Report - github.com/LordOfMice/hidusbf/raw/master/hidusbf.zip

Report Overview

Visited public
2025-03-13 22:58:10
Tags
URL
github.com/LordOfMice/hidusbf/raw/master/hidusbf.zip
Finishing URL
about:privatebrowsing
IP / ASN
140.82.121.3
#36459 GITHUB
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2025-03-12	520 B	616 kB	140.82.121.3
raw.githubusercontent.com	35802	2014-02-06	2014-03-01	2025-03-12	531 B	613 kB	185.199.108.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
raw.githubusercontent.com/LordOfMice/hidusbf/master/hidusbf.zip
IP
185.199.108.133
ASN
#54113 FASTLY

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
612 kB (611897 bytes)
Hash
91f9d7834431ccdb8640e6514413bb2e
99e180fabed3f805d4a09e3121dbb53d56883051
ea74eae4f4f074def0328ade4f2414c3090f34e35226d1fdec07dce90f2da7e3

Archive (34)

Filename

Md5

File type

hidusbf.sys

dac9a10c24b1770031c1f29934853422

PE32 executable (native) Intel 80386, for MS Windows, 5 sections

hidusbf.sys

c0c8bdfa88bfaf4552b1c50bedb2e20d

PE32+ executable (native) x86-64, for MS Windows, 5 sections

hidusbf.sys

846d9a8de2927ab31c1a9de2892ea8b9

PE32+ executable (native) x86-64, for MS Windows, 5 sections

hidusbf.sys

c0c8bdfa88bfaf4552b1c50bedb2e20d

PE32+ executable (native) x86-64, for MS Windows, 5 sections

hidusbf.sys

52a628ecc5b5d74f3f9f03fe6fd49c30

PE32+ executable (native) x86-64, for MS Windows, 5 sections

hidusbf.sys

dfe3aeea9e6c889698fe12f5308c810f

PE32+ executable (native) x86-64, for MS Windows, 5 sections

hidusbf.sys

2122564c266a79e73fa73a44523783dc

PE32 executable (native) Intel 80386, for MS Windows, 5 sections

hidusbf.sys

40047c4bbd53b7383134e92175f24296

PE32 executable (native) Intel 80386, for MS Windows, 5 sections

hidusbf.sys

40047c4bbd53b7383134e92175f24296

PE32 executable (native) Intel 80386, for MS Windows, 5 sections

hidusbf.sys

2eaa8605c6f9f511bb28b16f3626c609

PE32 executable (native) Intel 80386, for MS Windows, 5 sections

hidusbf.sys

e20703c1c2a2aa94e6d5eeb48bab62fd

PE32 executable (native) Intel 80386, for MS Windows, 5 sections

HIDUSBF.INF

8ead6929ca01c948532fc16cef6b8591

Windows setup INFormation

HIDUSBFU.INF

f7e4e141e16ce4af4879ebb7644f7992

Windows setup INFormation

sx64.exe

722c4801d445cb49477a6a60aff8e6e8

PE32+ executable (GUI) x86-64, for MS Windows, 4 sections

Setup.exe

d2c32637681ebc9f9dd1835100ce8ca5

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

1kHz.cmd

0e5dfcaaf161c50462df12b8372e87cb

ASCII text, with CRLF line terminators

2kHz-4kHz.cmd

cfa099c407dcc29c80df3cc485eb428a

ASCII text, with CRLF line terminators

4kHz-8kHz.cmd

296b74fb314827ae534c54be7134fe62

ASCII text, with CRLF line terminators

nopatch.cmd

805ac1cd9f18923f83da46466eafe0d9

ASCII text, with CRLF line terminators

README.ENG.TXT

d898178ca79e34c5913e32cc64fc6e65

ASCII text, with CRLF line terminators

README.RUS.TXT

89335e3983e82132c4418739f1e9a7ea

ISO-8859 text, with CRLF line terminators

README.2kHz-8kHz.ENG.TXT

2527b5bd37333e9f70f6bb0f720485a9

ASCII text, with CRLF line terminators

SweetLow.CER

e13a7c82031f70c1d5020507ea6c9895

Certificate, Version=3

HIDUSBF_AS.INF

c35a5bfaa74956c8027065c6f8682a2e

Windows setup INFormation

hidusbf.sys

80ccf44e3dba30d2cdfa47fa9668b582

PE32+ executable (native) x86-64, for MS Windows, 5 sections

hidusbf.sys

80ccf44e3dba30d2cdfa47fa9668b582

PE32+ executable (native) x86-64, for MS Windows, 5 sections

hidusbf.sys

5f878d35ed6ff5cad13e541452d48159

PE32+ executable (native) x86-64, for MS Windows, 5 sections

hidusbf.sys

5d0ad375a58de44190aa2fdd9c928ffa

PE32+ executable (native) x86-64, for MS Windows, 5 sections

hidusbf.sys

d181e1dbca3c62278e179147117ab07b

PE32+ executable (native) x86-64, for MS Windows, 5 sections

hidusbf.sys

7e63622e9796f7aa11b2a739e0f13b0e

PE32 executable (native) Intel 80386, for MS Windows, 5 sections

hidusbf.sys

7e63622e9796f7aa11b2a739e0f13b0e

PE32 executable (native) Intel 80386, for MS Windows, 5 sections

hidusbf.sys

c58d20961263080966233aad2708579a

PE32 executable (native) Intel 80386, for MS Windows, 5 sections

hidusbf.sys

f5e219df22c7a4e784a4e617bc29455b

PE32 executable (native) Intel 80386, for MS Windows, 5 sections

hidusbf.sys

938b58c4a42ee7d7377f46fcb2524e43

PE32 executable (native) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	Scans presence of the found strings using the in-house brute force method
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
VirusTotal	suspicious	VirusTotal - Scan result 3/66

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

github.com/LordOfMice/hidusbf/raw/master/hidusbf.zip

140.82.121.3

302 Found

612 kB

URL User Request GET
github.com/LordOfMice/hidusbf/raw/master/hidusbf.zip
IP
140.82.121.3:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT

File type

Size
612 kB (611897 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /LordOfMice/hidusbf/raw/master/hidusbf.zip HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Thu, 13 Mar 2025 22:57:48 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin: 
location: https://raw.githubusercontent.com/LordOfMice/hidusbf/master/hidusbf.zip
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
x-github-request-id: C89A:A6643:4BD006C:4D89CB2:67D362EB
X-Firefox-Spdy: h2

raw.githubusercontent.com/LordOfMice/hidusbf/master/hidusbf.zip

185.199.108.133

200 OK

612 kB

URL User Request GET
raw.githubusercontent.com/LordOfMice/hidusbf/master/hidusbf.zip
IP
185.199.108.133:443
ASN
#54113 FASTLY

Certificate
IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
612 kB (611897 bytes)
Hash
91f9d7834431ccdb8640e6514413bb2e
99e180fabed3f805d4a09e3121dbb53d56883051
ea74eae4f4f074def0328ade4f2414c3090f34e35226d1fdec07dce90f2da7e3

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/66

HTTP Headers

GET /LordOfMice/hidusbf/master/hidusbf.zip HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
etag: W/"4c5850621132f0234f37435ef155b4fd721501e2102990b812e6761d34730fd0"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 47DD:FC3B1:141B6F8:16BA071:67D362EC
accept-ranges: bytes
date: Thu, 13 Mar 2025 22:57:48 GMT
via: 1.1 varnish
x-served-by: cache-osl6538-OSL
x-cache: MISS
x-cache-hits: 0
x-timer: S1741906669.529115,VS0,VE204
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: ba152f6b6a53af30b0f53eaddcf10d9984a7759e
expires: Thu, 13 Mar 2025 23:02:48 GMT
source-age: 0
content-length: 611897
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (34)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers