{"report_id":"66c660c8-7eb0-431c-a5bf-eefac67ae60e","version":6,"status":"done","tags":[],"date":"2024-04-30T09:00:44Z","url":{"schema":"http","addr":"raw.githubusercontent.com/pankoza2-pl/salinewin.exe-malware/551397166ce887cb59f7c27a25f4c819154064b7/salinewin.zip","fqdn":"raw.githubusercontent.com","domain":"raw.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.110.133","port":0,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T18:11:14Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"raw.githubusercontent.com","ip":{"addr":"185.199.111.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2014-02-06","domain_rank":35802,"first_seen":"2014-03-01 08:08:08","last_seen":"2024-04-28 21:24:00","alert_count":1,"request_count":1,"received_data":208999,"sent_data":568,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"19a966f0b86c67659b15364e89f3748b","sha1":"94075399f5f8c6f73258024bf442c0bf8600d52b","sha256":"b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d","sha512":"60a926114d21e43c867187c6890dd1b4809c855a8011fcc921e6c20b6d1fb274c2e417747f1eef0d64919bc4f3a9b6a7725c87240c20b70e87a5ff6eba563427","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":208112,"url":{"schema":"https","addr":"raw.githubusercontent.com/pankoza2-pl/salinewin.exe-malware/551397166ce887cb59f7c27a25f4c819154064b7/salinewin.zip","fqdn":"raw.githubusercontent.com","domain":"raw.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.111.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":[{"path":"readme.txt","filename":"readme.txt","modified":"","Modified":"2022-11-19T20:44:54+01:00","magic":"ASCII text, with CRLF line terminators","size":318,"md5":"d066989e7c3329ceee99b4461a31cad6","sha1":"aba6ba54cfb19ac454bad9b18e75b86be1f8d625","sha256":"a56b31136f7a822ca4e01d17728e1683989e440e6ccff7bf1ca0f282ef521648","sha512":"2c9388f87a4b3a3582697b968d70463194c7475ae5502790299c4030762f09e6581e38b5c52fe0202bf61862cec6fd0e988c9f0689a78fa564c4b744c5be4e47","alerts":{"urlquery":null,"analyzer":null}},{"path":"salinewin.exe","filename":"salinewin.exe","modified":"","Modified":"2022-11-19T20:40:09+01:00","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections","size":290304,"md5":"2b1e9226d7e1015552a21faca891ec41","sha1":"f87fcbe10fa9312048214d4473498ad4f9f331ce","sha256":"7163fefbf2f865ef78a2d3d4480532fffb979300d6f0a77b6f3fc5c4b0d2cada","sha512":"1852f6d05c9fca962178bc190bc8c90f0ca54ea99714480690f44417e49eee6c392579091ae8a6cd053ec47ad1980dbbbc0db3e0e00520ee1bdbadbf8dc9d69e","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-04-20","alert":"Scan result 55/71","trigger":"7163fefbf2f865ef78a2d3d4480532fffb979300d6f0a77b6f3fc5c4b0d2cada","verdict":"malicious","severity":"","comment":"malicious - 55/71","link":"https://www.virustotal.com/gui/file/7163fefbf2f865ef78a2d3d4480532fffb979300d6f0a77b6f3fc5c4b0d2cada","meta":null}]}},{"path":"salinewin-safety.exe","filename":"salinewin-safety.exe","modified":"","Modified":"2022-11-19T20:42:50+01:00","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections","size":251392,"md5":"601283c004aa6e4bcebfb6e844eb653c","sha1":"9c3dde5abd1056497f03f5ae5a3dc6ffed1028cf","sha256":"279a19315055e93a80c558bf9d9a7c8b4aba8fc8f8f3e812df8619e959abbcae","sha512":"feeaebc7c097c724f0cea539729729a7512eb0c75c45b7395cd1d7b3ab643f11fb8b941373b30b12d14b837ff53793fdf49fd70f524c9f6391285d62cf4a7c06","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-04-10","alert":"Scan result 48/71","trigger":"279a19315055e93a80c558bf9d9a7c8b4aba8fc8f8f3e812df8619e959abbcae","verdict":"malicious","severity":"","comment":"malicious - 48/71","link":"https://www.virustotal.com/gui/file/279a19315055e93a80c558bf9d9a7c8b4aba8fc8f8f3e812df8619e959abbcae","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-04-27","alert":"Scan result 49/66","trigger":"b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d","verdict":"malicious","severity":"","comment":"malicious - 49/66","link":"https://www.virustotal.com/gui/file/b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"raw.githubusercontent.com/pankoza2-pl/salinewin.exe-malware/551397166ce887cb59f7c27a25f4c819154064b7/salinewin.zip","fqdn":"raw.githubusercontent.com","domain":"raw.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.111.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-04-30T09:00:19.026Z","timestamp":1714467619026,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":"GitHub, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 Mar 2024 00:00:00 GMT","end":"Fri, 14 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28","sha256":"09:01:0C:CE:9B:72:21:55:C7:E6:86:B0:77:39:D3:D2:DC:06:05:DE:A1:A4:98:4A:0B:96:5E:18:77:77:26:B5"}}},"request":{"raw":"GET /pankoza2-pl/salinewin.exe-malware/551397166ce887cb59f7c27a25f4c819154064b7/salinewin.zip HTTP/1.1\r\nHost: raw.githubusercontent.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=300\r\ncontent-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox\r\ncontent-type: application/zip\r\netag: W/\"50f34d81f936f494a5cc2ce2db298d597bb6a05b89a19c82c31cedb34276b491\"\r\nstrict-transport-security: max-age=31536000\r\nx-content-type-options: nosniff\r\nx-frame-options: deny\r\nx-xss-protection: 1; mode=block\r\nx-github-request-id: D594:1B9F56:A53F58:AD861B:6630B322\r\naccept-ranges: bytes\r\ndate: Tue, 30 Apr 2024 09:00:19 GMT\r\nvia: 1.1 varnish\r\nx-served-by: cache-hel1410022-HEL\r\nx-cache: MISS\r\nx-cache-hits: 0\r\nx-timer: S1714467619.076366,VS0,VE189\r\nvary: Authorization,Accept-Encoding,Origin\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-fastly-request-id: 60a772453f5875eca9f9b45cd0ee1ffbf9310917\r\nexpires: Tue, 30 Apr 2024 09:05:19 GMT\r\nsource-age: 0\r\ncontent-length: 208112\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":208112,"size_decoded":208112,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"19a966f0b86c67659b15364e89f3748b","sha1":"94075399f5f8c6f73258024bf442c0bf8600d52b","sha256":"b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d","sha512":"60a926114d21e43c867187c6890dd1b4809c855a8011fcc921e6c20b6d1fb274c2e417747f1eef0d64919bc4f3a9b6a7725c87240c20b70e87a5ff6eba563427","ssdeep":"6144:AX0xX7MnBGkuOtEZlwuO2lJwz7EeQG+YSGL:AWXKuVZQ27oEhVYbL","tlshash":"df142306c25025cbacee660704f4d13218a34f5ffb5079abd26b64e95fa1fa01d84b8f","first_seen":"2023-07-08T09:15:41Z","last_seen":"2025-05-14T21:01:55.37682Z","times_seen":70,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":36,"dns":1,"connect":13,"send":0,"wait":203,"receive":44,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-04-27","alert":"Scan result 49/66","trigger":"b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d","verdict":"malicious","severity":"","comment":"malicious - 49/66","link":"https://www.virustotal.com/gui/file/b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d","meta":null}],"urlquery":null}}]}