Report - qiliu.shenzaokeji.com/player/windows/SZPlayer%2024.12.531.0.exe

Report Overview

Visited public
2025-01-26 06:16:55
Tags
URL
qiliu.shenzaokeji.com/player/windows/SZPlayer%2024.12.531.0.exe
Finishing URL
about:privatebrowsing
IP / ASN
183.60.150.16
#4134 Chinanet
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
qiliu.shenzaokeji.com	unknown	2016-08-23	2023-03-13	2023-03-13	433 B	19 MB	180.97.188.19

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-01-26 06:16:29	medium	180.97.188.19	Client IP	ET INFO TLS Handshake Failure
2025-01-26 06:16:30	medium	110.40.32.156	Client IP	ET INFO TLS Handshake Failure
2025-01-26 06:16:30	medium	180.97.188.19	Client IP	ET INFO TLS Handshake Failure
2025-01-26 06:16:31	high	180.97.188.19	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP
2025-01-26 06:16:31	low	180.97.188.19	Client IP	ET INFO EXE - Served Inline HTTP

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-01-26	medium	qiliu.shenzaokeji.com/player/windows/SZPlayer%2024.12.531.0.exe	Detect pe file that no import table

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
qiliu.shenzaokeji.com/player/windows/SZPlayer%2024.12.531.0.exe
IP
180.97.188.19
ASN
#137697 CHINATELECOM JiangSu YangZhou IDC networkdescr: YangZhouJiangsu Province, P.R.China.

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
Size
19 MB (19008155 bytes)
Hash
0e46b7817338a276a15d9fc0b2f853c9
24443a584e321fe795c4c58f62f03ae4f7ff0e52
470cd7659af05ae0469701bcf96c748227ed6a8c38a79a676b0662330b175aaa

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table
ClamAV	malicious	Win.Dropper.Detected-10010321-0

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

qiliu.shenzaokeji.com/player/windows/SZPlayer%2024.12.531.0.exe

180.97.188.19

200 OK

19 MB

URL User Request GET HTTP/1.1
qiliu.shenzaokeji.com/player/windows/SZPlayer%2024.12.531.0.exe
IP
180.97.188.19:80
ASN
#137697 CHINATELECOM JiangSu YangZhou IDC networkdescr: YangZhouJiangsu Province, P.R.China.

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
Size
19 MB (19008155 bytes)
Hash
0e46b7817338a276a15d9fc0b2f853c9
24443a584e321fe795c4c58f62f03ae4f7ff0e52
470cd7659af05ae0469701bcf96c748227ed6a8c38a79a676b0662330b175aaa

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table
ClamAV	malicious	Win.Dropper.Detected-10010321-0

NIDS	Severity	Alert
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP
suricata	low	ET INFO EXE - Served Inline HTTP

HTTP Headers

GET /player/windows/SZPlayer%2024.12.531.0.exe HTTP/1.1
Host: qiliu.shenzaokeji.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Sun, 26 Jan 2025 06:16:31 GMT
Content-Type: application/x-msdownload
Content-Length: 49174264
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Access-Control-Max-Age: 2592000
Age: 2607961
Cache-Control: public, max-age=99999999
Content-Disposition: inline; filename="SZPlayer 24.12.531.0.exe"; filename*=utf-8''SZPlayer%2024.12.531.0.exe
Content-Md5: arGg/uq3NfCAj+JGXyYytQ==
Content-Transfer-Encoding: binary
Etag: "lpdsQk8q_wf7OgpEjZ_70xIz_ZnC"
Last-Modified: Fri, 27 Dec 2024 01:48:28 GMT
X-Log: X-Log
X-M-Log: QNM:yzh394;QNM3
X-M-Reqid: mpq5z0YjS
X-Qiniu-Zone: 2
X-Qnm-Cache: Hit
X-Reqid: eQsAAACd3rif5RQY
X-Svr: IO

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers