Report - s3.amazonaws.com/curationsoft/CurationSoftWIN.zip

Report Overview

Submitted URL
s3.amazonaws.com/curationsoft/CurationSoftWIN.zip
IP
54.231.162.40
ASN
#16509 AMAZON-02
Submitted
2024-05-07 10:52:38
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
s3.amazonaws.com	unknown	2005-08-18	2020-05-13	2024-03-23	503 B	20 MB	16.182.75.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
s3.amazonaws.com/curationsoft/CurationSoftWIN.zip
IP
16.182.75.0
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
20 MB (19728498 bytes)
Hash
5946d9b5a8c555a37b5db4294c139676
3ed97afcfdfb0e0e7878133a8791504180692e75
4adcee8b09bc4aee62767df76e1253c282eff7e46e88f2b1df57f2c6d9501346

Archive (25)

Filename

Md5

File type

Installer.exe

0c4c61cc4da1a1b3ed8ce78912a7dc7c

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

.airinstall.cfg

2b96f48d477261094ab9363e2e46407b

ASCII text, with no line terminators

setup.swf

2670be90a1aaa06455603dfeb5ef2ef6

Macromedia Flash data (compressed), version 10

stylesNative.swf

0f50416df380ac5ef85c4d4c38e63963

Macromedia Flash data (compressed), version 10

sentinel

a5c11ca014fe30b8085ea2e95f7196c4

ASCII text, with CRLF line terminators

Adobe AIR Application Installer.exe

2da20164a6912ca8a11bb3089d0f3453

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Adobe AIR Application Installer.swf

7e3c4ce487983d36f4f13a163ed0fd64

Macromedia Flash data (compressed), version 10

Adobe AIR.dll

5471e959efae0f097e07245edf47b022

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

Adobe AIR Updater.exe

397ef02798d24bf192997b5f7d8ed8ca

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Adobe AIR.vch

6006d7472315e668934c4657aa416dd0

DER Encoded PKCS#7 Signed Data

Adobe Root Certificate.cer

bf70913ff8d6d60a47fe825330815db4

Certificate, Version=3

AdobeCP.dll

2053bd312446b2bbdca5e9e70233f440

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

adobecp.vch

97a8a35197d2a3d2919381b114b949c7

DER Encoded PKCS#7 Signed Data

AdobeCP15.dll

55b5ea22e3852cf07a1d915efe8c28dc

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

airappinstaller.exe

e6e5a0ab3b1a27127c5c4a29b237d823

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

digest.s

4b37471b818ba7ac895dd6c267bb299d

DER Encoded PKCS#7 Signed Data

NPSWF32.dll

a750dcd3d12d4f8c877c08f2607283bf

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

setup.swf

2670be90a1aaa06455603dfeb5ef2ef6

Macromedia Flash data (compressed), version 10

stylesNative.swf

0f50416df380ac5ef85c4d4c38e63963

Macromedia Flash data (compressed), version 10

template.exe

86fbdb3c4793f2b2e85bccc000fafbb7

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

template.msi

da62987351f44da1cda6ef4c6ea16dac

Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: REPLACE, Author: REPLACE, Keywords: Installer, Comments: This installer database contains the logic and data required to install REPLACE., Template: Intel;1033, Revision Number: {00000000-0000-0000-0000-000000000000}, Number of Pages: 200, Number of Words: 0, Security: 4, Create Time/Date: Fri Aug 5 10:30:36 2011, Last Saved Time/Date: Fri Aug 5 10:30:36 2011, Name of Creating Application: Windows Installer XML v2.0.3719.0 (candle/light)

Thawte Root Certificate.cer

7f667a71d3eb6978209a51149d83da20

Certificate, Version=3 Certificate, Version=00

WebKit.dll

9ece32f4b34d55824c9c44b8c222fa72

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

setup.msi

64ce44aa98dabf4bbaff5fda1c60ae89

Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Adobe AIR Installer, Author: Adobe Systems Incorporated, Keywords: Installer, Comments: This installer database contains the logic and data required to install Adobe AIR., Template: ;1033, Number of Pages: 200, Number of Words: 0, Security: 2, Revision Number: {4D1AF709-090E-4C2B-AF74-B38B92647E5D}, Create Time/Date: Fri Aug 5 10:46:10 2011, Last Saved Time/Date: Fri Aug 5 10:46:10 2011, Name of Creating Application: Windows Installer XML v2.0.3719.0 (candle/light)

CurationSoft.air

bb2af68f4c956052e69366b85781d6e5

Zip data (MIME type "application/vnd.adobe.air-application-installer-package+zip"?)

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_stackstrings

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	s3.amazonaws.com/curationsoft/CurationSoftWIN.zip	16.182.75.0	200 OK	20 MB
URL User Request GET HTTP/1.1 s3.amazonaws.com/curationsoft/CurationSoftWIN.zip IP 16.182.75.0:443 ASN #16509 AMAZON-02 Certificate IssuerAmazon Subjects3.amazonaws.com Fingerprint82:A2:80:27:89:C3:32:0E:1E:77:2D:6F:F3:3D:19:D3:97:36:BC:7C ValidityThu, 08 Feb 2024 00:00:00 GMT - Sat, 11 Jan 2025 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 20 MB (19728498 bytes) Hash 5946d9b5a8c555a37b5db4294c139676 3ed97afcfdfb0e0e7878133a8791504180692e75 4adcee8b09bc4aee62767df76e1253c282eff7e46e88f2b1df57f2c6d9501346 HTTP Headers `GET /curationsoft/CurationSoftWIN.zip HTTP/1.1 Host: s3.amazonaws.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK x-amz-id-2: jPkitmE1dh2qdolDdXgl8UB4yl1dm0tH2rij41P3RMU9j9tfJ2Lhcje3ZMH1nGltQYIMxt27bkI= x-amz-request-id: T36P1VVQ0NKY1XC2 Date: Tue, 07 May 2024 10:52:07 GMT Last-Modified: Wed, 21 Dec 2011 05:13:22 GMT ETag: "5946d9b5a8c555a37b5db4294c139676" Accept-Ranges: bytes Content-Type: application/zip Server: AmazonS3 Content-Length: 19728498`

s3.amazonaws.com/curationsoft/CurationSoftWIN.zip

16.182.75.0

200 OK

20 MB

URL User Request GET HTTP/1.1
s3.amazonaws.com/curationsoft/CurationSoftWIN.zip
IP
16.182.75.0:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjects3.amazonaws.com
Fingerprint82:A2:80:27:89:C3:32:0E:1E:77:2D:6F:F3:3D:19:D3:97:36:BC:7C
ValidityThu, 08 Feb 2024 00:00:00 GMT - Sat, 11 Jan 2025 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
20 MB (19728498 bytes)
Hash
5946d9b5a8c555a37b5db4294c139676
3ed97afcfdfb0e0e7878133a8791504180692e75
4adcee8b09bc4aee62767df76e1253c282eff7e46e88f2b1df57f2c6d9501346

HTTP Headers

GET /curationsoft/CurationSoftWIN.zip HTTP/1.1
Host: s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: jPkitmE1dh2qdolDdXgl8UB4yl1dm0tH2rij41P3RMU9j9tfJ2Lhcje3ZMH1nGltQYIMxt27bkI=
x-amz-request-id: T36P1VVQ0NKY1XC2
Date: Tue, 07 May 2024 10:52:07 GMT
Last-Modified: Wed, 21 Dec 2011 05:13:22 GMT
ETag: "5946d9b5a8c555a37b5db4294c139676"
Accept-Ranges: bytes
Content-Type: application/zip
Server: AmazonS3
Content-Length: 19728498

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (25)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers