Report - openrgb.org/releases/release_0.9/OpenRGB_0.9_Windows_64

Report Overview

Submitted URL
openrgb.org/releases/release_0.9/OpenRGB_0.9_Windows_64_b5f46e3.zip
IP
35.185.44.232
ASN
#396982 GOOGLE-CLOUD-PLATFORM
Submitted
2024-04-20 13:03:26
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
openrgb.org	unknown	2021-03-14	2021-04-04	2024-03-26	521 B	12 MB	35.185.44.232

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
openrgb.org/releases/release_0.9/OpenRGB_0.9_Windows_64_b5f46e3.zip
IP
35.185.44.232
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
12 MB (11849808 bytes)
Hash
2646fd5cdb2fdfc9a814315cf09f0477
529622ee78a7bcb3f5548a86a0f933b41ad42332
4a42df973bf9e0694268993478f03a71dafbf2ddbcb1512835b4bbabdc6dc6de

Archive (14)

Filename

Md5

File type

OpenRGB.exe

3589b4866ca6e16dfc384bf0b24ad185

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

OpenRazer64.dll

0e18430c46c4ba7300ebe1fb332221db

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections

Qt5Core.dll

1a0705c28617a5844adc02457698aac6

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

Qt5Gui.dll

3363e392e7fd4201274579677707bb5f

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

Qt5Widgets.dll

fc71f4da282360f45d8d0b47aa17727c

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

WinRing0x64.dll

eb31c77ef331ec4cbf7262cda4d1233a

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

WinRing0x64.sys

0c0195c48b6b8582fa6f6373032118da

PE32+ executable (native) x86-64, for MS Windows, 6 sections

hidapi.dll

217bcada3a436a72c5813284893c743e

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

qgif.dll

8d3afca5aa110bb26808ca79b1e23f15

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

qico.dll

ddd87f88cc7158f678bc30f9267cb070

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

qjpeg.dll

cab145e809decded38364723ba680954

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

libusb-1.0.dll

b7bd43f0e6c23d3192ae6196695e0956

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

qwindows.dll

dbc3d268ba70ab9ea301f05d80c585e9

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

qwindowsvistastyle.dll

ae943e6f60a7b70189db97d1f723a5d1

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - WinRing0x64.sys
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 3/64

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

openrgb.org/releases/release_0.9/OpenRGB_0.9_Windows_64_b5f46e3.zip

35.185.44.232

200 OK

12 MB

URL User Request GET HTTP/2
openrgb.org/releases/release_0.9/OpenRGB_0.9_Windows_64_b5f46e3.zip
IP
35.185.44.232:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Certificate
IssuerLet's Encrypt
Subjectopenrgb.org
Fingerprint52:8E:28:B9:E2:8F:ED:53:5B:65:BF:D8:0B:DC:3A:8A:89:53:C5:DF
ValidityMon, 18 Mar 2024 14:51:08 GMT - Sun, 16 Jun 2024 14:51:07 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
12 MB (11849808 bytes)
Hash
2646fd5cdb2fdfc9a814315cf09f0477
529622ee78a7bcb3f5548a86a0f933b41ad42332
4a42df973bf9e0694268993478f03a71dafbf2ddbcb1512835b4bbabdc6dc6de

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/64

HTTP Headers

GET /releases/release_0.9/OpenRGB_0.9_Windows_64_b5f46e3.zip HTTP/1.1
Host: openrgb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=600
content-type: application/zip
etag: "486cba5fc8f564553197eece7b6a33a1aab3cdeb01b8610198c82d3453e99cf7"
expires: Sat, 20 Apr 2024 13:12:55 UTC
last-modified: Mon, 01 Apr 2024 23:02:11 GMT
permissions-policy: interest-cohort=()
vary: Origin
content-length: 11849808
date: Sat, 20 Apr 2024 13:02:55 GMT
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (14)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers