Report Overview
Visitedpublic
2025-02-01 18:22:46
Tags
Submit Tags
URL
github.com/kkkgo/KMS_VL_ALL/archive/refs/heads/master.zip
Finishing URL
about:privatebrowsing
IP / ASN
140.82.121.3
Title
about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
github.com | 1423 | 2007-10-09 | 2016-07-13 | 2025-01-29 | 523 B | 3.9 kB | 140.82.121.4 | |
codeload.github.com 2 alert(s) on this Host | 62359 | 2007-10-09 | 2013-04-18 | 2025-01-29 | 526 B | 180 kB | 140.82.121.10 |
Related reports
Threat Detection Systems
Public InfoSec YARA rules
No alerts detected
OpenPhish
No alerts detected
PhishTank
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
File detected
URL
codeload.github.com/kkkgo/KMS_VL_ALL/zip/refs/heads/master
IP / ASN
140.82.121.10
File Overview
File TypeZip archive data, at least v1.0 to extract, compression method=store
Size180 kB (179845 bytes)
MD58a848b909d3c248599a1c7ff87e218f9
SHA125ab3cfee6ede8b191773e23c50b63098eedd0ac
Archive (19)
| Filename | MD5 | File type |
|---|---|---|
| A64.dll | 698d2d01011110b0ba4aab62f92b9909 | PE32+ executable (DLL) (native) Aarch64, for MS Windows, 4 sections |
| SvcTrigger.xml | ade0007995da8218a924eae18dd5ffa4 | XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators |
| cleanosppx64.exe | 162ab955cb2f002a73c1530aa796477f | PE32+ executable (console) x86-64, for MS Windows, 5 sections |
| cleanosppx86.exe | 5fd363d52d04ac200cd24f3bcc903200 | PE32 executable (console) Intel 80386, for MS Windows, 3 sections |
| x64.dll | 2914300a6e0cdf7ed242505958ac0bb5 | PE32+ executable (DLL) (native) x86-64, for MS Windows, 4 sections |
| x86.dll | 2a2bbc30d8e715c3c29e728989498469 | PE32 executable (DLL) (native) Intel 80386, for MS Windows, 4 sections |
| setupcomplete.cmd | 65bc53900c0b960220a5af59b3ab9eb6 | ASCII text |
| Activate.cmd | 27dbbeda34fa7260a3dc9f6fd1398fdd | ASCII text |
| AutoRenewal-Setup.cmd | b9590b32f11fa467938518bad08b66f0 | ASCII text |
| Check-Activation-Status-vbs.cmd | 48af8f351df5b7a7a341a4c1e0f0270a | ASCII text |
| Check-Activation-Status-wmic.cmd | d2e352bab312e0adf78b32678ba5d3d0 | ASCII text, with very long lines (361) |
| README.md | b62afe023b7da83362b66405b866a937 | Unicode text, UTF-8 text |
| ReadMe.html | 56b89b9bdca3b00ffc5886477ce6f0dc | HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (596) |
| A64.dll | 698d2d01011110b0ba4aab62f92b9909 | PE32+ executable (DLL) (native) Aarch64, for MS Windows, 4 sections |
| SvcTrigger.xml | ade0007995da8218a924eae18dd5ffa4 | XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators |
| cleanosppx64.exe | 162ab955cb2f002a73c1530aa796477f | PE32+ executable (console) x86-64, for MS Windows, 5 sections |
| cleanosppx86.exe | 5fd363d52d04ac200cd24f3bcc903200 | PE32 executable (console) Intel 80386, for MS Windows, 3 sections |
| x64.dll | 2914300a6e0cdf7ed242505958ac0bb5 | PE32+ executable (DLL) (native) x86-64, for MS Windows, 4 sections |
| x86.dll | 2a2bbc30d8e715c3c29e728989498469 | PE32 executable (DLL) (native) Intel 80386, for MS Windows, 4 sections |
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| YARAhub by abuse.ch | malware | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
| YARAhub by abuse.ch | malware | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
| YARAhub by abuse.ch | malware | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
| VirusTotal | malicious | |
| ClamAV | malicious | Win.Trojan.Generic-10036804-0 |
JavaScript (0)
No JavaScripts
HTTP Transactions (2)
| URL | IP | Response | Size |
|---|