{"report_id":"921f1abf-2cae-4f8a-b47d-b9dacad32166","version":6,"status":"done","tags":[],"date":"2025-04-12T21:38:43Z","url":{"schema":"http","addr":"www-x-jfglzs-x-com.img.addlink.cn/software/jfgl.zip","fqdn":"www-x-jfglzs-x-com.img.addlink.cn","domain":"addlink.cn","tld":"cn"},"ip":{"addr":"60.247.153.76","port":0,"asn":38283,"as":"CHINANET SiChuan Telecom Internet Data Center","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-21T21:38:42Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www-x-jfglzs-x-com.img.addlink.cn","ip":{"addr":"211.149.251.114","port":443,"asn":38283,"as":"CHINANET SiChuan Telecom Internet Data Center","country":"China","country_code":"CN"},"domain_registered":"2005-03-23","domain_rank":0,"first_seen":"2025-04-12T21:38:44.126953Z","last_seen":"2025-04-12T21:38:44.126953Z","alert_count":1,"request_count":1,"received_data":7605958,"sent_data":519,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"26b0f6329f9fb710af9980e5b17dd046","sha1":"16935d6e67eab711f5877c5d44deb056daa749a3","sha256":"3348be70ca80ea333817683397bf2325ec5df468e6d0034bf5b55593d929dc78","sha512":"e315aeb1665dd281a452d4e087450c9260acb01787832f54c670e11248c5c3c5d319c96637f46290456cc12969c5969103d6c8c8e9467c8a1a24e9245448cc6a","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":7605493,"url":{"schema":"https","addr":"www-x-jfglzs-x-com.img.addlink.cn/software/jfgl.zip","fqdn":"www-x-jfglzs-x-com.img.addlink.cn","domain":"addlink.cn","tld":"cn"},"ip":{"addr":"211.149.251.114","port":443,"asn":38283,"as":"CHINANET SiChuan Telecom Internet Data Center","country":"China","country_code":"CN"},"archive":[{"path":"��װ������Ƶ.url","filename":"��װ������Ƶ.url","modified":"2023-10-29T18:44:03+08:00","Modified":"","magic":"Generic INItialization configuration [InternetShortcut]","size":149,"md5":"52a1881119a3f00626128c97d3c5c7b7","sha1":"d396a9b2d588b486c6e2385daf03af9921b60b8e","sha256":"78473aa97eef2f4fe392918b8b4a7244ab71c76a94a9ffe02de328610d372301","sha512":"a27ff6d1c0e225e87302c849eb9df0473a64fb86efc6cb92cc4c5314e42111706fa5247f966806d646e97a37c1d9d7c8cce72ef156834998d3a239a9f5d6454a","alerts":{"urlquery":null,"analyzer":null}},{"path":"���ü����ֶι�������Ϣ��������.url","filename":"���ü����ֶι�������Ϣ��������.url","modified":"2023-02-15T14:19:37+08:00","Modified":"","magic":"Generic INItialization configuration [InternetShortcut]","size":118,"md5":"8c1cab7b465e5cd71d7b4f8495be4a3a","sha1":"0c448da84c210fcc09e7bb25e7a93efd83527d8d","sha256":"ea65512e4bc7d086c76534052cdbf991307dc01354a6a8ee4c41b42cc289d398","sha512":"379848a14cf4a444c71e666f2f42c68f81bc371136351609cb698a21ac5e21946de992d4e21054dbcd3f36772947d97d9670b230b502f46d7a5368f21a0e3278","alerts":{"urlquery":null,"analyzer":null}},{"path":"��ַ�ڰ�����(������ֱ�ӵ��룬�����ɸ�����ַ��IP).xml","filename":"��ַ�ڰ�����(������ֱ�ӵ��룬�����ɸ�����ַ��IP).xml","modified":"2024-01-05T11:24:06+08:00","Modified":"","magic":"XML 1.0 document, ASCII text, with CRLF line terminators","size":1578,"md5":"227086982c925ab64c79c24bfea53a90","sha1":"c188ef6247ee70f8027c3b101e93eab7c8f7799d","sha256":"e938aecc31acd7437c2ddb5ea9fecc322611ee77c9522206c51cca426d4d5006","sha512":"ae1e0f886a5f34ace18c1983b6ded1c1818ed80982a52d571ededd9708fb45490c70e0cad109366647723783e83562f91b1b0dbf07bc4408b9a2c5b324b0ba06","alerts":{"urlquery":null,"analyzer":null}},{"path":"win10win11�Ƚ�ֹdefender/��1��.�ȹر�defender����.docx","filename":"��1��.�ȹر�defender����.docx","modified":"2023-10-08T16:13:38+08:00","Modified":"","magic":"Microsoft Word 2007+","size":176142,"md5":"801464139ac1947ef997a41995447d17","sha1":"11e28a4d41549944657e990ef21ea991445899c1","sha256":"27502bc1715f6e1dbb812a466ab73776c86870a0c94ac2f15e0bc94833904e27","sha512":"da496ee1178bb97df93a9d9ad7afd64363274f492857d9cdb9de100f5c103cbe21b188868c520c49f6b32b45631c76ab4857237e42fb44bf4f370d1e818c0fdb","alerts":{"urlquery":null,"analyzer":null}},{"path":"win10win11�Ƚ�ֹdefender/��2��.��ֹdefender(���룺123).zip","filename":"��2��.��ֹdefender(���룺123).zip","modified":"2023-12-29T16:44:04+08:00","Modified":"","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":1394610,"md5":"98721056b22c9df51b56e99a71b27a6c","sha1":"32ee15b105ecaf18d08fda76096345e7aa204395","sha256":"e931892a2011d5b3c5563f182e57377f204506dfd2cdc4f7dc8d77ba3e1f1609","sha512":"29edb441904bc711692a340cf3ed6c556d401b2116ec8d275f61bd6e51a52a9f188a44061333c85f96e690b5a7693b1ca15285831a768aaa005fbe9ecc0528a0","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-08-06","alert":"Scan result 2/68","trigger":"e931892a2011d5b3c5563f182e57377f204506dfd2cdc4f7dc8d77ba3e1f1609","verdict":"suspicious","severity":"","comment":"suspicious - 2/68","link":"https://www.virustotal.com/gui/file/e931892a2011d5b3c5563f182e57377f204506dfd2cdc4f7dc8d77ba3e1f1609","meta":null}]}},{"path":"win10win11�Ƚ�ֹdefender/��3��.��ֹwin����(��ȫ����ѹ)/Wub.exe","filename":"Wub.exe","modified":"2023-06-10T02:57:24+08:00","Modified":"","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","size":810000,"md5":"82aff8883099cf75462057c4e47e88ac","sha1":"68e2939f59b3869e9bd3ecc4aca3947649631bf8","sha256":"aac1123f17f8569a36bf93876cea30e15103fd2379b401a79129a2a6e7285ac2","sha512":"212ac940a1f8bdd805813c279d471efc53b858bc35c5edad182dfde3c29c37854618a507a0a0839e5a383d1ba4fe317c0b3c8275d023c86ecfa36f221560b96d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2025-04-12","alert":"Identifies compiled AutoIT script (as EXE).","trigger":"win10win11�Ƚ�ֹdefender/��3��.��ֹwin����(��ȫ����ѹ)/Wub.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-09-01","description":"Identifies compiled AutoIT script (as EXE).","fingerprint":"7d7623207492860e4196e8c8a493b874bb3042c83f19e61e1d958e79a09bc8f8","first_imported":"2021-12-30","id":"1HD8y9jsBZi1HDN82XCpZx","last_modified":"2021-12-30","rule":"AutoIT_Compiled","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}}]}},{"path":"win10win11�Ƚ�ֹdefender/��3��.��ֹwin����(��ȫ����ѹ)/Wub.ini","filename":"Wub.ini","modified":"2023-06-24T11:15:46+08:00","Modified":"","magic":"Unicode text, UTF-16, little-endian text, with CRLF line terminators","size":97136,"md5":"ad285356ba487d68323d88a9f364ae3e","sha1":"795db57cd77779f0c1f143e25812b9c2ab864a8b","sha256":"18832fec5e4f4a4e9b4c11eff8ba90dfd0f70d40794ff356267ed8dfaf33e253","sha512":"2010d43210a796d878a963190fbbcb6b2bcc9fe4210a3276cfac6f237091480ac7cc88d6ac6ba3d45a4bb8d06db4b30bc5f8a345804d36e0339e90197ee3481f","alerts":{"urlquery":null,"analyzer":null}},{"path":"win10win11�Ƚ�ֹdefender/��3��.��ֹwin����(��ȫ����ѹ)/Wub_x64.exe","filename":"Wub_x64.exe","modified":"2023-06-10T02:57:24+08:00","Modified":"","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 5 sections","size":961600,"md5":"9d6778f7f274f7ecd4e7e875a7268b64","sha1":"452fa439f1cc0b9fcc37cf4b8cfff96e8cc348aa","sha256":"187eeee9e518011de1b87cfb0ed03e12ea551e9011f0c8defdd0e4535e672da2","sha512":"d51df55a5f903ec624550e847459bfa52fb19e892a58fe2de41251d9d98890b36f26a4950ad75f900de0311b5330066aaece11ec5e549d5b3867a61a344e0b87","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2025-04-12","alert":"Identifies compiled AutoIT script (as EXE).","trigger":"win10win11�Ƚ�ֹdefender/��3��.��ֹwin����(��ȫ����ѹ)/Wub_x64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-09-01","description":"Identifies compiled AutoIT script (as EXE).","fingerprint":"7d7623207492860e4196e8c8a493b874bb3042c83f19e61e1d958e79a09bc8f8","first_imported":"2021-12-30","id":"1HD8y9jsBZi1HDN82XCpZx","last_modified":"2021-12-30","rule":"AutoIT_Compiled","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}}]}},{"path":"��Ҫ˵��.doc","filename":"��Ҫ˵��.doc","modified":"2025-04-03T09:14:35+08:00","Modified":"","magic":"Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1200, Locale ID: 2052, Title:    1,oK5PYb}uQ'3, Author: o(, Template: Normal, Last Saved By: #, Revision Number: 41, Total Editing Time: Wed Jan 10 16:00:00 1900, Create Time/Date: Sat Dec 28 02:21:00 2013, Last Saved Time/Date: Thu Apr  3 01:14:35 2025, Number of Pages: 5, Number of Words: 1778, Number of Characters: 2019, Name of Creating Application: WPS Office_12.1.0.20305_F1E327B, Security: 0","size":841216,"md5":"2cb9d1db6fd05312d82a5a2849811163","sha1":"01a4d1b6559d55c6800d4e8fe252a51b83463dab","sha256":"8f2e5631827fb305812cb0491be90b0d712422b3a30ef6de8f94baa17770b590","sha512":"9808c6942f23e186c3b12e119a7e41104d2a315d9409922c19712b1872ad64b18e776b33c5d4d3181debb4f3a3132486cf740f830f1e493792e5518521cdcdb6","alerts":{"urlquery":null,"analyzer":null}},{"path":"setup(��ѹ���룺123).zip","filename":"setup(��ѹ���룺123).zip","modified":"2025-04-07T17:34:46+08:00","Modified":"","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":4140843,"md5":"9a9dcaf6e90e8283b3e46b0f187d1f18","sha1":"a1ea6bfd303c0201d709bb04ef0c9a77fd9d58b7","sha256":"907eb49fe14b5bd81473b6021ff47f340da761d749ca9cdcd79c75820e3f2127","sha512":"a4fa18b62aa7f7ce06cda8979143325f4b799b1edf2c6d3b14697109fbbd2c9a192cd6feeca98cf03347409fed59423958afe177de9b307f58f412ab21af89f1","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-04-12","alert":"Scan result 2/64","trigger":"907eb49fe14b5bd81473b6021ff47f340da761d749ca9cdcd79c75820e3f2127","verdict":"suspicious","severity":"","comment":"suspicious - 2/64","link":"https://www.virustotal.com/gui/file/907eb49fe14b5bd81473b6021ff47f340da761d749ca9cdcd79c75820e3f2127","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2025-04-12","alert":"Identifies compiled AutoIT script (as EXE).","trigger":"win10win11�Ƚ�ֹdefender/��3��.��ֹwin����(��ȫ����ѹ)/Wub.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-09-01","description":"Identifies compiled AutoIT script (as EXE).","fingerprint":"7d7623207492860e4196e8c8a493b874bb3042c83f19e61e1d958e79a09bc8f8","first_imported":"2021-12-30","id":"1HD8y9jsBZi1HDN82XCpZx","last_modified":"2021-12-30","rule":"AutoIT_Compiled","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2025-04-12","alert":"Identifies compiled AutoIT script (as EXE).","trigger":"win10win11�Ƚ�ֹdefender/��3��.��ֹwin����(��ȫ����ѹ)/Wub_x64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-09-01","description":"Identifies compiled AutoIT script (as EXE).","fingerprint":"7d7623207492860e4196e8c8a493b874bb3042c83f19e61e1d958e79a09bc8f8","first_imported":"2021-12-30","id":"1HD8y9jsBZi1HDN82XCpZx","last_modified":"2021-12-30","rule":"AutoIT_Compiled","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-04-12","alert":"Scan result 1/64","trigger":"3348be70ca80ea333817683397bf2325ec5df468e6d0034bf5b55593d929dc78","verdict":"suspicious","severity":"","comment":"suspicious - 1/64","link":"https://www.virustotal.com/gui/file/3348be70ca80ea333817683397bf2325ec5df468e6d0034bf5b55593d929dc78","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"26b0f6329f9fb710af9980e5b17dd046","sha1":"16935d6e67eab711f5877c5d44deb056daa749a3","sha256":"3348be70ca80ea333817683397bf2325ec5df468e6d0034bf5b55593d929dc78","sha512":"e315aeb1665dd281a452d4e087450c9260acb01787832f54c670e11248c5c3c5d319c96637f46290456cc12969c5969103d6c8c8e9467c8a1a24e9245448cc6a","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":7605493,"url":{"schema":"https","addr":"www-x-jfglzs-x-com.img.addlink.cn/software/jfgl.zip","fqdn":"www-x-jfglzs-x-com.img.addlink.cn","domain":"addlink.cn","tld":"cn"},"ip":{"addr":"211.149.251.114","port":443,"asn":38283,"as":"CHINANET SiChuan Telecom Internet Data Center","country":"China","country_code":"CN"},"archive":[{"path":"��װ������Ƶ.url","filename":"��װ������Ƶ.url","modified":"2023-10-29T18:44:03+08:00","Modified":"","magic":"Generic INItialization configuration [InternetShortcut]","size":149,"md5":"52a1881119a3f00626128c97d3c5c7b7","sha1":"d396a9b2d588b486c6e2385daf03af9921b60b8e","sha256":"78473aa97eef2f4fe392918b8b4a7244ab71c76a94a9ffe02de328610d372301","sha512":"a27ff6d1c0e225e87302c849eb9df0473a64fb86efc6cb92cc4c5314e42111706fa5247f966806d646e97a37c1d9d7c8cce72ef156834998d3a239a9f5d6454a","alerts":{"urlquery":null,"analyzer":null}},{"path":"���ü����ֶι�������Ϣ��������.url","filename":"���ü����ֶι�������Ϣ��������.url","modified":"2023-02-15T14:19:37+08:00","Modified":"","magic":"Generic INItialization configuration [InternetShortcut]","size":118,"md5":"8c1cab7b465e5cd71d7b4f8495be4a3a","sha1":"0c448da84c210fcc09e7bb25e7a93efd83527d8d","sha256":"ea65512e4bc7d086c76534052cdbf991307dc01354a6a8ee4c41b42cc289d398","sha512":"379848a14cf4a444c71e666f2f42c68f81bc371136351609cb698a21ac5e21946de992d4e21054dbcd3f36772947d97d9670b230b502f46d7a5368f21a0e3278","alerts":{"urlquery":null,"analyzer":null}},{"path":"��ַ�ڰ�����(������ֱ�ӵ��룬�����ɸ�����ַ��IP).xml","filename":"��ַ�ڰ�����(������ֱ�ӵ��룬�����ɸ�����ַ��IP).xml","modified":"2024-01-05T11:24:06+08:00","Modified":"","magic":"XML 1.0 document, ASCII text, with CRLF line terminators","size":1578,"md5":"227086982c925ab64c79c24bfea53a90","sha1":"c188ef6247ee70f8027c3b101e93eab7c8f7799d","sha256":"e938aecc31acd7437c2ddb5ea9fecc322611ee77c9522206c51cca426d4d5006","sha512":"ae1e0f886a5f34ace18c1983b6ded1c1818ed80982a52d571ededd9708fb45490c70e0cad109366647723783e83562f91b1b0dbf07bc4408b9a2c5b324b0ba06","alerts":{"urlquery":null,"analyzer":null}},{"path":"win10win11�Ƚ�ֹdefender/��1��.�ȹر�defender����.docx","filename":"��1��.�ȹر�defender����.docx","modified":"2023-10-08T16:13:38+08:00","Modified":"","magic":"Microsoft Word 2007+","size":176142,"md5":"801464139ac1947ef997a41995447d17","sha1":"11e28a4d41549944657e990ef21ea991445899c1","sha256":"27502bc1715f6e1dbb812a466ab73776c86870a0c94ac2f15e0bc94833904e27","sha512":"da496ee1178bb97df93a9d9ad7afd64363274f492857d9cdb9de100f5c103cbe21b188868c520c49f6b32b45631c76ab4857237e42fb44bf4f370d1e818c0fdb","alerts":{"urlquery":null,"analyzer":null}},{"path":"win10win11�Ƚ�ֹdefender/��2��.��ֹdefender(���룺123).zip","filename":"��2��.��ֹdefender(���룺123).zip","modified":"2023-12-29T16:44:04+08:00","Modified":"","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":1394610,"md5":"98721056b22c9df51b56e99a71b27a6c","sha1":"32ee15b105ecaf18d08fda76096345e7aa204395","sha256":"e931892a2011d5b3c5563f182e57377f204506dfd2cdc4f7dc8d77ba3e1f1609","sha512":"29edb441904bc711692a340cf3ed6c556d401b2116ec8d275f61bd6e51a52a9f188a44061333c85f96e690b5a7693b1ca15285831a768aaa005fbe9ecc0528a0","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-08-06","alert":"Scan result 2/68","trigger":"e931892a2011d5b3c5563f182e57377f204506dfd2cdc4f7dc8d77ba3e1f1609","verdict":"suspicious","severity":"","comment":"suspicious - 2/68","link":"https://www.virustotal.com/gui/file/e931892a2011d5b3c5563f182e57377f204506dfd2cdc4f7dc8d77ba3e1f1609","meta":null}]}},{"path":"win10win11�Ƚ�ֹdefender/��3��.��ֹwin����(��ȫ����ѹ)/Wub.exe","filename":"Wub.exe","modified":"2023-06-10T02:57:24+08:00","Modified":"","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","size":810000,"md5":"82aff8883099cf75462057c4e47e88ac","sha1":"68e2939f59b3869e9bd3ecc4aca3947649631bf8","sha256":"aac1123f17f8569a36bf93876cea30e15103fd2379b401a79129a2a6e7285ac2","sha512":"212ac940a1f8bdd805813c279d471efc53b858bc35c5edad182dfde3c29c37854618a507a0a0839e5a383d1ba4fe317c0b3c8275d023c86ecfa36f221560b96d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2025-04-12","alert":"Identifies compiled AutoIT script (as EXE).","trigger":"win10win11�Ƚ�ֹdefender/��3��.��ֹwin����(��ȫ����ѹ)/Wub.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-09-01","description":"Identifies compiled AutoIT script (as EXE).","fingerprint":"7d7623207492860e4196e8c8a493b874bb3042c83f19e61e1d958e79a09bc8f8","first_imported":"2021-12-30","id":"1HD8y9jsBZi1HDN82XCpZx","last_modified":"2021-12-30","rule":"AutoIT_Compiled","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}}]}},{"path":"win10win11�Ƚ�ֹdefender/��3��.��ֹwin����(��ȫ����ѹ)/Wub.ini","filename":"Wub.ini","modified":"2023-06-24T11:15:46+08:00","Modified":"","magic":"Unicode text, UTF-16, little-endian text, with CRLF line terminators","size":97136,"md5":"ad285356ba487d68323d88a9f364ae3e","sha1":"795db57cd77779f0c1f143e25812b9c2ab864a8b","sha256":"18832fec5e4f4a4e9b4c11eff8ba90dfd0f70d40794ff356267ed8dfaf33e253","sha512":"2010d43210a796d878a963190fbbcb6b2bcc9fe4210a3276cfac6f237091480ac7cc88d6ac6ba3d45a4bb8d06db4b30bc5f8a345804d36e0339e90197ee3481f","alerts":{"urlquery":null,"analyzer":null}},{"path":"win10win11�Ƚ�ֹdefender/��3��.��ֹwin����(��ȫ����ѹ)/Wub_x64.exe","filename":"Wub_x64.exe","modified":"2023-06-10T02:57:24+08:00","Modified":"","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 5 sections","size":961600,"md5":"9d6778f7f274f7ecd4e7e875a7268b64","sha1":"452fa439f1cc0b9fcc37cf4b8cfff96e8cc348aa","sha256":"187eeee9e518011de1b87cfb0ed03e12ea551e9011f0c8defdd0e4535e672da2","sha512":"d51df55a5f903ec624550e847459bfa52fb19e892a58fe2de41251d9d98890b36f26a4950ad75f900de0311b5330066aaece11ec5e549d5b3867a61a344e0b87","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2025-04-12","alert":"Identifies compiled AutoIT script (as EXE).","trigger":"win10win11�Ƚ�ֹdefender/��3��.��ֹwin����(��ȫ����ѹ)/Wub_x64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-09-01","description":"Identifies compiled AutoIT script (as EXE).","fingerprint":"7d7623207492860e4196e8c8a493b874bb3042c83f19e61e1d958e79a09bc8f8","first_imported":"2021-12-30","id":"1HD8y9jsBZi1HDN82XCpZx","last_modified":"2021-12-30","rule":"AutoIT_Compiled","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}}]}},{"path":"��Ҫ˵��.doc","filename":"��Ҫ˵��.doc","modified":"2025-04-03T09:14:35+08:00","Modified":"","magic":"Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1200, Locale ID: 2052, Title:    1,oK5PYb}uQ'3, Author: o(, Template: Normal, Last Saved By: #, Revision Number: 41, Total Editing Time: Wed Jan 10 16:00:00 1900, Create Time/Date: Sat Dec 28 02:21:00 2013, Last Saved Time/Date: Thu Apr  3 01:14:35 2025, Number of Pages: 5, Number of Words: 1778, Number of Characters: 2019, Name of Creating Application: WPS Office_12.1.0.20305_F1E327B, Security: 0","size":841216,"md5":"2cb9d1db6fd05312d82a5a2849811163","sha1":"01a4d1b6559d55c6800d4e8fe252a51b83463dab","sha256":"8f2e5631827fb305812cb0491be90b0d712422b3a30ef6de8f94baa17770b590","sha512":"9808c6942f23e186c3b12e119a7e41104d2a315d9409922c19712b1872ad64b18e776b33c5d4d3181debb4f3a3132486cf740f830f1e493792e5518521cdcdb6","alerts":{"urlquery":null,"analyzer":null}},{"path":"setup(��ѹ���룺123).zip","filename":"setup(��ѹ���룺123).zip","modified":"2025-04-07T17:34:46+08:00","Modified":"","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":4140843,"md5":"9a9dcaf6e90e8283b3e46b0f187d1f18","sha1":"a1ea6bfd303c0201d709bb04ef0c9a77fd9d58b7","sha256":"907eb49fe14b5bd81473b6021ff47f340da761d749ca9cdcd79c75820e3f2127","sha512":"a4fa18b62aa7f7ce06cda8979143325f4b799b1edf2c6d3b14697109fbbd2c9a192cd6feeca98cf03347409fed59423958afe177de9b307f58f412ab21af89f1","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-04-12","alert":"Scan result 2/64","trigger":"907eb49fe14b5bd81473b6021ff47f340da761d749ca9cdcd79c75820e3f2127","verdict":"suspicious","severity":"","comment":"suspicious - 2/64","link":"https://www.virustotal.com/gui/file/907eb49fe14b5bd81473b6021ff47f340da761d749ca9cdcd79c75820e3f2127","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2025-04-12","alert":"Identifies compiled AutoIT script (as EXE).","trigger":"win10win11�Ƚ�ֹdefender/��3��.��ֹwin����(��ȫ����ѹ)/Wub.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-09-01","description":"Identifies compiled AutoIT script (as EXE).","fingerprint":"7d7623207492860e4196e8c8a493b874bb3042c83f19e61e1d958e79a09bc8f8","first_imported":"2021-12-30","id":"1HD8y9jsBZi1HDN82XCpZx","last_modified":"2021-12-30","rule":"AutoIT_Compiled","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2025-04-12","alert":"Identifies compiled AutoIT script (as EXE).","trigger":"win10win11�Ƚ�ֹdefender/��3��.��ֹwin����(��ȫ����ѹ)/Wub_x64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-09-01","description":"Identifies compiled AutoIT script (as EXE).","fingerprint":"7d7623207492860e4196e8c8a493b874bb3042c83f19e61e1d958e79a09bc8f8","first_imported":"2021-12-30","id":"1HD8y9jsBZi1HDN82XCpZx","last_modified":"2021-12-30","rule":"AutoIT_Compiled","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-04-12","alert":"Scan result 1/64","trigger":"3348be70ca80ea333817683397bf2325ec5df468e6d0034bf5b55593d929dc78","verdict":"suspicious","severity":"","comment":"suspicious - 1/64","link":"https://www.virustotal.com/gui/file/3348be70ca80ea333817683397bf2325ec5df468e6d0034bf5b55593d929dc78","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"www-x-jfglzs-x-com.img.addlink.cn/software/jfgl.zip","fqdn":"www-x-jfglzs-x-com.img.addlink.cn","domain":"addlink.cn","tld":"cn"},"ip":{"addr":"211.149.251.114","port":443,"asn":38283,"as":"CHINANET SiChuan Telecom Internet Data Center","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-12T21:38:19.595Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.img.addlink.cn","organization":""},"issuer":{"commonName":"sslTrus (RSA) DV CA","organization":"sslTrus"},"validity":{"start":"Wed, 09 Oct 2024 00:00:00 GMT","end":"Thu, 09 Oct 2025 23:59:59 GMT"},"fingerprint":{"sha1":"F9:6D:DD:B8:EF:96:B1:00:C3:8F:AA:56:1F:63:B7:05:7C:9D:9F:8B","sha256":"20:A8:97:97:96:6F:EE:B1:E5:3F:25:11:D2:5B:82:C3:A6:9F:D3:DD:E9:CC:10:5E:FD:6A:BD:6B:17:4F:09:0F"}}},"request":{"raw":"GET /software/jfgl.zip HTTP/1.1\r\nHost: www-x-jfglzs-x-com.img.addlink.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: wts/1.6.4\r\nDate: Sat, 12 Apr 2025 21:38:22 GMT\r\nContent-Type: application/x-zip-compressed\r\nContent-Length: 7605493\r\nConnection: keep-alive\r\nLast-Modified: Mon, 07 Apr 2025 09:37:24 GMT\r\nETag: \"54af3aaa0a7db1:0\"\r\nExpires: Sun, 13 Apr 2025 21:38:22 GMT\r\nCache-Control: max-age=86400\r\nCache-Status: MISS\r\nCache-Server: img5\r\nAccess-Control-Allow-Origin: https://www.jfglzs.com\r\nAccess-Control-Allow-Credentials: true\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7605493,"size_decoded":0,"mime_type":"application/x-zip-compressed","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"26b0f6329f9fb710af9980e5b17dd046","sha1":"16935d6e67eab711f5877c5d44deb056daa749a3","sha256":"3348be70ca80ea333817683397bf2325ec5df468e6d0034bf5b55593d929dc78","sha512":"e315aeb1665dd281a452d4e087450c9260acb01787832f54c670e11248c5c3c5d319c96637f46290456cc12969c5969103d6c8c8e9467c8a1a24e9245448cc6a","ssdeep":"98304:jAW65CmKFLXuBv1kG3UHe4IiJlmtdbrLvgrwCjncXEak96hSjk3bHYmzbn5gBMMB:jAn8m6XOtAbJlmLTg1MkohSOH0Bkm5","tlshash":"3476335c91a9a26fd831b7f0749195f3f2d82702aa44852b3cc3f1a3819727fde295c6","first_seen":"2025-04-12T21:38:49.209977Z","last_seen":"2025-05-10T06:40:01.422052Z","times_seen":5,"resource_available":false,"data":null}},"time_used":13804,"timings":{"blocked":2117,"dns":886,"connect":264,"send":0,"wait":271,"receive":9300,"ssl":931},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-04-12","alert":"Scan result 1/64","trigger":"3348be70ca80ea333817683397bf2325ec5df468e6d0034bf5b55593d929dc78","verdict":"suspicious","severity":"","comment":"suspicious - 1/64","link":"https://www.virustotal.com/gui/file/3348be70ca80ea333817683397bf2325ec5df468e6d0034bf5b55593d929dc78","meta":null}],"urlquery":null}}]}