Report - github.com/ValdikSS/GoodbyeDPI/releases/download/0.2.3rc2/goodbyedpi-0.2.3rc2.zip

Report Overview

Visitedpublic

2024-12-29 17:05:54

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
github.com	1423	2007-10-09	2016-07-13	2024-12-25	535 B	4.3 kB	140.82.121.4
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2024-12-25	965 B	1.1 MB	185.199.110.133

Related reports

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

objects.githubusercontent.com/github-production-release-asset-2e65be/91493088/46f83bda-2730-48ca-bc92-54102e2af783?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241229%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241229T170529Z&X-Amz-Expires=300&X-Amz-Signature=f206856bb8bc28103b0588ae699acebf6b72c439bcdcc860e46585a5a46647b3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dgoodbyedpi-0.2.3rc2.zip&response-content-type=application%2Foctet-stream

IP / ASN

185.199.110.133

#54113 FASTLY

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=store

Size1.1 MB (1083625 bytes)

MD56fc25f0c7044a292fb67bd6ba063d900

SHA128e9d01a471f4ff0228cfe9af1958e4d4d97c6fd

SHA256f081740ce7d0fef4d8e7988347697b37943c3cb14cfcc0a32d22328752d0fef0

Archive (25)

Modified	Filename	Size	MD5	File type
2017-12-17 00:31	LICENSE-getline.txt	1.5 kB	3a7edebc3612bcea2306f73b92342a44	ASCII text, with CRLF line terminators
2017-05-26 15:59	LICENSE-goodbyedpi.txt	12 kB	c4082b6c254c9fb71136710391d9728b	ASCII text, with CRLF line terminators
2106-02-07 09:28	LICENSE-uthash.txt	1.1 kB	5cc1f1e4c71f19f580458586756c02b4	ASCII text
2017-05-26 15:59	LICENSE-windivert.txt	41 kB	b864fbb188a7c3a11cef80f3ee902d77	ASCII text, with CRLF line terminators
2024-07-31 11:49	WinDivert.dll	43 kB	1cb0efd60883b5637b31bf46c34ae199	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections
2024-07-31 11:49	WinDivert32.sys	78 kB	cd477ee96ff05cacda8ac3c0e9316d7a	PE32 executable (native) Intel 80386, for MS Windows, 6 sections
2024-07-31 11:49	WinDivert64.sys	92 kB	6a33620de63bccaf5e5314ee49cd58fb	PE32+ executable (native) x86-64, for MS Windows, 8 sections
2024-09-14 20:27	goodbyedpi.exe	101 kB	ca4bb8e03aef6cd3681f3f5d22420688	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 11 sections
2024-07-31 11:49	WinDivert.dll	47 kB	88e1c19b978436258f7c938013408a8a	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections
2024-07-31 11:49	WinDivert64.sys	92 kB	6a33620de63bccaf5e5314ee49cd58fb	PE32+ executable (native) x86-64, for MS Windows, 8 sections
2024-09-14 20:27	goodbyedpi.exe	102 kB	17d48981add03f748a33175d19d305a5	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 12 sections
2024-07-31 14:53	0_russia_update_blacklist_file.cmd	130 B	a6af4b081a4cbcd448759306b2366eac	DOS batch file, ASCII text
2024-08-01 07:50	1_russia_blacklist.cmd	274 B	76763259e528cd27e998fb4c665c2b78	DOS batch file, ASCII text
2024-08-01 07:50	1_russia_blacklist_dnsredir.cmd	361 B	06018c5958cddd1d0cf3135762aeb2eb	DOS batch file, ASCII text
2024-07-31 14:54	2_any_country.cmd	204 B	72103c58f2ed536ebc07e19fd00fa2f0	DOS batch file, ASCII text
2024-07-31 14:54	2_any_country_dnsredir.cmd	291 B	77048213eb9358ff71f99667dd08034b	DOS batch file, ASCII text
2024-08-01 07:56	service_install_russia_blacklist.cmd	660 B	af6dac6686b77dc51203800737f41b75	DOS batch file, ASCII text
2024-08-01 09:33	service_install_russia_blacklist_dnsredir.cmd	747 B	77b1d63472e67c4368961c463cc1d92c	DOS batch file, ASCII text
2024-09-14 23:34	service_remove.cmd	309 B	204b35d000d6b29c1102b1d8b6a63dc7	DOS batch file, ASCII text
2024-09-14 23:28	russia-blacklist.txt	2.4 MB	c778017427c08556621c3360e7b60b12	ASCII text
2024-09-14 23:31	russia-youtube.txt	256 B	91d74100607dba77eda0d7a75dacb0cc	ASCII text
2024-09-14 23:32	1_russia_blacklist_YOUTUBE.cmd	287 B	2627a5d6391bf8e824ecebecb370c09e	DOS batch file, ASCII text
2024-09-14 23:34	service_install_russia_blacklist_YOUTUBE.cmd	673 B	13a3550b6edd5b95127889f95b79c764	DOS batch file, ASCII text
2024-09-14 23:35	service_install_russia_blacklist_YOUTUBE_ALT.cmd	680 B	e2ba1aaf4a89b8f271ca78f3598054ca	DOS batch file, ASCII text
2024-09-14 23:33	1_russia_blacklist_YOUTUBE_ALT.cmd	294 B	61d122cea83daa938ccc8fe87a5b8d97	DOS batch file, ASCII text

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects WinDivert User-Mode packet capturing driver
Public Nextron YARA rules	malware	Detects WinDivert User-Mode packet capturing driver
VirusTotal	suspicious	VirusTotal - Scan result 2/65

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size