Report - update.arcgames.com/arc2/Arc2Update_202404261552

Report Overview

Submitted URL
update.arcgames.com/arc2/Arc2Update_202404261552_b.zip
IP
23.36.79.10
ASN
#20940 Akamai International B.V.
Submitted
2024-05-02 13:19:27
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
update.arcgames.com	unknown	2006-07-16	2020-02-29	2022-09-09	508 B	18 MB	23.36.79.25

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
update.arcgames.com/arc2/Arc2Update_202404261552_b.zip
IP
23.36.79.25
ASN
#20940 Akamai International B.V.

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
18 MB (17800567 bytes)
Hash
c248f44fe5bfe941866ad4af0ce57e61
7acfb971abb56e8cffc6479ac909795c18aadfe8
aed70b01780600bcda97097c34ade09ec74860afb96dacb54fab22b08b5423a1

Archive (32)

Filename

Md5

File type

Arc.exe

f9b8010fec2fbd37dd36f9c313743d78

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

ArcChat.exe

ef19f9b0dc487543c6790ee583f1dfd9

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

ArcDepends.exe

485c4a01c7c4d479137b44460d487c3d

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ArcErrRep.exe

a82d50c8e92ad65c52d2c588db364afd

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ArcLauncher.exe

cdecf05dce7e7f9c6734713b161c52f7

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ArcOSBrowser.exe

0da767a6ccabda78280b10a2b8f0d675

PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections

ArcOSOverlay.exe

aa2846aef67a915bcd4acc654c42811a

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ArcOverlayStub.dll

a073ae6eb420f127ddbea8ff832f0d09

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

ArcOverlayStub_64.dll

dce1e150f24878ed6907475d6a0b8984

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 9 sections

ArcRepair.exe

0a0ebae4b6f77a8284b6e6aac441d328

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ArcSDK.dll

af6b107d22bed88e003ceb068b5748bf

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ArcSDK_64.dll

f15936468a520dc7275d955e478e34da

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

ArcService.exe

15d8f277c92ff53bf0309ed9103504e2

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ArcSteamHelper.exe

32e50e060de31cb54362853bf0086e1d

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ArcUpdate.exe

6f0c145ee23c80dc45f22526cec28a2a

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

ArcZone.dll

745569497b81a2ca9d8c06eb045a4b55

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

CfgFileList.xml

affd8fd7b2d103501a34eaeb4ff75a70

XML 1.0 document, ASCII text

Client_string_table.dat

162a540e41e07c4a5071ca95403f681b

Unicode text, UTF-8 (with BOM) text, with very long lines (1621)

Config.ini

0d548617f51d494cb098d1ec9e2c4a36

ASCII text

CoreUI.dll

588bc3344a9fc4f614ed41a5c2c04eed

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

HttpDownloader.dll

c45ab86e9bf1e9481433e2bd889d5b23

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

SonicUI.dll

303e63ba4f7df7104917cb0f3ed24b53

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

version.ini

e14f92946d0f6b39661ed5732b77cf25

ASCII text, with CRLF, LF line terminators

sonic.template

a06fbf90bfcae3c3f7d600df0b660298

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (731)

sonic.xml_1

71facb529d154fd43cf316a559719bf4

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (502), with CRLF line terminators

sonic.xml_2

d3f18ae9f66b4912086f975ab28400af

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (652), with CRLF line terminators

sonic.xml_3

2d3f51aa3eb8b670263814b6e4bc686f

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (545), with CRLF line terminators

sonic.xml_4

58d3ec04018f08f3fd8a3293fbb49e85

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (579), with CRLF line terminators

sonic.xml_5

638849d69858b7e60ddc7e2b2f94dc05

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (502), with CRLF line terminators

sonic.xml_6

7166f4365083bf2c7e847add7b4cf163

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (578), with CRLF line terminators

sonic.xml_7

47a0ad20ba079d77c3b42a0b7af53148

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (611), with CRLF line terminators

sonic.xml_8

da4f5b737bf45d719fdd965ec64d77a9

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (589), with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	update.arcgames.com/arc2/Arc2Update_202404261552_b.zip	23.36.79.25	200 OK	18 MB
URL User Request GET HTTP/2 update.arcgames.com/arc2/Arc2Update_202404261552_b.zip IP 23.36.79.25:443 ASN #20940 Akamai International B.V. Certificate IssuerDigiCert Inc Subjectsf.gearboxpublishing.com FingerprintD6:64:C6:9B:8B:18:51:A6:A1:B9:FB:5E:A7:79:47:EF:97:0E:9D:40 ValidityMon, 17 Jul 2023 00:00:00 GMT - Fri, 19 Jul 2024 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 18 MB (17800567 bytes) Hash c248f44fe5bfe941866ad4af0ce57e61 7acfb971abb56e8cffc6479ac909795c18aadfe8 aed70b01780600bcda97097c34ade09ec74860afb96dacb54fab22b08b5423a1 HTTP Headers `GET /arc2/Arc2Update_202404261552_b.zip HTTP/1.1 Host: update.arcgames.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx content-type: application/zip last-modified: Fri, 26 Apr 2024 23:08:51 GMT etag: "662c3403-10f9d77" content-length: 17800567 cache-control: must-revalidate, max-age=21572 expires: Thu, 02 May 2024 19:18:24 GMT date: Thu, 02 May 2024 13:18:52 GMT X-Firefox-Spdy: h2`

update.arcgames.com/arc2/Arc2Update_202404261552_b.zip

23.36.79.25

200 OK

18 MB

URL User Request GET HTTP/2
update.arcgames.com/arc2/Arc2Update_202404261552_b.zip
IP
23.36.79.25:443
ASN
#20940 Akamai International B.V.

Certificate
IssuerDigiCert Inc
Subjectsf.gearboxpublishing.com
FingerprintD6:64:C6:9B:8B:18:51:A6:A1:B9:FB:5E:A7:79:47:EF:97:0E:9D:40
ValidityMon, 17 Jul 2023 00:00:00 GMT - Fri, 19 Jul 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
18 MB (17800567 bytes)
Hash
c248f44fe5bfe941866ad4af0ce57e61
7acfb971abb56e8cffc6479ac909795c18aadfe8
aed70b01780600bcda97097c34ade09ec74860afb96dacb54fab22b08b5423a1

HTTP Headers

GET /arc2/Arc2Update_202404261552_b.zip HTTP/1.1
Host: update.arcgames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/zip
last-modified: Fri, 26 Apr 2024 23:08:51 GMT
etag: "662c3403-10f9d77"
content-length: 17800567
cache-control: must-revalidate, max-age=21572
expires: Thu, 02 May 2024 19:18:24 GMT
date: Thu, 02 May 2024 13:18:52 GMT
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (32)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers