Report - kusal.com/msidntld.zip?sn=45

Report Overview

Visited public
2025-02-28 11:59:56
Tags
URL
kusal.com/msidntld.zip?sn=45
Finishing URL
about:privatebrowsing
IP / ASN
217.21.85.207
#47583 Hostinger International Limited
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
kusal.com	unknown	2000-07-20	2013-09-05	2025-02-24	494 B	2.8 MB	217.21.85.207

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-02-28	medium	kusal.com	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
kusal.com/msidntld.zip?sn=45
IP
217.21.85.207
ASN
#47583 Hostinger International Limited

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.8 MB (2754026 bytes)
Hash
db2fa102317ac867b67cfeb13fa68c1b
a8e858ab272b57c405a332809c874bb57e32b105
56fd0453a92e7dc5cdce57ef41f63c095414c8a069e705f1fa3121246c802bba

Archive (53)

Filename

Md5

File type

AudioCapture.dll

2a82792f7b45d537edfe58eb758c1197

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

cksini (2).exe

953896600dfb86750506706f1599d415

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

client32.exe

1c19c2e97c5e6b30de69ee684e6e5589

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

client32.ini

918dff2b0d3347095cabc77485492683

ASCII text, with CRLF line terminators

comcat.dll

835ff05a3f5e16e0fe41e515ea398bd4

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

getuname.dll

91c68038bfc064ea8fb6d432acd38ee0

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

HTCTL32.DLL

3eed18b47412d3f91a394ae880b56ed2

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ifsutilx.dll

27a7213091cda31e84967bead4d29bd1

PE32+ executable (DLL) (console) x86-64, for MS Windows, 7 sections

KBDTAM99.DLL

ccc736781cf4a49f42cd07c703b3a18b

PE32+ executable (DLL) (native) x86-64, for MS Windows, 4 sections

8ball1.bmp

0803944194a71bd255dbdcc0d0cee39e

PC bitmap, Windows 3.x format, 64 x 64 x 8, resolution 2834 x 2834 px/m, cbSize 5176, bits offset 1078

andre.bmp

020dbb02eb629861340785a80a9a02df

PC bitmap, Windows 3.x format, 64 x 64 x 8, resolution 2834 x 2834 px/m, cbSize 5176, bits offset 1078

camp1.bmp

ed352fdd80be916f1eeeedd282202487

PC bitmap, Windows 3.x format, 64 x 64 x 8, resolution 2834 x 2834 px/m, cbSize 5176, bits offset 1078

chick1.bmp

cd22448b3f9214fe2a6a009b5f65668e

PC bitmap, Windows 3.x format, 64 x 64 x 8, resolution 2834 x 2834 px/m, cbSize 5176, bits offset 1078

chuckskull.bmp

39c7b460021042a446bd8bdca8476a83

PC bitmap, Windows 3.x format, 64 x 64 x 8, resolution 2834 x 2834 px/m, cbSize 5176, bits offset 1078

f911cc9097cda666df4d8b883f56d06b

SQLite 3.x database, last written using SQLite version 3007006, page size 1024, file counter 8, database pages 7, cookie 0x4, schema 1, UTF-8, version-valid-for 8

data_0

933ce139b5dc5c39827c1ff1f8d2e8ce

data

data_1

37b782426faac4497d859df1e52d6cf1

data

data_2

0962291d6d367570bee5454721c17e11

data

data_3

41876349cb12d6db992f1309f22df3f0

data

devl1.bmp

ba8b503cbaa76346e3601e54e2c91ca3

PC bitmap, Windows 3.x format, 64 x 64 x 8, resolution 2834 x 2834 px/m, cbSize 5176, bits offset 1078

f_000001

57ba5e5dd6940b3d032c9b88ec01f218

gzip compressed data, from Unix

gun1.bmp

299be38a79f4112baaceab3f609faf1d

PC bitmap, Windows 3.x format, 64 x 64 x 8, resolution 2834 x 2834 px/m, cbSize 5176, bits offset 1078

lambda.bmp

1876018802412e395418d9abdbc3b062

PC bitmap, Windows 3.x format, 64 x 64 x 8, resolution 11808 x 11808 px/m, cbSize 5176, bits offset 1078

skull.bmp

d8e44f63c296926b8a722279d225d4a4

PC bitmap, Windows 3.x format, 64 x 64 x 8, resolution 2834 x 2834 px/m, cbSize 5176, bits offset 1078

smiley.bmp

5bbda3940852184e3e49d97e818f6d1d

PC bitmap, Windows 3.x format, 64 x 64 x 8, resolution 2834 x 2834 px/m, cbSize 5176, bits offset 1078

splatt.bmp

90990db3ffcf9a0c05058b204892d155

PC bitmap, Windows 3.x format, 64 x 64 x 8, resolution 2834 x 2834 px/m, cbSize 5176, bits offset 1078

tiki.bmp

727728ee19652652f6032c9e979976f2

PC bitmap, Windows 3.x format, 64 x 64 x 8, resolution 2834 x 2834 px/m, cbSize 5176, bits offset 1078

v_1.bmp

e5d9acc68bcb1e4114a97a186cc54cf2

PC bitmap, Windows 3.x format, 64 x 64 x 8, resolution 2834 x 2834 px/m, cbSize 5176, bits offset 1078

libwinpthread-1.dll

ec5d913ae28217edee26445e1c151aa5

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 12 sections

OpenAL32.dll

31bd6354a1d8f3617cb98fa6ab818891

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections

Qt6Svg.dll

c03e94acc30713451fe7667b451dd909

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 13 sections

mprext.dll

0eabd6ab464758f058fc039a47f61750

PE32+ executable (DLL) (console) x86-64, for MS Windows, 7 sections

msidle.dll

b1c1bb1ef2ac2d739aeaed77c33c1848

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

msidntld.dll

504e51418d856d664db23dd55a61352d

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 2 sections

msvcr100.dll

0e37fbfa79d349d672456923ec5fbbe3

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

neth.dll

26bf659dc283cd389baad0ca54c1abca

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

netmsg.dll

176e3d19f665faefd5c5f892cb310ac8

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

nskbfltr.inf

26e28c01461f7e65c402bdf09923d435

Windows setup INFormation

NSM.ini

99f493dce7fab330dc47f0cab8fe6172

Non-ISO extended-ASCII text, with CRLF line terminators

NSM.LIC

b9956282a0fed076ed083892e498ac69

ASCII text, with CRLF line terminators

nsm_vpro.ini

3be27483fdcdbf9ebae93234785235e3

ASCII text, with CRLF line terminators

panmap.dll

c3f21a1cc9dc3cccc38491da27273f11

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

pcicapi.dll

9daa86d91a18131d5caf49d14fb8b6f2

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

PCICHEK.DLL

e311935a26ee920d5b7176cfa469253c

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

PCICL32.DLL

77b3988cbae5a2550caec42cc5e8ec35

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

prflbmsg.dll

54fb96ffb3e2984755f82cfff72e317a

PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections

manifest.json

2b6f737dc8b2ae315e5d244aa680da8a

JSON text data

privacy-sandbox-attestations.dat

2baad07518f63b93c1c64531bb37eb62

data

provdiagnostics.dll

81bd7399ef847e73954ae785471ac5b8

PE32+ executable (DLL) (console) x86-64, for MS Windows, 6 sections

remcmdstub.exe

62cb7909b5247f472b0e3f748faedf35

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

TsUsbRedirectionGroupPolicyExtension.dll

d89cda3ff8427da82de6cce39008c5bc

PE32+ executable (DLL) (console) x86-64, for MS Windows, 6 sections

WiaExtensionHost64.dll

5d084613c0e5c8c3022d9e0f316b0e23

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

wiatrace.dll

2bdce845c9ab1d3eb0020b8e74c536dc

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	Detect pe file that no import table
VirusTotal	malicious	VirusTotal - Scan result 21/66

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

kusal.com/msidntld.zip?sn=45

217.21.85.207

200 OK

2.8 MB

URL User Request GET HTTP/2
kusal.com/msidntld.zip?sn=45
IP
217.21.85.207:443
ASN
#47583 Hostinger International Limited

Certificate
IssuerLet's Encrypt
Subjectkusal.com
FingerprintE2:78:85:D5:67:6C:EA:23:18:AD:EC:EC:26:21:A6:E5:49:F3:C9:A5
ValidityThu, 06 Feb 2025 04:24:03 GMT - Wed, 07 May 2025 04:24:02 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.8 MB (2754026 bytes)
Hash
db2fa102317ac867b67cfeb13fa68c1b
a8e858ab272b57c405a332809c874bb57e32b105
56fd0453a92e7dc5cdce57ef41f63c095414c8a069e705f1fa3121246c802bba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
VirusTotal	malicious	VirusTotal - Scan result 21/66

HTTP Headers

GET /msidntld.zip?sn=45 HTTP/1.1
Host: kusal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/zip
last-modified: Thu, 27 Feb 2025 19:13:34 GMT
etag: "2a05ea-67c0b95e-cc6563dc7bd36d68;;;"
accept-ranges: bytes
content-length: 2754026
date: Fri, 28 Feb 2025 11:59:25 GMT
server: LiteSpeed
platform: hostinger
panel: hpanel
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (53)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers