Report - archive.hasee.com/drivefile/notebook/%E8%93%9D%E5%A4%A9/NHxxDBDE_1.07.08/05

Report Overview

Visited public
2024-06-24 09:02:31
Tags
URL
archive.hasee.com/drivefile/notebook/%E8%93%9D%E5%A4%A9/NHxxDBDE_1.07.08/05_Cardreader.zip
Finishing URL
about:privatebrowsing
IP / ASN
111.7.98.141
#9808 China Mobile Communications Group Co., Ltd.
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
status.geotrust.com	3662	1999-04-04	2017-12-01 09:55:31	2024-06-23 18:15:14	331 B	733 B	192.229.221.95
archive.hasee.com	unknown	1999-12-28	2022-07-22 11:23:32	2023-12-11 10:20:21	728 B	15 MB	111.7.66.132
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-23 18:17:21	1.6 kB	4.4 kB	23.36.76.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
archive.hasee.com/drivefile/notebook/%E8%93%9D%E5%A4%A9/NHxxDBDE_1.07.08/05_Cardreader.zip
IP
111.7.66.132
ASN
#9808 China Mobile Communications Group Co., Ltd.

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
15 MB (15108227 bytes)
Hash
08de9aebf1669d38281a631d5c831467
16324a03eb50da1bba460caed95302511b580fb5
fa4a8ae3392a3cb83c6576d871bc7634907cb11716e7d78646f7b1aefa11e93c

Archive (62)

Filename

Md5

File type

0x0402.ini

6f82f2efc4a5da513e0222f47fb5fc2d

Unicode text, UTF-16, little-endian text, with very long lines (332), with CRLF line terminators

0x0403.ini

04b3d8be6e6f17f13a3be3f24e3ac1b0

Unicode text, UTF-16, little-endian text, with very long lines (340), with CRLF line terminators

0x0404.ini

ec1f8f71fa21c49bc96a17c81ad51598

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0405.ini

9fb56981dd06830b30cd9cadf54270d6

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0406.ini

7c6ad5705b8c076697c1ca0eb6229f6f

Unicode text, UTF-16, little-endian text, with very long lines (316), with CRLF line terminators

0x0407.ini

9a62da6c523506355c1bf1b30db73edd

Unicode text, UTF-16, little-endian text, with very long lines (324), with CRLF line terminators

0x0408.ini

c7a740c71fb3779c8ae2626729a44389

Unicode text, UTF-16, little-endian text, with very long lines (389), with CRLF line terminators

0x0409.ini

be345d0260ae12c5f2f337b17e07c217

Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators

0x040a.ini

e872c54c58eef055bc791d3eead093c3

Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators

0x040b.ini

48dd00b7d72fb37f937db5714bf8a725

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x040c.ini

35989450c8121207917f04d1ebe4ca2a

Unicode text, UTF-16, little-endian text, with very long lines (317), with CRLF line terminators

0x040e.ini

a143f6d5ac3832b025c9d04855a790fd

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0410.ini

f89fc24fce7b72a6c9a6e1f9e7b22d8a

Unicode text, UTF-16, little-endian text, with very long lines (304), with CRLF line terminators

0x0411.ini

6ebbb5d67423d8d85f1688b561bf5304

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0412.ini

73e70a6b9354e80237c8e2b3170830a0

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0413.ini

dc1c05a9fce06cf659c20aed317dd417

Unicode text, UTF-16, little-endian text, with very long lines (324), with CRLF line terminators

0x0414.ini

e526541768a0b9a3618a2894a8e2447e

Unicode text, UTF-16, little-endian text, with very long lines (327), with CRLF line terminators

0x0415.ini

3a87540523d5a3a31bdf99d89e3b7eec

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0416.ini

76740d1a6e424e9803e3808205b32003

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0418.ini

21b6308422fac36fadd143bc7166d082

Unicode text, UTF-16, little-endian text, with very long lines (339), with CRLF line terminators

0x0419.ini

d12957cbc8d709ddacb854ccb7e09bea

Unicode text, UTF-16, little-endian text, with very long lines (365), with CRLF line terminators

0x041a.ini

fb6a3f20ce97f400dbf455f7a1c204f0

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x041b.ini

0bee9dd7762e406f7a2396788a00d2c9

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x041d.ini

93369d4b2cce8b9de7c55e8e5fcedc30

Unicode text, UTF-16, little-endian text, with very long lines (343), with CRLF line terminators

0x041e.ini

8ffded15081f4deb72f57fa5d2311930

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x041f.ini

a27cbe2097f5b565ef28aa45ede705d8

Unicode text, UTF-16, little-endian text, with very long lines (306), with CRLF line terminators

0x0421.ini

71d320ad6f04473c8e9e6bb8d524d882

Unicode text, UTF-16, little-endian text, with very long lines (374), with CRLF line terminators

0x0424.ini

7231ba1301dba9e30ea0872f7cf0bbb0

Unicode text, UTF-16, little-endian text, with very long lines (342), with CRLF line terminators

0x042d.ini

7899609e5715a75703315c90b5587a47

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0804.ini

3d94ea458231bb249e464a3246e47d39

Unicode text, UTF-16, little-endian text, with CRLF line terminators

0x0816.ini

778d180bc04720f5bbff25e3d750bbda

Unicode text, UTF-16, little-endian text, with very long lines (323), with CRLF line terminators

0x0c0c.ini

62888396ed6fa3cacd828b6819a2cedf

Unicode text, UTF-16, little-endian text, with very long lines (323), with CRLF line terminators

0x0c1a.ini

86c914540b0c3fed955c8720679d981a

Unicode text, UTF-16, little-endian text, with very long lines (329), with CRLF line terminators

Rmb.exe

627fb4ef9f81dad033c72efa06d61c32

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

SetEHCIKey.exe

ca06624b1f8cd864a4820eebf5747fe3

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

config.ini

f24e0a763bf6003d21221ed75e525ba2

Generic INItialization configuration [IconMan Config]

RsCRIcon.dll

44a87221c56f8bb34bd9fb537907a071

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

RtsPer.inf

dc5f72a689e1c82de1d86586630e4fa4

Windows setup INFormation

RtsPer.sys

2f766bbb277d3bf0c02524d3ca59d54b

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

rtsper32.cat

837f99f2990169110c642cd3489794d1

DER Encoded PKCS#7 Signed Data

RsCRIcon.dll

da8957417bb783deafed0b9bfba945ec

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 2 sections

RtsPer.inf

502c322bbaf1a73e132d3ff9f958acc5

Windows setup INFormation

RtsPer.sys

887c5c8666143b5e38e2300bada645fc

PE32+ executable (native) x86-64, for MS Windows, 8 sections

rtsper64.cat

392659d1036844c459e49300d591fa0f

DER Encoded PKCS#7 Signed Data

ISSetup.dll

a17a7931b3524d05253c5aa3d06fd364

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed, 3 sections

SilentInstall.bat

15c354419c025e6939416607625e1725

ASCII text, with no line terminators

Display.ico

aa1430c6b82255759552373c3870e9ed

MS Windows icon resource - 4 icons, 256x256, 32 bits/pixel, 48x48, 32 bits/pixel

revcon32.exe

739bcb5c54c6f37276112b3caf925c7e

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

revcon64.exe

cce7e29bc33d97706aa69f4ccd0ce8d2

PE32+ executable (console) x86-64, for MS Windows, 5 sections

data1.cab

d523e4f1c9b5bf10f4a0512056bfbe2f

InstallShield CAB, version 0x4000834

data1.hdr

316d38fe221367d93cdc11723a70032d

InstallShield setup header, version 0x4000834, descriptor size 0x779f

data2.cab

a42edc33223507bf587a2e8e254da7f8

InstallShield CAB, version 0x4000834

layout.bin

27dda3c8dbee88988ae81a76fd8e0bba

data

pkgconf.ini

877244c7235c04c760d4c03e779e372d

Generic INItialization configuration [RTSUSTOR_DEVLIST]

readme.txt

4b170bfded79b68a0482eb943aace938

ASCII text, with CRLF, CR line terminators

setup.exe

63aa12a363da1be4af5782f267ddf787

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

setup.ini

fdf9e4c1dca16104790348f3fd6ed3d5

Unicode text, UTF-16, little-endian text, with CRLF line terminators

setup.inx

812652f8f30ef2086c2da72eb4bc0054

data

setup.iss

b4b107d49d836b42e2c6a7d0753f9bf2

Generic INItialization configuration [File Transfer]

u2setup.iss

fcfd9d2afea35248a8128cc1b1b6d934

Generic INItialization configuration [File Transfer]

u3setup.iss

7010795fb4f487ae9c4ac7c7169ecdf2

Generic INItialization configuration [File Transfer]

usetup.iss

3824ae51ab3f4954ec60d6a8ce286b40

Generic INItialization configuration [File Transfer]

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity

JavaScript (0)

HTTP Transactions (8)

	URL	IP	Response	Size
	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 116d4d1edb43ea3783c92812f245f108 02c09fc6450c50f5d2f7f6162fed01cf2c4bf6b8 f661a4c5b81edb82ec095d2d50b655e19536630577352b6abbfc3962adf3454c HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "F661A4C5B81EDB82EC095D2D50B655E19536630577352B6ABBFC3962ADF3454C" Last-Modified: Sun, 23 Jun 2024 01:53:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4536 Expires: Mon, 24 Jun 2024 10:17:33 GMT Date: Mon, 24 Jun 2024 09:01:57 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 31c219b3ac9b4615f1a78cd882995e6c 1bb1aedb59500ceabd4f44ae9b7317c544084afd 6e8de7454df9b981f3c2bd8746558f3eb5c48599c66fc0f5301169c0ed42c8fe HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "6E8DE7454DF9B981F3C2BD8746558F3EB5C48599C66FC0F5301169C0ED42C8FE" Last-Modified: Sat, 22 Jun 2024 11:47:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2843 Expires: Mon, 24 Jun 2024 09:49:21 GMT Date: Mon, 24 Jun 2024 09:01:58 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash f0269d61bdfd971c035a90020cb9f629 06631fd5df5a9bd3b9673361601cc37a34e64f69 47b785dc0588f89f6a0bd23143e340c2fa04f194c59853f63e8b937964655373 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "47B785DC0588F89F6A0BD23143E340C2FA04F194C59853F63E8B937964655373" Last-Modified: Sat, 22 Jun 2024 04:21:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4762 Expires: Mon, 24 Jun 2024 10:21:20 GMT Date: Mon, 24 Jun 2024 09:01:58 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash fe36e270c1ecfa3891cc7b505e7894b6 ce43401e7146eb139a1e3caf7db957e6b9531dc3 bd791e8f44b990a0091febc3cc3b24799eb26b87fe5aa381ad98ae4662f7f802 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "BD791E8F44B990A0091FEBC3CC3B24799EB26B87FE5AA381AD98AE4662F7F802" Last-Modified: Sun, 23 Jun 2024 05:32:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=13849 Expires: Mon, 24 Jun 2024 12:52:49 GMT Date: Mon, 24 Jun 2024 09:02:00 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash fe36e270c1ecfa3891cc7b505e7894b6 ce43401e7146eb139a1e3caf7db957e6b9531dc3 bd791e8f44b990a0091febc3cc3b24799eb26b87fe5aa381ad98ae4662f7f802 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "BD791E8F44B990A0091FEBC3CC3B24799EB26B87FE5AA381AD98AE4662F7F802" Last-Modified: Sun, 23 Jun 2024 05:32:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=13849 Expires: Mon, 24 Jun 2024 12:52:49 GMT Date: Mon, 24 Jun 2024 09:02:00 GMT Connection: keep-alive`

	status.geotrust.com/	192.229.221.95		471 B
URL status.geotrust.com/ IP 192.229.221.95:0 ASN #15133 EDGECAST File type data Size 471 B (471 bytes) Hash a637df4cbc2ec7d60b8eb1bfc0591157 9e9a9a71895347fd6f74d61298392f2dec74f92b 06fcded275bc29c324be6e163c3088e1f0a5ef66e9deb272e86c680bb85bc311 HTTP Headers `POST / HTTP/1.1 Host: status.geotrust.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Accept-Ranges: bytes Age: 62 Cache-Control: max-age=7200 Content-Type: application/ocsp-response Date: Mon, 24 Jun 2024 09:02:00 GMT Last-Modified: Mon, 24 Jun 2024 09:00:58 GMT Server: ECAcc (amb/6B0A) X-Cache: HIT Content-Length: 471`

	archive.hasee.com/	111.7.66.132		101 B
URL archive.hasee.com/ IP 111.7.66.132:0 ASN #9808 China Mobile Communications Group Co., Ltd. File type HTML document, ASCII text, with CRLF line terminators Size 101 B (101 bytes) Hash e70fc23f3a82a14a104800a4a225db2a a2f3bf98a0514369357eb56c9ada693d2b9f7c92 17f6b746358445601f9daaf89912d9db745defcbdd7f7c16e1c9e13688550b72 HTTP Headers `GET / HTTP/1.1 Host: archive.hasee.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Server: Byte-nginx Content-Type: text/html Content-Length: 101 Connection: keep-alive Accept-Ranges: bytes Age: 1526374 Etag: "8aafa6ddf179d01:0" Last-Modified: Sat, 18 Apr 2015 16:08:10 GMT Via: cache84.jnmp,cache04.hnlycm01 X-Bdcdn-Cache-Status: TCP_MISS,TCP_HIT X-Powered-By: ASP.NET X-Request-Id: 26fd71616dfb61939252494ca3c303c2 X-Request-Ip: 91.90.42.154 X-Response-Cache: parent_hit X-Response-Cinfo: 91.90.42.154 X-Safe-Firewall: zhuji.360.cn 1.0.9.47 F1W1 X-Tt-Trace-Tag: id=5 Date: Mon, 24 Jun 2024 09:02:01 GMT

	archive.hasee.com/drivefile/notebook/%E8%93%9D%E5%A4%A9/NHxxDBDE_1.07.08/05_Cardreader.zip	111.7.66.132	200 OK	15 MB
URL User Request GET HTTP/1.1 archive.hasee.com/drivefile/notebook/%E8%93%9D%E5%A4%A9/NHxxDBDE_1.07.08/05_Cardreader.zip IP 111.7.66.132:80 ASN #9808 China Mobile Communications Group Co., Ltd. File type Zip archive data, at least v2.0 to extract, compression method=store Size 15 MB (15108227 bytes) Hash 08de9aebf1669d38281a631d5c831467 16324a03eb50da1bba460caed95302511b580fb5 fa4a8ae3392a3cb83c6576d871bc7634907cb11716e7d78646f7b1aefa11e93c HTTP Headers `GET /drivefile/notebook/%E8%93%9D%E5%A4%A9/NHxxDBDE_1.07.08/05_Cardreader.zip HTTP/1.1 Host: archive.hasee.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Server: Byte-nginx Content-Type: application/x-zip-compressed Content-Length: 15108227 Connection: keep-alive Accept-Ranges: bytes Age: 199445 Etag: "80a0c2a5add61:0" Last-Modified: Thu, 29 Oct 2020 03:44:09 GMT Via: cache89.tzmp,cache06.hnlycm01 X-Bdcdn-Cache-Status: TCP_MISS,TCP_HIT X-Powered-By: ASP.NET X-Request-Id: 23ba9cfa5d6e9a321f6e9ffe50e66dd3 X-Request-Ip: 91.90.42.154 X-Response-Cache: parent_hit X-Response-Cinfo: 91.90.42.154 X-Tt-Trace-Tag: id=5 Date: Mon, 24 Jun 2024 09:02:02 GMT

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (62)

Detections

JavaScript (0)

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers