Report - roach.horizonmw.org/hmw/launcher/HMW

Report Overview

Visited public
2024-12-26 06:21:44
Tags
URL
roach.horizonmw.org/hmw/launcher/HMW_Launcher.zip
Finishing URL
about:privatebrowsing
IP / ASN
199.195.253.66
#53667 PONYNET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
roach.horizonmw.org	unknown	2024-08-19	2024-12-26	2024-12-26	503 B	11 MB	199.195.253.66

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
roach.horizonmw.org/hmw/launcher/HMW_Launcher.zip
IP
199.195.253.66
ASN
#53667 PONYNET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
11 MB (10555163 bytes)
Hash
875b34b38a0e82d0e6b1ce0185dbbf35
54239b560e0c455e4634245c382f2e310d047f5e
43df42b7d40dd57e254708819cf6538b61402e0ff8bfbc1a0c6e6e82e9aa6e8c

Archive (14)

Filename

Md5

File type

BouncyCastle.Cryptography.dll

0134f4df44a7e38e1c6ea7dfa1c9ad19

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

DotNetEnv.dll

eee1e2e3ed5d4d1b08cf1b849947154d

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

HMW Launcher.dll

92958213efa0114b41a8483c6ebfaa48

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows, 2 sections

HMW Launcher.exe

847b34bcce0484f4cc87f9962d5a85ed

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

HMW Launcher.runtimeconfig.json

07b9a30265ca4e69c7016a1b6e3ffc27

JSON text data

HMW-Launcher-Updater.dll

eedf017fdd2f04fd444666d4bf629104

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

HMW-Launcher-Updater.exe

5f6a0bd367b1a60758d05f1ef2d0b6d1

PE32+ executable (console) x86-64, for MS Windows, 7 sections

HMW-Launcher-Updater.runtimeconfig.json

253333997e82f7d44ea8072dfae6db39

JSON text data

Microsoft.Web.WebView2.Core.dll

e14b7d0a32dd929b2ce5828814b51fb5

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Web.WebView2.Wpf.dll

11a091d631d997a6de4c8ab7967e17db

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Newtonsoft.Json.dll

adf3e3eecde20b7c9661e9c47106a14a

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Ookii.Dialogs.Wpf.dll

8b9618ca8a33bc141daf1cafa9e4101b

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Shared.dll

a84266b785693876c591bfec055be2f2

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

WebView2Loader.dll

c275bfd077c82b1fcbf6a5c3b81f81ff

PE32+ executable (DLL) (console) x86-64, for MS Windows, 10 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	roach.horizonmw.org/hmw/launcher/HMW_Launcher.zip	199.195.253.66	200 OK	11 MB
URL User Request GET HTTP/2 roach.horizonmw.org/hmw/launcher/HMW_Launcher.zip IP 199.195.253.66:443 ASN #53667 PONYNET Certificate IssuerLet's Encrypt Subjectroach.horizonmw.org Fingerprint51:C9:43:A5:30:B8:5E:0C:1C:5E:F1:9A:6C:67:72:49:F1:57:C1:87 ValiditySat, 21 Dec 2024 10:10:31 GMT - Fri, 21 Mar 2025 10:10:30 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 11 MB (10555163 bytes) Hash 875b34b38a0e82d0e6b1ce0185dbbf35 54239b560e0c455e4634245c382f2e310d047f5e 43df42b7d40dd57e254708819cf6538b61402e0ff8bfbc1a0c6e6e82e9aa6e8c HTTP Headers `GET /hmw/launcher/HMW_Launcher.zip HTTP/1.1 Host: roach.horizonmw.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK accept-ranges: bytes alt-svc: h3=":443"; ma=2592000 content-type: application/zip date: Thu, 26 Dec 2024 06:21:14 GMT etag: "875b34b38a0e82d0e6b1ce0185dbbf35" last-modified: Sat, 21 Dec 2024 11:59:56 GMT server: Caddy, MinIO strict-transport-security: max-age=31536000; includeSubDomains vary: Origin, Accept-Encoding x-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 x-amz-request-id: 1814A5D129243FAD x-content-type-options: nosniff x-ratelimit-limit: 151 x-ratelimit-remaining: 151 x-xss-protection: 1; mode=block content-length: 10555163 X-Firefox-Spdy: h2

roach.horizonmw.org/hmw/launcher/HMW_Launcher.zip

199.195.253.66

200 OK

11 MB

URL User Request GET HTTP/2
roach.horizonmw.org/hmw/launcher/HMW_Launcher.zip
IP
199.195.253.66:443
ASN
#53667 PONYNET

Certificate
IssuerLet's Encrypt
Subjectroach.horizonmw.org
Fingerprint51:C9:43:A5:30:B8:5E:0C:1C:5E:F1:9A:6C:67:72:49:F1:57:C1:87
ValiditySat, 21 Dec 2024 10:10:31 GMT - Fri, 21 Mar 2025 10:10:30 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
11 MB (10555163 bytes)
Hash
875b34b38a0e82d0e6b1ce0185dbbf35
54239b560e0c455e4634245c382f2e310d047f5e
43df42b7d40dd57e254708819cf6538b61402e0ff8bfbc1a0c6e6e82e9aa6e8c

HTTP Headers

GET /hmw/launcher/HMW_Launcher.zip HTTP/1.1
Host: roach.horizonmw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
content-type: application/zip
date: Thu, 26 Dec 2024 06:21:14 GMT
etag: "875b34b38a0e82d0e6b1ce0185dbbf35"
last-modified: Sat, 21 Dec 2024 11:59:56 GMT
server: Caddy, MinIO
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
x-amz-request-id: 1814A5D129243FAD
x-content-type-options: nosniff
x-ratelimit-limit: 151
x-ratelimit-remaining: 151
x-xss-protection: 1; mode=block
content-length: 10555163
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (14)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers