Report - raw.githubusercontent.com/pankoza2-pl/salinewin.exe-Malware/refs/heads/main/salinewin.exe%20source%20code.zip

Report Overview

Visited public
2025-02-17 13:18:20
Tags
URL
raw.githubusercontent.com/pankoza2-pl/salinewin.exe-Malware/refs/heads/main/salinewin.exe%20source%20code.zip
Finishing URL
about:privatebrowsing
IP / ASN
185.199.108.133
#54113 FASTLY
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
raw.githubusercontent.com	35802	2014-02-06	2014-03-01	2025-02-12	575 B	12 MB	185.199.110.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
raw.githubusercontent.com/pankoza2-pl/salinewin.exe-Malware/refs/heads/main/salinewin.exe%20source%20code.zip
IP
185.199.110.133
ASN
#54113 FASTLY

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
12 MB (12523213 bytes)
Hash
2a2aed5bbdbffbe427fae0495b39c303
5443a547a7c6b921b50bf5bbc4348fa506f0b05f
78aefd46d31f2bb67f0b9bd0d831f10f21bfd9d44b9deebcfa52c45e85a72473

Archive (84)

Filename

Md5

File type

Create.bat

61e988b23f22b1c21626df02ca92b010

DOS batch file, ASCII text

decompress.asm

92d328c40ad015ee16ca8e0a3024bddc

ASCII text

kernel.asm

cbbbdd6f0e7adf9e8a98744775875d42

ASCII text

disk.img

ab88bbeaca0fb2eda4366df29576be8b

DOS/MBR boot sector

Custom.bin

1fd75e40cfa68f453e189a42c07a87af

OpenPGP Public Key

Custom.png

fad270c9a8fb267d0e1d8e61ef5b2e73

PNG image data, 320 x 200, 8-bit/color RGBA, non-interlaced

compress.cpp

180299633ade892cc8090493aa2d6684

C source, ASCII text

compress.exe

884e43a197998dfeac6865c525321935

PE32 executable (console) Intel 80386, for MS Windows, 13 sections

nasm.exe

288f2be6334f4ea09abf3209166f9ac1

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

png2bin.exe

c6f98ceec41c080120ebd6121fab72a1

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

png2bin.py

32dfd28117b185e4870eaf506bb38af7

Python script, ASCII text executable

png2bin.spec

75b2b94d50349f896b07076bcfe2b6c9

ASCII text

bios.bin

1ef20d0614ffaf802f5b1fd408078241

data

libcurl-4.dll

baae54b1157b4c9587cceb4680b13da5

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections

pxe-e1000.bin

8226b7e99dd7f341265b450299c72e73

BIOS (ia32) ROM Ext. (141*512) jmp 0x0090; at 0x38 PNP network controller ethernet, CRC 0xd7, at 0x58 "http://etherboot.org", at 0x6d "gPXE", IPL, bootable, cacheable, shadowable, InitialModel, bootstrap offset 0x336; at 0x1c PCI Intel device=0x100e network controller ethernet, revision 3, code revision 0x3, last ROM, 3rd reserved 0x8d00

qemu.exe

98dfea60ecff618c2940823119a279b4

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 6 sections

SDL.dll

cea03998e710dc5bfc4954cde440333d

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 17 sections

vgabios-cirrus.bin

b2c0e52d8c74a30b5af63f44f49456fe

BIOS (ia32) ROM Ext. IBM comp. Video (70*512) jmp 0x0121; at 0x10f PCI Cirrus Logic device=0x00b8 PRIOR, ProgIF=3, last ROM

salinewin.exe

2b1e9226d7e1015552a21faca891ec41

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

salinewin.iobj

8b5bd2d7e1764f088cbc4724e5ba30c0

Intel 80386 COFF object file, not stripped, 77 sections, symbol offset=0x1915e, 249 symbols, created Sat Nov 19 19:39:40 2022, 1st section name ".drectve"

salinewin.ipdb

736f28c1e467658b2b518f9d46478861

data

salinewin.pdb

4c5f4e3475051b0405eba2091a451fef

MSVC program database ver 7.00, 4096*869 bytes

bootrec.h

0d728596ecc7822e49560dc09f13686c

CSV ASCII text

Resource.res

f0858ec94a1d780a29e4cc21f3482990

MSVC .res

salinewin.log

4ddefa35048de9e98640375129234a0d

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

salinewin.obj

16ea4953004e53685104272b1dbb9d6a

Common Data Format (Version 2.5 or earlier) data

CL.command.1.tlog

06f2302435737d2d0f99435747cf70ea

Unicode text, UTF-16, little-endian text, with very long lines (310), with CRLF line terminators

CL.read.1.tlog

bad5358140230dcad125aef80cb5794e

Unicode text, UTF-16, little-endian text, with CRLF line terminators

CL.write.1.tlog

38da06003f579b9756d6abe8c099917c

Unicode text, UTF-16, little-endian text, with CRLF line terminators

link.command.1.tlog

779e19fce5d3bcd8d65424a6057f165f

Unicode text, UTF-16, little-endian text, with very long lines (625), with CRLF line terminators

link.read.1.tlog

9b902ee2880a7082c9edb68ceb898e56

Unicode text, UTF-16, little-endian text, with CRLF line terminators

link.write.1.tlog

31eb5ad3963347f5317c6ba48de45c29

Unicode text, UTF-16, little-endian text, with CRLF line terminators

rc.command.1.tlog

329e06691799ea410772cf1977513ffb

Unicode text, UTF-16, little-endian text, with CRLF line terminators

rc.read.1.tlog

9615590331e00dae349a9b719799d0c0

Unicode text, UTF-16, little-endian text, with CRLF line terminators

rc.write.1.tlog

9b92e347b6f16542443e66618fe863c9

Unicode text, UTF-16, little-endian text, with CRLF line terminators

salinewin.lastbuildstate

5d9b2648b49ed432b3da70e9f7142760

ASCII text, with CRLF line terminators

vc140.pdb

c1f4ca8db21c8f55516e34d3d2b7e4cd

MSVC program database ver 7.00, 4096*37 bytes

Resource.aps

ebb480877baeb04987c0f34b8cefb70b

MSVC .res

resource.h

dde22e943087e83380a93ace33375276

C source, ASCII text, with CRLF line terminators

Resource.rc

c5902749df6dfbab2065fe814c673c46

C source, ASCII text, with CRLF line terminators

salinewin.cpp

7010cc80b4dae029a1b0447b4e4757e0

C source, ASCII text, with CRLF line terminators

salinewin.vcxproj

2af9f994e6c3a4ef08fa365104347537

XML 1.0 document, ASCII text, with CRLF line terminators

salinewin.vcxproj.filters

9b0ec03258d8bbf5b3605431f37dfb32

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

salinewin.vcxproj.user

244d056f5e959be6d9a2f7e94686f1c8

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

salt.ico

c107e020da81265543943bacc89a52c1

MS Windows icon resource - 8 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel

salinewin.sln

5ae2566e2bdd24680dcc2b665cda2d53

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

salinewin-safety.exe

601283c004aa6e4bcebfb6e844eb653c

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

salinewin-safety.iobj

55ef42adfa923129cb6feca14c1212c7

Intel 80386 COFF object file, not stripped, 58 sections, symbol offset=0xf80d, 182 symbols, created Sat Nov 19 19:42:49 2022, 1st section name ".drectve"

salinewin-safety.ipdb

00c7606d545c9162808a79eae40f019c

data

salinewin-safety.pdb

c90f2a1d116d61bed2889d2ef75a7519

MSVC program database ver 7.00, 4096*773 bytes

Resource.res

f0858ec94a1d780a29e4cc21f3482990

MSVC .res

salinewin-safety.obj

11378df7b0e3511cba217274b7df5a9f

Common Data Format (Version 2.5 or earlier) data

CL.command.1.tlog

f796f40d451dea0ffb0618eb18157482

Unicode text, UTF-16, little-endian text, with very long lines (324), with CRLF line terminators

CL.read.1.tlog

16de68763e387e038c61bc7a43250ccd

Unicode text, UTF-16, little-endian text, with CRLF line terminators

CL.write.1.tlog

022deba77b34d4f23ecc0c8b801f1e0b

Unicode text, UTF-16, little-endian text, with CRLF line terminators

link.command.1.tlog

474b4024c1a7e6f0c5fcce5fc5896b8f

Unicode text, UTF-16, little-endian text, with very long lines (665), with CRLF line terminators

link.read.1.tlog

d597b58831ceb9e028a60f3a8427a6e6

Unicode text, UTF-16, little-endian text, with CRLF line terminators

link.write.1.tlog

3c41dd8ab887c38fc59055e63f60f896

Unicode text, UTF-16, little-endian text, with CRLF line terminators

rc.command.1.tlog

b73495d4b612cbe08970e6abc3f7f50c

Unicode text, UTF-16, little-endian text, with CRLF line terminators

rc.read.1.tlog

078b4141ac413817b2fde8141705aebe

Unicode text, UTF-16, little-endian text, with CRLF line terminators

rc.write.1.tlog

510803d98a1b2d38b1e8b62a7ca83d82

Unicode text, UTF-16, little-endian text, with CRLF line terminators

salinewin-safety.lastbuildstate

dee923d100c226c807699b64ba95e5ff

ASCII text, with CRLF line terminators

salinewin.log

6cf60c51ccf814fcac268e23bf6c82c7

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

salinewin.obj

16ea4953004e53685104272b1dbb9d6a

Common Data Format (Version 2.5 or earlier) data

CL.command.1.tlog

06f2302435737d2d0f99435747cf70ea

Unicode text, UTF-16, little-endian text, with very long lines (310), with CRLF line terminators

CL.read.1.tlog

bad5358140230dcad125aef80cb5794e

Unicode text, UTF-16, little-endian text, with CRLF line terminators

CL.write.1.tlog

38da06003f579b9756d6abe8c099917c

Unicode text, UTF-16, little-endian text, with CRLF line terminators

link.command.1.tlog

779e19fce5d3bcd8d65424a6057f165f

Unicode text, UTF-16, little-endian text, with very long lines (625), with CRLF line terminators

link.read.1.tlog

9b902ee2880a7082c9edb68ceb898e56

Unicode text, UTF-16, little-endian text, with CRLF line terminators

link.write.1.tlog

31eb5ad3963347f5317c6ba48de45c29

Unicode text, UTF-16, little-endian text, with CRLF line terminators

rc.command.1.tlog

329e06691799ea410772cf1977513ffb

Unicode text, UTF-16, little-endian text, with CRLF line terminators

rc.read.1.tlog

9615590331e00dae349a9b719799d0c0

Unicode text, UTF-16, little-endian text, with CRLF line terminators

rc.write.1.tlog

9b92e347b6f16542443e66618fe863c9

Unicode text, UTF-16, little-endian text, with CRLF line terminators

salinewin.lastbuildstate

5d9b2648b49ed432b3da70e9f7142760

ASCII text, with CRLF line terminators

vc140.pdb

dd7b3f6452e1225822fef8b7c501d875

MSVC program database ver 7.00, 4096*37 bytes

Resource.aps

ebb480877baeb04987c0f34b8cefb70b

MSVC .res

resource.h

dde22e943087e83380a93ace33375276

C source, ASCII text, with CRLF line terminators

Resource.rc

c5902749df6dfbab2065fe814c673c46

C source, ASCII text, with CRLF line terminators

salinewin-safety.cpp

d7dc3db5b7f8ce1533e6cb41a330abe2

C source, ASCII text, with CRLF line terminators

salinewin.vcxproj

1808f53e14e2d6091b9524d7afedfaed

XML 1.0 document, ASCII text, with CRLF line terminators

salinewin.vcxproj.filters

8bf1bc1cdbdfd041c6fc19c40812e748

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

salinewin.vcxproj.user

244d056f5e959be6d9a2f7e94686f1c8

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

salt.ico

c107e020da81265543943bacc89a52c1

MS Windows icon resource - 8 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel

salinewin-safety.sln

5ae2566e2bdd24680dcc2b665cda2d53

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Compiled Impacket Tools
Public InfoSec YARA rules	malware	Identifies executable converted using PyInstaller.
VirusTotal	malicious	VirusTotal - Scan result 49/68

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

raw.githubusercontent.com/pankoza2-pl/salinewin.exe-Malware/refs/heads/main/salinewin.exe%20source%20code.zip

185.199.110.133

200 OK

12 MB

URL User Request GET HTTP/2
raw.githubusercontent.com/pankoza2-pl/salinewin.exe-Malware/refs/heads/main/salinewin.exe%20source%20code.zip
IP
185.199.110.133:443
ASN
#54113 FASTLY

Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
12 MB (12523213 bytes)
Hash
2a2aed5bbdbffbe427fae0495b39c303
5443a547a7c6b921b50bf5bbc4348fa506f0b05f
78aefd46d31f2bb67f0b9bd0d831f10f21bfd9d44b9deebcfa52c45e85a72473

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 49/68

HTTP Headers

GET /pankoza2-pl/salinewin.exe-Malware/refs/heads/main/salinewin.exe%20source%20code.zip HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
etag: W/"f3eb51724d334492d9e463ccfa39f018a86c08ce655ec14995f311e762c1823c"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 3CFB:50901:1C3D98D:1D6B53D:67B336FB
accept-ranges: bytes
date: Mon, 17 Feb 2025 13:17:47 GMT
via: 1.1 varnish
x-served-by: cache-hel1410020-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1739798268.596592,VS0,VE403
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 7090d9bd719290f8213376d8647a76a385cdab0d
expires: Mon, 17 Feb 2025 13:22:47 GMT
source-age: 0
content-length: 12523213
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (84)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers