Report - www.gx.qiken.cn/gengxin/APlayer.rar

Report Overview

Submitted URL
www.gx.qiken.cn/gengxin/APlayer.rar
IP
27.25.152.241
ASN
#148981 China Telecom
Submitted
2024-05-10 12:59:28
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
8
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.gx.qiken.cn	unknown	unknown	No data	No data	405 B	17 MB	27.25.152.241

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 12:58:56	medium	27.25.152.241	Client IP	ET INFO TLS Handshake Failure
2024-05-10 12:58:56	medium	27.25.152.241	Client IP	ET INFO TLS Handshake Failure
2024-05-10 12:58:56	medium	27.25.152.241	Client IP	ET INFO TLS Handshake Failure
2024-05-10 12:58:56	medium	27.25.152.241	Client IP	ET INFO TLS Handshake Failure
2024-05-10 12:58:57	medium	27.25.152.241	Client IP	ET INFO TLS Handshake Failure
2024-05-10 12:58:57	medium	27.25.152.241	Client IP	ET INFO TLS Handshake Failure
2024-05-10 12:58:57	medium	27.25.152.241	Client IP	ET INFO TLS Handshake Failure
2024-05-10 12:58:57	medium	27.25.152.241	Client IP	ET INFO TLS Handshake Failure

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.gx.qiken.cn/gengxin/APlayer.rar
IP
27.25.152.241
ASN
#148981 China Telecom

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
17 MB (16759720 bytes)
Hash
c668b6732268676576a93971195bd22c
07bf97bc110ed3cf998b17f1bfe164b739e2b45a
0d1d1cf946d855a7ee97ac3248119bf1a4ecf4e5963d40e6b3812c9c0dd2c37c

Archive (22)

Filename

Md5

File type

APlayer.dll

537b2a2a669a96b2d54006461a3e2356

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

APlayerCaller.dll

eef5d312e4a489fa2ab86e8ad419a718

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

atl71.dll

4edd8d74ea48f58d3eca7e9297f19221

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

audioswitcher.dll

c709ba29e8de168ebb70890f89c247d4

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

coreaac.ax

b0ffac757be8d6cc41e1131eb2b0d959

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

d3dx9_43.dll

86e39e9161c3d930d93822f1563c280d

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

evrcp.dll

59f3a84d17bc659e49227c7859c30c32

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

avcodec-58.dll

a2ab4e7698f325fdbac17b6b4ed5ea4b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 8 sections

avfilter-7.dll

fae3602ec5c72728c4ea4e98539b33dc

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

avformat-58.dll

dc11dbb62a2b78138a7f39b597fe149b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

avresample-4.dll

d4320675446737fe869b7cdb3c3d88bc

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

avutil-56.dll

8ee2cd316068e4e073e9c805436fd79b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

lavaudio.dll

b2bb831f9e383b8c8fd534f606e2ad5c

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

lavfilters.dependencies.manifest

453b600fbb836024a890086790617167

XML 1.0 document, ASCII text, with CRLF line terminators

lavsplitter.dll

a1ec4de05f3e949c47392a7db77b3e2b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

lavvideo.dll

e674bebd563fe5f5a996435e6ddeb4bd

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

swresample-3.dll

28529252d11a2508562df5391b7e9212

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

swscale-5.dll

3b8b1d3b867a2ba60697353394a27939

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

mp4splitter.dll

3c391b592636040c78ea5f7bbc72f832

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

msvcr120.dll

034ccadc1c073e4216e9466b720f9849

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

vsfilter.dll

bc2a8ccf60cfac72daf983fc6d27c3df

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ffmpeg.exe

7ec5124af95b5d4b90bf72cc65d53aa1

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_stackstrings
Elastic Security YARA Rules	malware	Linux.Trojan.Rekoobe
VirusTotal	suspicious	VirusTotal - Scan result 2/64

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.gx.qiken.cn/gengxin/APlayer.rar

27.25.152.241

200 OK

17 MB

URL User Request GET HTTP/1.1
www.gx.qiken.cn/gengxin/APlayer.rar
IP
27.25.152.241:80
ASN
#148981 China Telecom

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
17 MB (16759720 bytes)
Hash
c668b6732268676576a93971195bd22c
07bf97bc110ed3cf998b17f1bfe164b739e2b45a
0d1d1cf946d855a7ee97ac3248119bf1a4ecf4e5963d40e6b3812c9c0dd2c37c

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/64

HTTP Headers

GET /gengxin/APlayer.rar HTTP/1.1
Host: www.gx.qiken.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: marco/2.20
Date: Fri, 10 May 2024 12:58:57 GMT
Content-Type: application/x-rar-compressed
Content-Length: 16759720
Connection: keep-alive
X-Request-Id: b1bfc7a0119a6f70a9ac2d37e663497e; 66446203d49ce27da4a9f87636a6d869
X-Source: U/304
X-Upyun-Content-Length: 16759720
ETag: "c668b6732268676576a93971195bd22c"
Last-Modified: Sun, 21 Apr 2024 03:35:11 GMT
X-Upyun-Content-Type: application/x-rar-compressed
X-Slice-Complete-Length: 16759720
X-Slice-ETag: c668b6732268676576a93971195bd22c
X-Slice-Size: 1048576
Expires: Fri, 17 May 2024 10:47:12 GMT
Cache-Control: max-age=691200
Accept-Ranges: bytes
Age: 94305
Via: T.213.H, V.mix-hz-fdi1-217, T.50.H, M.ctn-hb-wds-009

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (22)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers