{"report_id":"ab2d2e63-6efc-4597-8d82-a09195a9f553","version":6,"status":"done","tags":[],"date":"2025-05-14T09:08:22Z","url":{"schema":"http","addr":"download.gzlanrui.com.cn/update/last/lanruizip.exe","fqdn":"download.gzlanrui.com.cn","domain":"gzlanrui.com.cn","tld":"com.cn"},"ip":{"addr":"58.218.215.106","port":0,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-23T09:08:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"download.gzlanrui.com.cn","ip":{"addr":"58.218.215.106","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"2014-10-21","domain_rank":0,"first_seen":"2017-01-30T09:00:22Z","last_seen":"2025-05-09T20:57:20.154443Z","alert_count":1,"request_count":1,"received_data":33145802,"sent_data":518,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"e75d57b962c2d08a2162d7cab0e95fdc","sha1":"69ff9fcbf1598cccc6c2300837eb0f3373ec69ed","sha256":"60a7572ab895283cbec5921072dbeabacd59594b9712dc86221245d223777e54","sha512":"c4677d20a393da710b77a1a305abc8a0b8225ac658ed798fa6f5b17ee38ec3c09316a150aedb7a53ccd04e1c1738617f3feec9fea285d06b99cbb62a7471f8f5","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections","size":33145000,"url":{"schema":"https","addr":"download.gzlanrui.com.cn/update/last/lanruizip.exe","fqdn":"download.gzlanrui.com.cn","domain":"gzlanrui.com.cn","tld":"com.cn"},"ip":{"addr":"58.218.215.106","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-14","alert":"Detect pe file that no import table","trigger":"download.gzlanrui.com.cn/update/last/lanruizip.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"e75d57b962c2d08a2162d7cab0e95fdc","sha1":"69ff9fcbf1598cccc6c2300837eb0f3373ec69ed","sha256":"60a7572ab895283cbec5921072dbeabacd59594b9712dc86221245d223777e54","sha512":"c4677d20a393da710b77a1a305abc8a0b8225ac658ed798fa6f5b17ee38ec3c09316a150aedb7a53ccd04e1c1738617f3feec9fea285d06b99cbb62a7471f8f5","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections","size":33145000,"url":{"schema":"https","addr":"download.gzlanrui.com.cn/update/last/lanruizip.exe","fqdn":"download.gzlanrui.com.cn","domain":"gzlanrui.com.cn","tld":"com.cn"},"ip":{"addr":"58.218.215.106","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-14","alert":"Detect pe file that no import table","trigger":"download.gzlanrui.com.cn/update/last/lanruizip.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-14","alert":"Detect pe file that no import table","trigger":"download.gzlanrui.com.cn/update/last/lanruizip.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"download.gzlanrui.com.cn/update/last/lanruizip.exe","fqdn":"download.gzlanrui.com.cn","domain":"gzlanrui.com.cn","tld":"com.cn"},"ip":{"addr":"58.218.215.106","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-14T09:07:50.432Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gzlanrui.com.cn","organization":""},"issuer":{"commonName":"KeepTrust DV TLS RSA CA G2","organization":"Shanghai Huandu Info Tech Co. Ltd."},"validity":{"start":"Sat, 16 Nov 2024 03:42:06 GMT","end":"Tue, 16 Dec 2025 15:59:59 GMT"},"fingerprint":{"sha1":"05:43:E1:F4:CA:CD:14:E6:0D:17:46:E4:B9:9B:64:48:0A:0B:5F:13","sha256":"06:C4:D2:84:28:9E:13:C3:31:73:25:E7:12:A7:04:7D:CE:64:A4:07:5E:89:D2:85:BF:BA:31:A9:04:5C:F5:DF"}}},"request":{"raw":"GET /update/last/lanruizip.exe HTTP/1.1\r\nHost: download.gzlanrui.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/octet-stream\r\nContent-Length: 33145000\r\nConnection: keep-alive\r\nDate: Wed, 14 May 2025 08:38:45 GMT\r\nx-oss-request-id: 682456950747933536D017E0\r\nx-oss-cdn-auth: success\r\nAccept-Ranges: bytes\r\nx-oss-object-type: Multipart\r\nx-oss-storage-class: Standard\r\nx-oss-server-time: 118\r\nVia: cache52.l2cn3031[0,0,304-0,H], cache35.l2cn3031[1,0], kunlun3.cn192[0,0,200-0,H], kunlun2.cn192[1,0]\r\nETag: \"065001B25088CA7D6873420316FF8671-4\"\r\nLast-Modified: Wed, 23 Apr 2025 09:01:30 GMT\r\nx-oss-hash-crc64ecma: 15518794306572473228\r\nAge: 1747\r\nAli-Swift-Global-Savetime: 1747211925\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Wed, 14 May 2025 08:54:02 GMT\r\nX-Swift-CacheTime: 3600\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01617472136727468910e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":33145000,"size_decoded":0,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections","md5":"e75d57b962c2d08a2162d7cab0e95fdc","sha1":"69ff9fcbf1598cccc6c2300837eb0f3373ec69ed","sha256":"60a7572ab895283cbec5921072dbeabacd59594b9712dc86221245d223777e54","sha512":"c4677d20a393da710b77a1a305abc8a0b8225ac658ed798fa6f5b17ee38ec3c09316a150aedb7a53ccd04e1c1738617f3feec9fea285d06b99cbb62a7471f8f5","ssdeep":"","tlshash":"1401595b57969df2e90a007ad40347196361927597b0d24b1f85c43a1a17f5c1d4b980","first_seen":"2025-05-07T05:39:09.094437Z","last_seen":"2025-05-15T20:20:43.964134Z","times_seen":5,"resource_available":false,"data":null}},"time_used":28338,"timings":{"blocked":2014,"dns":811,"connect":239,"send":0,"wait":451,"receive":23858,"ssl":959},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-14","alert":"Detect pe file that no import table","trigger":"download.gzlanrui.com.cn/update/last/lanruizip.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}],"urlquery":null}}]}