Report - reqrypt.org/download/WinDivert-2.2.0-D.zip

Report Overview

Visitedpublic

2024-07-31 19:47:22

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-30 18:12:03	2.9 kB	8.0 kB	23.36.76.226
reqrypt.org	unknown	2010-12-16	2013-11-30 04:35:23	2024-04-17 11:56:15	496 B	399 kB	104.21.5.43

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

reqrypt.org/download/WinDivert-2.2.0-D.zip

IP / ASN

104.21.5.43

#13335 CLOUDFLARENET

File Overview

File TypeZip archive data, at least v1.0 to extract, compression method=store

Size398 kB (398477 bytes)

MD5d7746b474aebe0d4ce3fd19ed8615ff8

SHA1d3aa3d91c6089f05749b90eedd561f486c626229

SHA2561d461cfdfa7ba88ebcfbb3603b71b703e9f72aba8aeff99a75ce293e6f89d2ba

Archive (31)

Modified	Filename	Size	MD5	File type
2019-12-11 09:10	README	3.4 kB	49af2625176de01754c37336f99c859d	ASCII text
2019-12-11 09:10	windivert.h	20 kB	35b5cd3b17b74a42794ae8e225a3f0aa	C source, ASCII text
2019-12-11 09:10	VERSION	6 B	ec296eca45d9fbfb662adfdaf52cfe51	ASCII text
2019-12-11 09:10	netdump.exe	17 kB	8a2e677c905839bd04df967a5088dcbb	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections
2019-12-11 09:10	windivertctl.exe	18 kB	12e680ec94aad438219c8be73d69ace7	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections
2019-12-11 09:10	WinDivert64.sys	92 kB	6a33620de63bccaf5e5314ee49cd58fb	PE32+ executable (native) x86-64, for MS Windows, 8 sections
2019-12-11 09:10	passthru.exe	14 kB	ca5124e17232a76fbf084b350f76cf38	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections
2019-12-11 09:10	test.exe	59 kB	45b53c9f1cda90786a3dad945054767e	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections
2019-12-11 09:10	socketdump.exe	15 kB	64f0b8fe48c0f41031af83b6993bcbd6	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections
2019-12-11 09:10	streamdump.exe	17 kB	1ab29791afdf6021002d825d840cc700	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections
2019-12-11 09:10	netfilter.exe	17 kB	f6f50bf5838b59b5e8d5ccb8c845f8b6	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections
2019-12-11 09:10	webfilter.exe	17 kB	076af8da98e18c457119ce5d23cf5197	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections
2019-12-11 09:10	WinDivert.dll	43 kB	1cb0efd60883b5637b31bf46c34ae199	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections
2019-12-11 09:10	flowtrack.exe	16 kB	2ee4d3755babb220749380f95ac16cd6	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections
2019-12-11 09:10	WinDivert.lib	25 kB	cb2bbf358062f9312878c872ed6ce102	current ar archive
2019-12-11 09:10	WinDivert32.sys	78 kB	cd477ee96ff05cacda8ac3c0e9316d7a	PE32 executable (native) Intel 80386, for MS Windows, 6 sections
2019-12-11 09:10	WinDivert.html	108 kB	e5ca1069c0f7fdcc0eddb2bc88baeb56	HTML document, ASCII text
2019-12-11 09:10	LICENSE	61 kB	bbd7a5894dfb29429e01764c2b3e6265	ASCII text
2019-12-11 09:10	netdump.exe	22 kB	2ced687629072ede95a2d9d2f484ea52	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections
2019-12-11 09:10	windivertctl.exe	22 kB	8a4f70492f2ff5e008a7a3c4ad9ad908	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections
2019-12-11 09:10	WinDivert64.sys	92 kB	6a33620de63bccaf5e5314ee49cd58fb	PE32+ executable (native) x86-64, for MS Windows, 8 sections
2019-12-11 09:10	passthru.exe	18 kB	626886e6c43d7669df3764ba7de5610b	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections
2019-12-11 09:10	test.exe	66 kB	c71b02db143fbba503582e703d59a8cc	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections
2019-12-11 09:10	socketdump.exe	19 kB	5dd2eafc22b41c3ec2a872afd1c0fb3b	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections
2019-12-11 09:10	streamdump.exe	22 kB	c366fb21bf2f6441754c8820672c4664	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections
2019-12-11 09:10	netfilter.exe	22 kB	7ab2970643dbb0feaafe3a34f1b094ae	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections
2019-12-11 09:10	webfilter.exe	22 kB	8dd2e73a5a6331a1144c0385247b729d	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections
2019-12-11 09:10	WinDivert.dll	47 kB	88e1c19b978436258f7c938013408a8a	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections
2019-12-11 09:10	flowtrack.exe	20 kB	b28834c7fb7b71f6744cc34bc18b73f7	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections
2019-12-11 09:10	WinDivert.lib	25 kB	431fa2fa20fb71413dfa6508a0575e35	current ar archive
2019-12-11 09:10	CHANGELOG	17 kB	4571c7584fe04718f614f80f3dbec785	ASCII text

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects WinDivert User-Mode packet capturing driver
Public Nextron YARA rules	malware	Detects WinDivert User-Mode packet capturing driver
VirusTotal	malicious	VirusTotal - Scan result 11/64

JavaScript (0)

HTTP Transactions (10)

	URL	IP	Response	Size