Report - cdn.gamesnostalgia.com/files/n/i/nil305431134s35873246913/ugh_dos

Report Overview

Submitted URL
cdn.gamesnostalgia.com/files/n/i/nil305431134s35873246913/ugh_dos_win.7z
IP
162.0.227.228
ASN
#22612 NAMECHEAP-NET
Submitted
2024-05-01 21:13:14
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.gamesnostalgia.com	unknown	2008-02-27	2017-02-08	2023-09-29	526 B	1.4 MB	162.0.227.228

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.gamesnostalgia.com/files/n/i/nil305431134s35873246913/ugh_dos_win.7z
IP
162.0.227.228
ASN
#22612 NAMECHEAP-NET

File type
7-zip archive data, version 0.4
Size
1.4 MB (1444579 bytes)
Hash
f769eb23be123fcca69fd6ef6b6f4e65
81496091ca181d4efa6163f238f6cf289f2f4974
21d2c8f3786047bc151b1707e476c0478c78803ea039349693c608eeeac3712b

Archive (20)

Filename

Md5

File type

dosbox.conf

cd15459d65ca1cf6fec1e2db3de19130

ASCII text

dosbox_single.conf

bab8d270dc45665a21f9ec91ce1ed900

ASCII text

README.txt

56bd6427cca21be6dde9c53751271ef2

ASCII text, with CRLF line terminators

Ugh.bat

fefc675dd9c801cc2e32f521fe609744

ASCII text, with no line terminators

Ugh.lnk

be05bd7199f5473f70f5b4b48304ef23

MS Windows shortcut, Item id list present, Points to a file or directory, Has command line arguments, Icon number=5, Archive, ctime=Sun Nov 21 03:23:55 2010, mtime=Sun Nov 21 03:23:55 2010, atime=Sun Nov 21 03:23:55 2010, length=345088, window=hide

donations.url

27e7b006a99f7000a2bcd5d79ad295ae

MS Windows 95 Internet shortcut text (URL=<https://gamesnostalgia.com/donate>), ASCII text, with CRLF line terminators

gamesnostalgia.url

55b2a219b9ecb70a50e90eee1ec4d51f

MS Windows 95 Internet shortcut text (URL=<https://gamesnostalgia.com/>), ASCII text, with CRLF line terminators

patreon.url

bce5b7754a3eeb1edac2feac5edac7c9

MS Windows 95 Internet shortcut text (URL=<https://www.patreon.com/gamesnostalgia>), ASCII text, with CRLF line terminators

ugh!.hi

0ad4fb0b392097339ead88c9f493fe51

ISO-8859 text, with no line terminators

ugh!.pif

9c08de4d80c67e85802e85f6c19d48c6

Windows Program Information File for A:\UGH\UGH.EXE, directory=A:\UGH, icon=C:\WINDOWS\SYSTEM\PIFMGR.DLL

ugh.doc

534febfa3810aa41d155e952daa55aab

ISO-8859 text, with CRLF line terminators

ugh.exe

336f22a6f25da89aab70fb184c224c95

MS-DOS executable, MZ for MS-DOS Self-extracting PKZIP archive

ugh.jpg

6c5e93c7a81561fc6d438723ece5c2ba

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x200, components 3

ugh1.exe

07fc3c18a0a37a3d71d6bc051e5e22ec

MS-DOS executable, MZ for MS-DOS

ughdxflt.txt

ce69d63449fddf6bc1f0f3e2e5c8081d

ISO-8859 text, with CRLF line terminators

ughtrnr.com

beac223e01702e728c17c7fed2a1d655

DOS executable (COM), start instruction 0xe93627df 104253ad

ughtrnr.doc

8500e6b52209d71e66f8e5f73b0f09b1

ISO-8859 text, with CRLF line terminators

DOSBox.exe

90c338efc128025736084c05ae664a60

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections

SDL.dll

52726f9e11c4f2af64033ee17dae1fce

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections

SDL_net.dll

7db830b9fb29781f86cec2a1bbfe050c

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects a suspicious LNK file
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies execution artefacts in shortcut (LNK) files.
YARAhub by abuse.ch	malware	meth_stackstrings
VirusTotal	suspicious	VirusTotal - Scan result 1/57

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

cdn.gamesnostalgia.com/files/n/i/nil305431134s35873246913/ugh_dos_win.7z

162.0.227.228

200 OK

1.4 MB

URL User Request GET HTTP/1.1
cdn.gamesnostalgia.com/files/n/i/nil305431134s35873246913/ugh_dos_win.7z
IP
162.0.227.228:443
ASN
#22612 NAMECHEAP-NET

Certificate
IssuerSectigo Limited
Subjectcdn.gamesnostalgia.com
FingerprintB3:FD:CF:4C:D7:BC:A7:8B:04:3E:2E:D8:C1:38:38:08:70:86:E7:C9
ValidityFri, 21 Jul 2023 00:00:00 GMT - Tue, 20 Aug 2024 23:59:59 GMT

File type
7-zip archive data, version 0.4
Size
1.4 MB (1444579 bytes)
Hash
f769eb23be123fcca69fd6ef6b6f4e65
81496091ca181d4efa6163f238f6cf289f2f4974
21d2c8f3786047bc151b1707e476c0478c78803ea039349693c608eeeac3712b

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/57

HTTP Headers

GET /files/n/i/nil305431134s35873246913/ugh_dos_win.7z HTTP/1.1
Host: cdn.gamesnostalgia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 May 2024 21:12:48 GMT
Content-Type: application/x-7z-compressed
Content-Length: 1444579
Connection: keep-alive
Last-Modified: Tue, 22 Oct 2019 15:14:41 GMT
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (20)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers