Report - winworldgame.com/WINDOWS/DOOM95.zip

Report Overview

Visited public
2025-03-08 03:46:12
Tags
URL
winworldgame.com/WINDOWS/DOOM95.zip
Finishing URL
about:privatebrowsing
IP / ASN
178.254.18.188
#42730 EVANZO e-commerce GmbH
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
winworldgame.com	unknown	2025-01-24	2025-03-01	2025-03-08	503 B	1.0 MB	178.254.18.188

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
winworldgame.com/WINDOWS/DOOM95.zip
IP
178.254.18.188
ASN
#42730 EVANZO e-commerce GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
1.0 MB (1048737 bytes)
Hash
cfc167a93db26c9ea0dff3110740f2fc
cb390761ca8300ccefc405517595c48b0701fdff
705b5fff4e4087cb9a75a004d04d238b995be798a39f4f5a240ba9551f8b46f1

Archive (22)

Filename

Md5

File type

AUTORUN.EXE

135bb1d0b9c224f23f36ce4a13709088

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

AUTORUN.INF

f3c6f70dad2c7a91120529e701283f53

Microsoft Windows Autorun file

DMFAQ66A.TXT

660bf8320d93c17ab8e3bebab7116ebd

ASCII text, with CRLF line terminators

DMFAQ66B.TXT

729dd9d6a2eab0c775a0bac947d24fc0

ASCII text, with CRLF line terminators

DMFAQ66C.TXT

b651359a00b21357ca8e39bc41b14f2e

ASCII text, with CRLF line terminators

DMFAQ66D.TXT

8352cadb52dc51a4afb2d3722b4c34b9

ASCII text, with CRLF line terminators

DMOUSE.VXD

f731c47e45788bbcfbf3da2ac4a99af5

MS-DOS executable, LE executable for MS Windows (VxD)

DOOM2.HLP

70f076588c81253c04acf431960d688a

MS Windows 3.1 help, Mon May 13 07:51:23 1996, 360425 bytes

DOOM95.EXE

df4fe250a76ae2e6c7ae32d6fea6674a

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

DOOM95.MID

e5f5517b03a790275a93cf19f50ebbb3

Standard MIDI data (format 1) using 47 tracks at 1/120

DOOMCFG.DLL

f7bda74ee31d06df0a8b3049e0ff5f46

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

DOOMIPX.DLL

bd727ca8fbe2e89fadf512ee931234dd

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

DOOMLNCH.DLL

d32f2d27ef53fad85d86ac44ce37993b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

DOOMMDM.DLL

7c38bb27ec7448576fa3250b1f7a1139

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

DOOMSER.DLL

273f4ea2d270f8c8ce80dcb96312f143

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

DSETUP.DLL

e59744289154e2e58a928d305b3dc2b8

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

DSETUP16.DLL

766d7f904f2eb525664bcbd3032a9dda

MS-DOS executable, NE for MS Windows 3.x (4.0) (DLL or font)

HELPME.TXT

65ba98de47dc0d0188f118345624760a

ASCII text, with CRLF line terminators

LICENSE.DOC

d82cfc8dc8dbc15d3295f2fd136338cb

ASCII text, with CRLF line terminators

SETUP.EXE

4c619d0882144d5006c3c043c0c86661

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

UNINSTL.EXE

4f0496168a459c13703b6a596db85c59

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

XBAND.ID

dece17f0deffb5f298b547c22bda8843

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/68

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

winworldgame.com/WINDOWS/DOOM95.zip

178.254.18.188

200 OK

1.0 MB

URL User Request GET
winworldgame.com/WINDOWS/DOOM95.zip
IP
178.254.18.188:443
ASN
#42730 EVANZO e-commerce GmbH

Certificate
IssuerLet's Encrypt
Subjectwinworldgame.com
FingerprintCD:62:72:2B:22:B6:39:21:79:1A:BB:94:DF:E7:6B:B4:91:27:02:52
ValidityFri, 24 Jan 2025 15:34:34 GMT - Thu, 24 Apr 2025 15:34:33 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
1.0 MB (1048737 bytes)
Hash
cfc167a93db26c9ea0dff3110740f2fc
cb390761ca8300ccefc405517595c48b0701fdff
705b5fff4e4087cb9a75a004d04d238b995be798a39f4f5a240ba9551f8b46f1

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/68

HTTP Headers

GET /WINDOWS/DOOM95.zip HTTP/1.1
Host: winworldgame.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Mar 2025 03:45:49 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Last-Modified: Sat, 04 Jan 2025 10:12:41 GMT
ETag: "1000a1-62adea2b2d840"
Accept-Ranges: bytes
Content-Length: 1048737
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip
Content-Language: en-US

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (22)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers