Report Overview
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
www.en-consult.ca | unknown | 2001-12-18 | 2012-05-22 | 2023-07-21 | 486 B | 10 MB | 69.27.116.189 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
No alerts detected
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
www.en-consult.ca/files/dsb1.zip
IP
69.27.116.189
ASN
#55017 VDC
File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
10 MB (10229076 bytes)
Hash
2a464b2d527c01459fe82a4e39bc3f0f
3adace5b44a94e9de32c99842d5d75d8cbd595dc
Archive (84)
Filename | Md5 | File type | |||
---|---|---|---|---|---|
0x0409.ini | 47b8151455bc54356bd8eab2d9656dff | Generic INItialization configuration [Languages] | |||
Double Solitaire.msi | 75a3930568bf26226d0ad69d9529e4e5 | Composite Document File V2 Document, Little Endian, Os: Windows, Version 4.10, MSI Installer, Last Saved By: InstallShield , Number of Characters: 0, Security: 1, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Double Solitaire, Author: Enterprise Network Consulting, Number of Pages: 200, Name of Creating Application: InstallShield Express 3.5, Last Saved Time/Date: Wed Aug 7 18:38:18 2002, Create Time/Date: Wed Aug 7 18:38:18 2002, Last Printed: Wed Aug 7 18:38:18 2002, Revision Number: {86E258B7-D8CC-4131-9056-16E9D19DA8DA}, Code page: 1252, Template: Intel;1033 | |||
instmsia.exe | 43f7305c2e5dd4a8f3c5abeb2ffe4833
| PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive, 3 sections | |||
instmsiw.exe | 61a5fb191ae2ae876db31dcce75e4183
| PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive, 3 sections | |||
Readme.txt | 8ba135838964137734185c9fc1ce0abf | ISO-8859 text, with very long lines (364), with CRLF line terminators | |||
setup.exe | 04179fd64bfa5a38b77d280f0f50a7ad
| PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections | |||
Setup.ini | dee6dad70434f6b37650755356ca5b85 | Generic INItialization configuration [Startup] | |||
agent.exe | ce7b9cb14919cad9d974cbf5579237f2 | PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections | |||
DRIP.WAV | 56152b0ba261ac8ffe2fe7942e42b1e6 | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz | |||
click.wav | f15353bc3f2280baaa068cb76df8bf7c | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz | |||
bloop.wav | 69739d2ae3e2d8d8bc3184214f629a61 | RIFF (little-endian) data, WAVE audio, Microsoft ADPCM, mono 11025 Hz | |||
POP.WAV | b10badf2907230c82c2f25f6d19f2fbd | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz | |||
cheers.wav | ed3047c961d84ed80cf39bed83d1bd24 | RIFF (little-endian) data, WAVE audio, Microsoft ADPCM, mono 11025 Hz | |||
CLAP.WAV | 00412dca28c6a7edc3225d62e27c4f09 | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz | |||
SHUFFLE.WAV | de4cab1ee766ea935ef8250539fc4786 | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz | |||
SPACGUN1.WAV | 2690e73606eaae334a6263cb37e37a28 | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz | |||
dblsol.cnt | ea9f4546232f628ad12456dbf9512df5 | MS Windows help file Content, based "DBLSOL.hlp", ASCII text, with CRLF line terminators | |||
debuglog.txt | d41d8cd98f00b204e9800998ecf8427e | ||||
License.txt | 7c4b79eaa8ccd29051a8a51b5259995d | ASCII text, with very long lines (739), with CRLF line terminators | |||
DblSol.exe | 5d67db1edda990393f6957803cd96bdd | PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections | |||
DBLSOL.HLP | 93d6e6984cb2bb2e395064f459751999 | MS Windows 3.0 help, Thu Aug 1 22:30:43 2002, 16484 bytes | |||
VB40032.DLL | 73978dd6dd93dfd1fdd83620ae604dd4 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections | |||
olepro32.dll | ce0155405ea902797e88b92a78443aeb | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
stdole2.tlb | 1b02577f0addea32eb02a50d4a4cdd1e | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections | |||
asycfilt.dll | c89e401800de62e5702e085d898eed20 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
oleaut32.dll | 7b156d230278b8c914ef3f4169fec1cc | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
comcat.dll | 3b180da2b50b954a55fe37afba58d428 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
comdlg32.ocx | b73809a916e6d7c1ae56f182a2e8f7e2 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
dbgrid32.ocx | ec2f4fce368dade257d89a1bde1de380 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections | |||
dblist32.ocx | fae53fad924a437af259649419c806e2 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
mfc42.dll | 71ad9ea933ace083add86bbe4f265d8b | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||
msvcrt.dll | 4300d1a092b91e7c8dfa6f1e5e7973b2 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||
Qcard32.dll | c0f3f2e5ac7a50af58174d28e2da140c
| PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections | |||
CSWSK32.OCX | 761286e83db7ef1b701f9775082d59ac | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||
TEGOSND.OCX | 97e50be0b56499b207cb69e9d7dd890f | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections | |||
TEGOWAV3.OCX | a4efc4d2b9d19bade94b995459290c5f
| PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections | |||
dwusplay.dll | b0f852916dbc62d96afff06fd4907b09 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||
dwusplay.exe | f9081bf9c165448b9e50869952bc80d9 | PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections | |||
isusweb.dll | 1e17bfc3edc0483ad44b495622e8a862
| PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||
agent.exe | ce7b9cb14919cad9d974cbf5579237f2 | PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections | |||
Double Solitaire beta.msi | 4881214b59fe0c4c268c67d5870c49aa | Composite Document File V2 Document, Little Endian, Os: Windows, Version 4.10, MSI Installer, Last Saved By: InstallShield , Number of Characters: 0, Security: 1, Number of Words: 0, Title: Installation Database, Comments: Contact: Rod Carty, Keywords: Installer,MSI,Database, Subject: Double Solitaire, Author: Enterprise Network Consulting, Number of Pages: 200, Name of Creating Application: InstallShield Express 3.5, Last Saved Time/Date: Wed Aug 7 19:16:15 2002, Create Time/Date: Wed Aug 7 19:16:15 2002, Last Printed: Wed Aug 7 19:16:15 2002, Revision Number: {8541E53F-8110-438A-B7E1-D14488B78D94}, Code page: 1252, Template: Intel;1033 | |||
DRIP.WAV | 56152b0ba261ac8ffe2fe7942e42b1e6 | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz | |||
click.wav | f15353bc3f2280baaa068cb76df8bf7c | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz | |||
bloop.wav | 69739d2ae3e2d8d8bc3184214f629a61 | RIFF (little-endian) data, WAVE audio, Microsoft ADPCM, mono 11025 Hz | |||
POP.WAV | b10badf2907230c82c2f25f6d19f2fbd | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz | |||
cheers.wav | ed3047c961d84ed80cf39bed83d1bd24 | RIFF (little-endian) data, WAVE audio, Microsoft ADPCM, mono 11025 Hz | |||
CLAP.WAV | 00412dca28c6a7edc3225d62e27c4f09 | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz | |||
SHUFFLE.WAV | de4cab1ee766ea935ef8250539fc4786 | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz | |||
SPACGUN1.WAV | 2690e73606eaae334a6263cb37e37a28 | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz | |||
dblsol.cnt | ea9f4546232f628ad12456dbf9512df5 | MS Windows help file Content, based "DBLSOL.hlp", ASCII text, with CRLF line terminators | |||
debuglog.txt | d41d8cd98f00b204e9800998ecf8427e | ||||
License.txt | 7c4b79eaa8ccd29051a8a51b5259995d | ASCII text, with very long lines (739), with CRLF line terminators | |||
DblSol.exe | a3a6d4bc5445df89192b6b214ad8f30b | PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections | |||
DBLSOL.HLP | 93d6e6984cb2bb2e395064f459751999 | MS Windows 3.0 help, Thu Aug 1 22:30:43 2002, 16484 bytes | |||
VB40032.DLL | 73978dd6dd93dfd1fdd83620ae604dd4 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections | |||
olepro32.dll | ce0155405ea902797e88b92a78443aeb | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
stdole2.tlb | 1b02577f0addea32eb02a50d4a4cdd1e | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections | |||
asycfilt.dll | c89e401800de62e5702e085d898eed20 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
oleaut32.dll | 7b156d230278b8c914ef3f4169fec1cc | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
comcat.dll | 3b180da2b50b954a55fe37afba58d428 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
comdlg32.ocx | b73809a916e6d7c1ae56f182a2e8f7e2 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
dbgrid32.ocx | ec2f4fce368dade257d89a1bde1de380 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections | |||
dblist32.ocx | fae53fad924a437af259649419c806e2 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
mfc42.dll | 71ad9ea933ace083add86bbe4f265d8b | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||
msvcrt.dll | 4300d1a092b91e7c8dfa6f1e5e7973b2 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||
Qcard32.dll | c0f3f2e5ac7a50af58174d28e2da140c
| PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections | |||
CSWSK32.OCX | 761286e83db7ef1b701f9775082d59ac | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||
TEGOSND.OCX | 97e50be0b56499b207cb69e9d7dd890f | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections | |||
TEGOWAV3.OCX | a4efc4d2b9d19bade94b995459290c5f
| PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections | |||
MsgHoo32.OCX | 4dc9752ba6418bbac12852bbcf0374cb | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections | |||
MSGHOOK.VBX | 18ce585c7af9f386fce868a15f2e1a54 | MS-DOS executable, NE for MS Windows 3.x (3.10) (DLL or font) | |||
olepro32.dll | ce0155405ea902797e88b92a78443aeb | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
stdole2.tlb | 1b02577f0addea32eb02a50d4a4cdd1e | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections | |||
asycfilt.dll | c89e401800de62e5702e085d898eed20 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
oleaut32.dll | 7b156d230278b8c914ef3f4169fec1cc | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
comcat.dll | 3b180da2b50b954a55fe37afba58d428 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
comdlg32.ocx | b73809a916e6d7c1ae56f182a2e8f7e2 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
dbgrid32.ocx | ec2f4fce368dade257d89a1bde1de380 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections | |||
dblist32.ocx | fae53fad924a437af259649419c806e2 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections | |||
mfc42.dll | 71ad9ea933ace083add86bbe4f265d8b | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||
msvcrt.dll | 4300d1a092b91e7c8dfa6f1e5e7973b2 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||
dwusplay.dll | b0f852916dbc62d96afff06fd4907b09 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||
dwusplay.exe | f9081bf9c165448b9e50869952bc80d9 | PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections | |||
isusweb.dll | 1e17bfc3edc0483ad44b495622e8a862
| PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections |
Detections
Analyzer | Verdict | Alert |
---|---|---|
YARAhub by abuse.ch | malware | detect_Redline_Stealer |
YARAhub by abuse.ch | malware | detect_Redline_Stealer |
JavaScript (0)
HTTP Transactions (1)
URL | IP | Response | Size | |
---|---|---|---|---|
www.en-consult.ca/files/dsb1.zip | 69.27.116.189 | 200 OK | 10 MB | |
HTTP Headers
| ||||