Report - yxdt.game.keniub.com/newchrome/moduledll.zip

Report Overview

Submitted URL
yxdt.game.keniub.com/newchrome/moduledll.zip
IP
104.192.108.20
ASN
#55992 Beijing Qihu Technology Company Limited
Submitted
2024-07-27 02:21:34
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06	2024-07-26	2.0 kB	5.3 kB	23.36.76.226
yxdt.game.keniub.com	271081	2010-06-02	2015-01-08	2023-06-08	498 B	7.6 MB	104.192.108.20

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
yxdt.game.keniub.com/newchrome/moduledll.zip
IP
104.192.108.20
ASN
#55992 Beijing Qihu Technology Company Limited

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
7.6 MB (7624109 bytes)
Hash
419d78de82c71c1f211d7a80dd4118ca
d5aacc7bbc0e0a1d8ff8e425a9d7dd93bf52ec3b
72191a0ca2904c23ecc68d08d964cb0fe9902b3370c1faa838569ad52725b019

Archive (24)

Filename

Md5

File type

360Base.dll

2f9fe542b5f9812d1d4dc56736bf903b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

360Base64.dll

c9c185959497d52f5de54dc8d12b1df4

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

360NetUL.dll

cd03029957ebc78c0ca7a6c02a9ca846

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

360P2SP.dll

d47bb1ada6dcd905a47875af0ed5294e

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

360net.dll

67102ccd7809e2f0618110ef6f91d339

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

LiveUpd360.dll

9ab71c60f691691686fa2cf68f2bd7aa

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

PDown.dll

7519d09cbf88ce690d3a6a11187d6e2f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

oauthlogin.exe

8c742e6ffc84ad9a2258aabbd9dbda8a

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

safelive.dll

6b4c1a58dbb9a25578d89521d5d28fce

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

360GameKM.dll

e9a7a7536b181cf7e000e279004e1549

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

GameHallAutoRunExt.dll

b2cb93bf5781ca495b66d43902f6a376

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

InstallGame.exe

de13795c2bada01419e2c607b5070457

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

MiniThunderPlatform.exe

0c8f2b0ee5bf990c6541025e94985c9f

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

XLBugHandler.dll

92154e720998acb6fa0f7bad63309470

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

XLBugReport.exe

67c767470d0893c4a2e46be84c9afcbb

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

atl71.dll

79cb6457c81ada9eb7f2087ce799aaa7

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

dl_peer_id.dll

dba9a19752b52943a0850a7e19ac600a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

download_engine.dll

1a87ff238df9ea26e76b56f34e18402c

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

id.dat

8aa490136347561e8cdc00b3bea71591

ASCII text, with CRLF line terminators

minizip.dll

7fd4f79aca0b09fd3a60841a47ca96e7

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

msvcp71.dll

a94dc60a90efd7a35c36d971e3ee7470

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

msvcr71.dll

ca2f560921b7b8be1cf555a5a18d54c3

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

zlib1.dll

89f6488524eaa3e5a66c5f34f3b92405

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

xldl.dll

40e8d381da7c2badc4b6f0cdb4b5378f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	suspicious	VirusTotal - Scan result 5/61

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
577f20b1ad1240dc12215f4d93e53b8f
4fb6d79b9c4adb8f712073e9662ceae41a4f097c
523bc00bcd3cc12a640ebce3df80c0aed9fc552c4be5bae1831c00b9027ce0c0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "523BC00BCD3CC12A640EBCE3DF80C0AED9FC552C4BE5BAE1831C00B9027CE0C0"
Last-Modified: Wed, 24 Jul 2024 18:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6267
Expires: Sat, 27 Jul 2024 04:05:31 GMT
Date: Sat, 27 Jul 2024 02:21:04 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
559312780d7c69aabb31f612abe74b95
0d0356dc28789b5b2b0164783f2c79b6b7b82f6a
20293009653baaf415bde5c2223feb0a6562281a1dfbcc6af42d844341da6d26

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "20293009653BAAF415BDE5C2223FEB0A6562281A1DFBCC6AF42D844341DA6D26"
Last-Modified: Wed, 24 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15963
Expires: Sat, 27 Jul 2024 06:47:07 GMT
Date: Sat, 27 Jul 2024 02:21:04 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
8f4e7b75de1ed909fa79bbcdafccceac
274c1ea75520a0ea06e19a7e692c034baae2cdc1
62cc974e51b62480f576b53853f8f24bfc873687c02bc23c1713956d4b96c0b1

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "62CC974E51B62480F576B53853F8F24BFC873687C02BC23C1713956D4B96C0B1"
Last-Modified: Wed, 24 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6681
Expires: Sat, 27 Jul 2024 04:12:25 GMT
Date: Sat, 27 Jul 2024 02:21:04 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b1e4e1a92df74669a74711c4eaef2acc
a26f28116849cc857a0e31e3495f659e0cd36ac4
77f9d9afcb4a72b62085fa7ca04adb0007edaec1ab4bde5c4b82272a786a6cad

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "77F9D9AFCB4A72B62085FA7CA04ADB0007EDAEC1AB4BDE5C4B82272A786A6CAD"
Last-Modified: Wed, 24 Jul 2024 18:57:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21581
Expires: Sat, 27 Jul 2024 08:20:45 GMT
Date: Sat, 27 Jul 2024 02:21:04 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
91392416ed946eb8b26810ff46d7e57e
8ce21a441df1ac09da4ebf098eaf47e2d74bbff0
5d153b40d51555b8f2717f7e56bfbe3be25b1b38a18b31715eea4ddff345f98a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D153B40D51555B8F2717F7E56BFBE3BE25B1B38A18B31715EEA4DDFF345F98A"
Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6699
Expires: Sat, 27 Jul 2024 04:12:45 GMT
Date: Sat, 27 Jul 2024 02:21:06 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
91392416ed946eb8b26810ff46d7e57e
8ce21a441df1ac09da4ebf098eaf47e2d74bbff0
5d153b40d51555b8f2717f7e56bfbe3be25b1b38a18b31715eea4ddff345f98a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D153B40D51555B8F2717F7E56BFBE3BE25B1B38A18B31715EEA4DDFF345F98A"
Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6699
Expires: Sat, 27 Jul 2024 04:12:45 GMT
Date: Sat, 27 Jul 2024 02:21:06 GMT
Connection: keep-alive

yxdt.game.keniub.com/newchrome/moduledll.zip

104.192.108.20

200 OK

7.6 MB

URL User Request GET HTTP/1.1
yxdt.game.keniub.com/newchrome/moduledll.zip
IP
104.192.108.20:443
ASN
#55992 Beijing Qihu Technology Company Limited

Certificate
IssuerWoTrus CA Limited
Subject*.dl.keniub.com
FingerprintC5:D9:22:70:7B:0D:FE:6A:29:F0:BF:39:EE:B2:29:0F:23:A1:71:86
ValidityWed, 18 Oct 2023 00:00:00 GMT - Thu, 17 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
7.6 MB (7624109 bytes)
Hash
419d78de82c71c1f211d7a80dd4118ca
d5aacc7bbc0e0a1d8ff8e425a9d7dd93bf52ec3b
72191a0ca2904c23ecc68d08d964cb0fe9902b3370c1faa838569ad52725b019

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 5/61

HTTP Headers

GET /newchrome/moduledll.zip HTTP/1.1
Host: yxdt.game.keniub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 27 Jul 2024 02:21:05 GMT
Content-Type: application/zip
Content-Length: 7624109
Connection: keep-alive
Expires: Sat, 27 Jul 2024 02:31:05 GMT
Last-Modified: Thu, 27 Jun 2024 09:51:03 GMT
Cache-Control: s-maxage=600, max-age=600
KCS-Via: HIT from w-f04.lato;MISS from back-f04.dl.lato;REVALIDATED from w-subsrc01.lato
K-Cache-status: MISS
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (24)

Detections

JavaScript (0)

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP