D8:E4:19:04:1C:D3:CA
ValidityMon, 18 Dec 2023 02:08:25 GMT - Sat, 18 Jan 2025 02:08:24 GMT

File type
7-zip archive data, version 0.4
Size
3.4 MB (3370070 bytes)
Hash
d798be5915f1746d97bfc44614c7734f
be235ad4f07c1c7264b93c9b2c41c7b5a3c51ce5
49253a8f570fec625e6b6504bae42dd290163480185d33ed659e0e6a266996be

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 34/59

HTTP Headers

GET /client/funby/funby.7z HTTP/1.1
Host: neirong.funshion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 03 May 2024 20:16:02 GMT
Content-Type: application/x-7z-compressed
Content-Length: 3370070
Connection: keep-alive
Last-Modified: Fri, 14 Apr 2017 09:38:09 GMT
ETag: "58f09881-336c56"
X-Cache: HIT from sal-tln-jssq-p1-240-188, HIT from sal-ctc-hubxy-n-10-39
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (16)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers