Report - download.peoplecert.org/files/examshieldlauncher.exe?id=anonymous&ticks=1647274825234currentcategorization:educationlasttimerated/

Report Overview

Visited public
2023-12-10 09:48:32
Tags
URL
download.peoplecert.org/files/examshieldlauncher.exe?id=anonymous&ticks=1647274825234currentcategorization:educationlasttimerated/
Finishing URL
about:privatebrowsing
IP / ASN
45.60.47.233
#19551 INCAPSULA
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
download.peoplecert.org	unknown	2006-01-31	2014-10-07 13:29:45	2023-12-09 06:14:52	596 B	926 kB	45.60.47.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-12-10	medium	download.peoplecert.org/files/examshieldlauncher.exe?id=anonymous&ticks=1647274825234currentcategorization:educationlasttimerated/	meth_get_eip

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
download.peoplecert.org/files/examshieldlauncher.exe?id=anonymous&ticks=1647274825234currentcategorization:educationlasttimerated/
IP
45.60.47.233
ASN
#19551 INCAPSULA

File type
PE32 executable (GUI) Intel 80386, for MS Windows - data
Size
924 kB (924469 bytes)
Hash
d546fa0b636fdb2078598ebf1e48c41c
84972f1617a8c7e35cec76c65233bbf529f4b26d
e2426f3459ee33672e8bcf95f5b333d3f236a4fdb63f644a8f6a8f2ffabce3a7

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	suspicious	VirusTotal - Scan result 1/70

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

download.peoplecert.org/files/examshieldlauncher.exe?id=anonymous&ticks=1647274825234currentcategorization:educationlasttimerated/

45.60.47.233

200 OK

924 kB

URL User Request GET HTTP/2
download.peoplecert.org/files/examshieldlauncher.exe?id=anonymous&ticks=1647274825234currentcategorization:educationlasttimerated/
IP
45.60.47.233:443
ASN
#19551 INCAPSULA

Certificate
IssuerDigiCert Inc
Subject*.peoplecert.org
FingerprintF3:6A:8A:8E:F8:5A:80:6E:22:8F:96:C4:AA:3A:AF:78:6E:A7:58:E3
ValidityMon, 10 Jul 2023 00:00:00 GMT - Fri, 09 Aug 2024 23:59:59 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows - data
Size
924 kB (924469 bytes)
Hash
d546fa0b636fdb2078598ebf1e48c41c
84972f1617a8c7e35cec76c65233bbf529f4b26d
e2426f3459ee33672e8bcf95f5b333d3f236a4fdb63f644a8f6a8f2ffabce3a7

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	suspicious	VirusTotal - Scan result 1/70

HTTP Headers

GET /files/examshieldlauncher.exe?id=anonymous&ticks=1647274825234currentcategorization:educationlasttimerated/ HTTP/1.1
Host: download.peoplecert.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-length: 924469
content-type: application/octet-stream
content-encoding: gzip
expires: Tue, 1 Jan 1980 00:00:00 GMT
last-modified: Sun, 10 Dec 2023 09:04:04 GMT
accept-ranges: bytes
etag: "tGST0BWvYj+gd5IrIWnE9w=="
server-timing: intid;desc=30e028970907be3f
content-disposition: attachment; filename="examshieldlauncher.exe"
date: Sun, 10 Dec 2023 09:46:24 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
x-frame-options: SAMEORIGIN
set-cookie: ASP.NET_SessionId=2qmp2vsvmgspbsj5abhwhn42; path=/; secure; HttpOnly; SameSite=Lax
downck=50e6c337-bbff-44d6-b04e-124f51f82e1f; path=/
visid_incap_1974829=InMVxRcpQW6kQ3AnV/wQ5e+IdWUAAAAAQUIPAAAAAADNNKZ9DkzXzRXXARn3Kb4Q; expires=Sun, 08 Dec 2024 22:41:35 GMT; HttpOnly; path=/; Domain=.peoplecert.org; Secure; SameSite=None
nlbi_1974829=v/bYbNZ4uXex8QEiscj7uQAAAABNey7RGuNekXd5VqopmlVC; path=/; Domain=.peoplecert.org; Secure; SameSite=None
incap_ses_7236_1974829=gnQpL+b1i3Qe3Syvf3BrZPCIdWUAAAAAWiEe7WtkXw2baEIvhucz8w==; path=/; Domain=.peoplecert.org; Secure; SameSite=None
x-incap-sess-cookie-hdr: RB2WPIPJAGoe3Syvf3BrZPCIdWUAAAAAFB6oUvCJUsA/399i3d76Tw==
x-cdn: Imperva
x-iinfo: 9-293856-293858 NNNN CT(33 36 0) RT(1702201583910 17) q(0 0 0 0) r(1 3) U2
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers