Report - bot-adviser.ru/FTM/Terminal10.zip

Report Overview

Submitted URL
bot-adviser.ru/FTM/Terminal10.zip
IP
89.223.120.165
ASN
#9123 TimeWeb Ltd.
Submitted
2024-05-07 04:19:22
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
bot-adviser.ru	unknown	2019-11-09	2020-09-20	2023-09-16	487 B	2.4 MB	89.223.120.165

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
bot-adviser.ru/FTM/Terminal10.zip
IP
89.223.120.165
ASN
#9123 TimeWeb Ltd.

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.4 MB (2425482 bytes)
Hash
ce9ccbdd68d03f2bd453a05684a01227
83dad44664ed7b75872d29a15512c0964f5d2e9f
cd077a8ad18b2982a29a9452cba6a3471ba747c2d8ad6459a896f1f3a6dfa3f0

Archive (41)

Filename

Md5

File type

Binance.Net.dll

24d13c2d4568bec914bc3fae46e38086

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Bybit.Net.dll

c8a98ec9733048a7343dedc30fe45ec6

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

CryptoExchange.Net.dll

36c25e0c284b0d994c4a087b2672cea1

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

FTM-Autotrader.deps.json

79555c1337869708682d8e409c0fec56

JSON text data

FTM-Autotrader.dll

2b1c12fac46201f9bd99f37925353183

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

FTM-Autotrader.dll.config

15ecd625ae5e45ca35736cc8fae5dde7

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

FTM-Autotrader.exe

424a406e0322fb47e5597272cb7f91f3

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

FTM-Autotrader.pdb

49aa096cb90610feb5b04afcb5e7e23c

Microsoft Roslyn C# debugging symbols version 1.0

FTM-Autotrader.runtimeconfig.json

d94cf983fba9ab1bb8a6cb3ad4a48f50

JSON text data

Microsoft.Extensions.Configuration.Abstractions.dll

ade448289647674a7bed570bf1718537

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Extensions.Configuration.Binder.dll

d9891477a7c4c12ca23651c58c47084a

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Extensions.Configuration.dll

cbafea13ccdce545f92d5e8f576999b4

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Extensions.DependencyInjection.Abstractions.dll

35b8738f0e50c643422bc845ef9c58fd

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Extensions.DependencyInjection.dll

8180e611a70398839dd40170d304f904

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Extensions.Http.dll

c27cf44e54e427995aa61458d761f2e7

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Extensions.Logging.Abstractions.dll

b1d453a70750c277448fe498bb3f585a

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Extensions.Logging.dll

a56c259d39584a56a6712678fe8319b2

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Extensions.Options.dll

5cdf2d72e863525ea10f8d9324a93ddf

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Extensions.Primitives.dll

ac6a0c9b39dd6e6bef17899ab40f6293

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Newtonsoft.Json.dll

86a83a63f12b55fd3718cfbfb577d7dc

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

ScottPlot.dll

fc8582d06dcaae2d52953ea73f5d4bd7

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

ScottPlot.WinForms.dll

7492d0989cd27857ca39866c7d9fb484

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

AutoLogin.lua

b65d4f01863a633d138f300e7dd41593

ISO-8859 text, with CRLF line terminators

AutoStart.lua

6d34451e415e6cb2f87e36f6326edb4a

ISO-8859 text, with CRLF line terminators

core.dll

d94cee9fcfb7d070077dedde77aff622

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

core.dll

bd1de30c0adf7e80b599f8a8d11bac90

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

core.dll

dbf487f8fce2461bd02e5c2c805e6110

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

core.dll

68b2847f8ab918495982c18a0cf1f3c8

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

core.dll

d1ac4f0b0bfb820e911c3506c3bbc831

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

core.dll

65a5ed2631b3fcf7ea9ff76ef83ef5be

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

core.dll

7a4308d4667ad37a20daea6faa7ae82a

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 5 sections

config.json

071324af78009975e6d918ab29292aa1

JSON text data

dkjson.lua

93479b9d030981e6cf80b13d9c8a3f8f

JavaScript source, ASCII text, with CRLF line terminators

qscallbacks.lua

7cceaf127484df544ec9741ce97ed56a

ASCII text, with CRLF line terminators

qsfunctions.lua

5f58858a148104ca6ce4aa90e65e8109

Unicode text, UTF-8 text, with CRLF line terminators

qsutils.lua

40c488149c1fff05b70b6cfbbfac51e3

ASCII text, with CRLF line terminators

QuikSharp.lua

44fdc2beb864c28b87aa158603542f25

JavaScript source, ASCII text, with CRLF line terminators

Quik_2.lua

31e7668ddb1fca73ac3ff80270050e51

JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators

socket.lua

a80cf9cc842c5969b5b9485e6ece39ff

ASCII text, with CRLF line terminators

USAGE.RU.md

adb125c519fa94e5a572fd02040c7373

Unicode text, UTF-8 text, with very long lines (683), with CRLF line terminators

w32.dll

3e2d520146e9fa094d7ab413c414aeb6

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	bot-adviser.ru/FTM/Terminal10.zip	89.223.120.165	200 OK	2.4 MB
URL User Request GET HTTP/1.1 bot-adviser.ru/FTM/Terminal10.zip IP 89.223.120.165:443 ASN #9123 TimeWeb Ltd. Certificate IssuerLet's Encrypt Subjectbot-adviser.ru Fingerprint2A:96:03:8B:B3:29:98:79:04:50:68:06:80:9D:6F:04:3F:B4:46:F9 ValidityFri, 15 Mar 2024 12:21:27 GMT - Thu, 13 Jun 2024 12:21:26 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 2.4 MB (2425482 bytes) Hash ce9ccbdd68d03f2bd453a05684a01227 83dad44664ed7b75872d29a15512c0964f5d2e9f cd077a8ad18b2982a29a9452cba6a3471ba747c2d8ad6459a896f1f3a6dfa3f0 HTTP Headers `GET /FTM/Terminal10.zip HTTP/1.1 Host: bot-adviser.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 07 May 2024 04:18:55 GMT Content-Type: application/zip Content-Length: 2425482 Last-Modified: Wed, 14 Feb 2024 15:30:53 GMT Connection: keep-alive ETag: "65ccdcad-25028a" Accept-Ranges: bytes`

bot-adviser.ru/FTM/Terminal10.zip

89.223.120.165

200 OK

2.4 MB

URL User Request GET HTTP/1.1
bot-adviser.ru/FTM/Terminal10.zip
IP
89.223.120.165:443
ASN
#9123 TimeWeb Ltd.

Certificate
IssuerLet's Encrypt
Subjectbot-adviser.ru
Fingerprint2A:96:03:8B:B3:29:98:79:04:50:68:06:80:9D:6F:04:3F:B4:46:F9
ValidityFri, 15 Mar 2024 12:21:27 GMT - Thu, 13 Jun 2024 12:21:26 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.4 MB (2425482 bytes)
Hash
ce9ccbdd68d03f2bd453a05684a01227
83dad44664ed7b75872d29a15512c0964f5d2e9f
cd077a8ad18b2982a29a9452cba6a3471ba747c2d8ad6459a896f1f3a6dfa3f0

HTTP Headers

GET /FTM/Terminal10.zip HTTP/1.1
Host: bot-adviser.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 07 May 2024 04:18:55 GMT
Content-Type: application/zip
Content-Length: 2425482
Last-Modified: Wed, 14 Feb 2024 15:30:53 GMT
Connection: keep-alive
ETag: "65ccdcad-25028a"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (41)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers