Report - xmu.md/Patcher-v3.zip

Report Overview

Submitted URL
xmu.md/Patcher-v3.zip
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-17 14:53:33
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xmu.md	unknown	2021-07-22	2021-07-22	2024-03-20	475 B	2.8 MB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
xmu.md/Patcher-v3.zip
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.8 MB (2772078 bytes)
Hash
a92dd857a3db4d32e51955710ab95d25
25f7d493decb5475754580816512bb1aeafb2153
55bea5e83944cdafae30faacca7b86a733fcab77d7a0f0b1fada62d5f5c95a95

Archive (20)

Filename

Md5

File type

wzAudio.dll

2fe3b2efebc02746aa4e0634daae3036

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

IBSCategory.txt

bf16a06deb6b42de972eb6ca6ee2a084

ASCII text, with CRLF line terminators

IBSPackage.txt

7873a7bc897c7e574b9263537d6d0fc5

ASCII text, with CRLF line terminators

IBSProduct.txt

5c418ac8cdbb1f2c5390f3eb87729188

ASCII text, with CRLF line terminators

Item.bmd

8c76951dd4bc3733091f91a16815e86c

data

Main.bmd

c0084ce277a7a06038030cee5638bc0d

data

MasterSkillTooltip.bmd

aebbe173f20fe0ee52cee713fb39f756

data

MasterSkillTooltip_eng.bmd

5b3ba7655543cca2c6661acb3152c0e8

data

MasterSkillTree.bmd

9083cfcb3c829834d8adfd5bbebb110e

data

MasterSkillTreeData.bmd

b2d4412c3707937fca2066fdaa70d84d

data

Mix.bmd

c6dcfdb83494a25c21cd426a20f2b24a

data

Mix2.bmd

7d40341281640943bc41cc9068c87c7a

data

MoveReq.bmd

a90ab6800e89874ae286b21bcde75969

data

NpcName.txt

ad4c3eba5bd565cb125b5c8cecb0871e

ASCII text, with CRLF line terminators

ServerList.bmd

6519e0cf5acc9a3d6a13338466ae96dd

Non-ISO extended-ASCII text, with very long lines (323), with no line terminators

TooltipItem.bmd

ba9ac4f22db03fda36836368cf5e4604

data

TooltipLevel.bmd

cc1a16be2f85312a1708c0c228724319

data

TooltipText.bmd

1f8b4bfdc4616ae4d9f271779263bf70

data

mini_map.ozt

f5a04bb5ed2c5100d7eaaa669714d3f7

Lotus unknown worksheet or configuration, revision 0

Main.exe

371363cf12b91a88d4fb2129c20b3396

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	xmu.md/Patcher-v3.zip	188.114.97.1	200 OK	2.8 MB
URL User Request GET HTTP/2 xmu.md/Patcher-v3.zip IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services LLC Subjectxmu.md FingerprintF6:99:5B:EC:CF:CF:8D:02:A8:D7:51:D7:78:0A:08:61:9E:5C:78:AA ValidityTue, 12 Mar 2024 05:06:03 GMT - Mon, 10 Jun 2024 05:06:02 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 2.8 MB (2772078 bytes) Hash a92dd857a3db4d32e51955710ab95d25 25f7d493decb5475754580816512bb1aeafb2153 55bea5e83944cdafae30faacca7b86a733fcab77d7a0f0b1fada62d5f5c95a95 HTTP Headers `GET /Patcher-v3.zip HTTP/1.1 Host: xmu.md User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 17 Apr 2024 14:53:06 GMT content-type: application/zip content-length: 2772078 last-modified: Mon, 15 Apr 2024 21:26:28 GMT etag: "661d9b84-2a4c6e" strict-transport-security: max-age=15552000 cache-control: max-age=120 cf-cache-status: HIT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZA8PKU7DnW9V0GBCVovZJrWLkzVZXira5MAcIVQ49yjGMXCPf8KVgzJl5divzRFlHmpxPijCygrMLYapDuHVUOfDc5smGfNFEhl6Db1dXiKe7qWYXrm7EkE%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 875d3e24aa519304-CPH alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

xmu.md/Patcher-v3.zip

188.114.97.1

200 OK

2.8 MB

URL User Request GET HTTP/2
xmu.md/Patcher-v3.zip
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectxmu.md
FingerprintF6:99:5B:EC:CF:CF:8D:02:A8:D7:51:D7:78:0A:08:61:9E:5C:78:AA
ValidityTue, 12 Mar 2024 05:06:03 GMT - Mon, 10 Jun 2024 05:06:02 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.8 MB (2772078 bytes)
Hash
a92dd857a3db4d32e51955710ab95d25
25f7d493decb5475754580816512bb1aeafb2153
55bea5e83944cdafae30faacca7b86a733fcab77d7a0f0b1fada62d5f5c95a95

HTTP Headers

GET /Patcher-v3.zip HTTP/1.1
Host: xmu.md
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 14:53:06 GMT
content-type: application/zip
content-length: 2772078
last-modified: Mon, 15 Apr 2024 21:26:28 GMT
etag: "661d9b84-2a4c6e"
strict-transport-security: max-age=15552000
cache-control: max-age=120
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZA8PKU7DnW9V0GBCVovZJrWLkzVZXira5MAcIVQ49yjGMXCPf8KVgzJl5divzRFlHmpxPijCygrMLYapDuHVUOfDc5smGfNFEhl6Db1dXiKe7qWYXrm7EkE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875d3e24aa519304-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (20)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers