Report - files.sshnuke.net/cemuhook_1159

Report Overview

Visited public
2025-05-10 08:04:54
Tags
URL
files.sshnuke.net/cemuhook_1159_0573.zip
Finishing URL
about:privatebrowsing
IP / ASN
104.21.21.156
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
files.sshnuke.net	unknown	2013-12-07	2017-03-25	2025-05-08	508 B	5.9 MB	172.67.199.85

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
files.sshnuke.net/cemuhook_1159_0573.zip
IP
172.67.199.85
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
5.9 MB (5913005 bytes)
Hash
f5f0de02b9df62d5b6018c7a82e6d43b
621c4e475276d001b9233417ca3474be54e2fcce
21288935d934d5f02052dd2acdef82c71c4e090a7d7e6dffbdc64c2cbd1afef5

Archive (7)

Filename

Md5

File type

dbghelp.dll

be6e4e887bed50375d607605db52d155

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 10 sections

Go to project website for updates.url

06f22ae2a60103094518d6f76286eeee

MS Windows 95 Internet shortcut text (URL=<https://cemuhook.sshnuke.net>), ASCII text, with CRLF line terminators

sample_patches.zip

0c6dd9f3a2660a4789bb952cd4ed8f5f

Zip archive data, at least v1.0 to extract, compression method=store

keystone.dll

861abbc1bdd2380e00c1a3d6ed557e4d

PE32+ executable (DLL) (console) x86-64, for MS Windows, 7 sections

patches.txt

9d2e17580887c8a4b37ef0fe8116ce84

ASCII text

rules.txt

feacf6b02d31f484af9a6cbc48f6eeab

ASCII text

Get latest graphic packs from HERE.url

2044071fb6b01db25ce837fa61bc2347

MS Windows 95 Internet shortcut text (URL=<https://slashiee.github.io/cemu_graphic_packs/>), ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 9/66

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET files.sshnuke.net/cemuhook_1159_0573.zip

172.67.199.85

200 OK

5.9 MB

URL User Request GET
files.sshnuke.net/cemuhook_1159_0573.zip
IP
172.67.199.85:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectsshnuke.net
Fingerprint04:08:65:58:D3:1E:B8:2D:DF:1A:A0:53:BD:F9:46:50:3A:F6:08:75
ValidityTue, 22 Apr 2025 05:29:18 GMT - Mon, 21 Jul 2025 06:26:38 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
5.9 MB (5913005 bytes)
Hash
f5f0de02b9df62d5b6018c7a82e6d43b
621c4e475276d001b9233417ca3474be54e2fcce
21288935d934d5f02052dd2acdef82c71c4e090a7d7e6dffbdc64c2cbd1afef5

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 9/66

HTTP Headers

GET /cemuhook_1159_0573.zip HTTP/1.1
Host: files.sshnuke.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 10 May 2025 08:04:20 GMT
content-type: application/zip
content-length: 5913005
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Wed, 19 Jun 2019 09:44:56 GMT
etag: "5d0a0418-5a39ad"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=RKMs5gEGflQ9u79xvKMVb5XBcWJ0ylYgN5raLHyxsMdtbH6%2F0pXtfied1DpYr5dnVbxA5ha0TjJFdkKxyfSJr%2FGD9OkBTF0qToi28NAkP5RHtnAwyWuhOISBjHelzm%2BYSW9JWQ%3D%3D"}]}
cf-ray: 93d7ecdbb8fd0b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (7)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers