Report - www.crystalidea.com/downloads/uninstalltool

Report Overview

Submitted URL
www.crystalidea.com/downloads/uninstalltool_portable.zip
IP
173.230.144.164
ASN
#63949 Akamai Connected Cloud
Submitted
2024-04-18 23:48:23
Access
public
Website Title
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.crystalidea.com	unknown	2006-02-09	2012-05-30	2024-03-24	510 B	396 B	173.230.144.164
crystalidea.com	403022	2006-02-09	2012-12-18	2024-04-17	520 B	5.6 MB	173.230.144.164

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
crystalidea.com/downloads/uninstalltool_portable.zip
IP
173.230.144.164
ASN
#63949 Akamai Connected Cloud

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
5.6 MB (5618735 bytes)
Hash
8661828c7789a78bfe568335e5162ba0
cd9bb79da7bebc2d3e5fae2abc443a12ace477f0
762448795aee14a4e3eca6f1fa7ccc27dc1aa587f8eb884636e75cb447d78896

Archive (48)

Filename

Md5

File type

Arabic.xml

359b6276fac20978c2d5152493e42107

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (511)

Armenian.xml

807da57fdf0b3d567a0f10ca2e1b2b41

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (506)

Azerbaijani.xml

367f4e68a31cac9c0c99871ae185d633

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (701)

Belarusian.xml

f45bd67669a87633385f196722756ef6

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (566)

Bulgarian.xml

114949141ee4b559863a7cd9c83513e5

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (599)

Chinese_Simplified.xml

f14508f37f17fb7e0d04c5a1fa225892

XML 1.0 document, Unicode text, UTF-8 (with BOM) text

Chinese_Traditional.xml

1a906251e766e5c7008c59e447a5aad9

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (476)

Croatian.xml

d0a9ca365406736fce50b8813c3ed014

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (522)

Czech.xml

060f73e2ac79cb9098830194fb24ff56

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (522)

Danish.xml

1140b3a8eac03b8eb044174fe3dbd936

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (522)

Dutch.xml

05e04a1604c4a3dc35743fae19154e65

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (620)

English.xml

12d25248123bccc24102105175579061

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (522), with CRLF line terminators

Estonian.xml

9445056a7668007a7316f9f924dfea2b

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (718)

French.xml

dba0671b22c1d6a9557d0e7250f63905

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (734)

Georgian.xml

3c249a9837363d5a08aa1fe6631e9fc7

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (522)

German.xml

cae5902efec53d06e5a9c673e2771cbb

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (648)

Greek.xml

b166e5b75086030eabd739d1a6ed2bf0

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (522)

Hebrew.xml

a52d130f97e0576e9b029c3dacdf9b3e

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (476)

Hindi.xml

9065d8b59d19ea5af0736950d80fbb2e

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (490)

Hungarian.xml

bbb16a8c0399d523965d6a50b1f344a9

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (639)

Indonesian.xml

df4b34ac1a1dd9f93f82ff42f01e3412

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (559)

Italian.xml

9573213c97564c11a43985a6d2e11d38

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (617)

Japanese.xml

cdc718b695e1553fb2b023f82a947bb7

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (522)

Korean.xml

52672e2d3bb0b0b2fbc0375ee2dfb55b

XML 1.0 document, Unicode text, UTF-8 (with BOM) text

Latvian.xml

5d0a60d8ca612c457a022867315d45f2

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (522)

Lithuanian.xml

db27d65c5351c6bf98df5afda6feaa89

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (522)

Norwegian.xml

2a0c2157ceef640aa9eb607558b39dae

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (522)

Persian.xml

afb8053d26649f5bac1657c8b94cd071

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (498)

Polish.xml

77f7dab61d4d0cf88b4ff14babcf6dad

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (609)

Portuguese.xml

1dc2007c737148746ef54ad4b9821e0f

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (614)

Portuguese_Brazilian.xml

df649c41265c34df25e2a1d6d43e14ac

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (610)

Romanian.xml

8db8fda5d2ec2aedc23d44e5cd8ff934

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (522)

Russian.xml

1aba2350ffd13f93edffba70c8b2dfe5

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (750)

Serbian_Cyrillic.xml

3cd0eb4dd926c45e0b1736bf4bc815a9

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (522)

Serbian_Latin.xml

bcd3123455648a37a4d8c336cf7964e8

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (522)

Slovak.xml

0094d328a4d58787a834eb3fa68d7561

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (499)

Slovenian.xml

1a2885e3caf437cd4ca4eccc1e647bfd

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (572)

Spanish.xml

bfdcc2642f4f94e88f01440ee8e14fdf

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (607)

Swedish.xml

35f5ac13e3cbf4382ea784982cdb79e0

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (522)

Turkish.xml

a76c3e8f8e7c49470e196bfc4c84a8f0

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (476)

Ukrainian.xml

c05306550127d357bb6228535af9ad22

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (600)

Vietnamese.xml

1262b431fe62b4d56c08d7bb478a9a72

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (545)

RemoveService.cmd

b8beac96a1205923fa875a485f0a095c

ASCII text, with no line terminators

UninstallToolHelper.exe

d82e0a3786dba17f88929d11d6b00b96

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

UninstallToolPortable.exe

fcae773b59f17007e3f82d20d112701c

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

UninstallToolWebsite.url

5ee9ab72918050713bedda542ed7a563

MS Windows 95 Internet shortcut text (URL=<https://crystalidea.com>), ASCII text, with CRLF line terminators

UninstallTool_x64.dat

3314588abbe3e7e976ca664886e691b8

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

UninstallTool_x86.dat

f407c813d8322c2603934106da1689c5

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Size
	www.crystalidea.com/downloads/uninstalltool_portable.zip	173.230.144.164	169 B
URL www.crystalidea.com/downloads/uninstalltool_portable.zip IP 173.230.144.164:0 ASN #63949 Akamai Connected Cloud File type HTML document, ASCII text, with CRLF line terminators Size 169 B (169 bytes) Hash 5584cd241a762d7a7488f14d5409293c a88c6560e46f39dca33a1bbbc74c319e89adfe2a 56fd937f2948b7fc1b223fc1da61e781a93f6b4c74cfd88e1115bb74418c7dff HTTP Headers `GET /downloads/uninstalltool_portable.zip HTTP/1.1 Host: www.crystalidea.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 301 Moved Permanently server: nginx/1.24.0 date: Thu, 18 Apr 2024 23:47:43 GMT content-type: text/html content-length: 169 location: https://crystalidea.com/downloads/uninstalltool_portable.zip X-Firefox-Spdy: h2`

	crystalidea.com/downloads/uninstalltool_portable.zip	173.230.144.164	5.6 MB
URL crystalidea.com/downloads/uninstalltool_portable.zip IP 173.230.144.164:0 ASN #63949 Akamai Connected Cloud File type Zip archive data, at least v2.0 to extract, compression method=store Size 5.6 MB (5618735 bytes) Hash 8661828c7789a78bfe568335e5162ba0 cd9bb79da7bebc2d3e5fae2abc443a12ace477f0 762448795aee14a4e3eca6f1fa7ccc27dc1aa587f8eb884636e75cb447d78896 HTTP Headers GET /downloads/uninstalltool_portable.zip HTTP/1.1 Host: crystalidea.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx/1.24.0 date: Thu, 18 Apr 2024 23:47:44 GMT content-type: application/zip content-length: 5618735 last-modified: Thu, 04 Apr 2024 13:08:25 GMT etag: "660ea649-55bc2f" accept-ranges: bytes X-Firefox-Spdy: h2`

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (48)

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers