Report - www.sidiary.org/download/driver/ZeroClickDriverLinus.zip

Report Overview

Submitted URL
www.sidiary.org/download/driver/ZeroClickDriverLinus.zip
IP
52.169.206.2
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2024-05-07 22:19:19
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
status.geotrust.com	3662	1999-04-04	2017-12-01	2024-05-06	662 B	1.5 kB	192.229.221.95
www.sidiary.org	unknown	2004-01-05	2012-07-22	2021-01-25	1.1 kB	2.2 MB	52.169.206.2
diabetes.sinovo.net	unknown	2002-06-06	2012-12-19	2021-01-25	588 B	608 B	52.169.206.2

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.sidiary.org/DownloadM/driver/ZeroClickDriverLinus.zip
IP
52.169.206.2
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
2.2 MB (2151420 bytes)
Hash
e3ce5adeeb3c9cd16c2d38755c72c3d8
48545392c886e4e265dd5c07c401e1efbffee8e2
4e3a6c72efe57815d0db5f6005d05f26d66cccb76eee3ea5c7d6c88b06a8a2b7

Archive (31)

Filename

Md5

File type

autorun.inf

11baa39034abc3996ef8ff9d1b092d11

Microsoft Windows Autorun file

driver.ico

ab0b08fc093b0e66fb83f8352fad1f4e

MS Windows icon resource - 12 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel

setup.exe

7efea1a39e379ceaa8837d4fcdf30dc2

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

setup.ini

1a519e3b9a939b8ff742ad88fa1e13ed

ASCII text, with CRLF line terminators

slabbus.sys

00746035c28e913fb14bc0c94205c863

PE32 executable (native) Intel 80386 (stripped to external PDB), for MS Windows, 5 sections

slabcm95.sys

bac2cbc67921eb448cea64a2a15ed4e4

PE32 executable (native) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections

slabcmnt.sys

fb3375a448011f0d1c83d662fabe0981

PE32 executable (native) Intel 80386 (stripped to external PDB), for MS Windows, 5 sections

slabcomm.vxd

e1edba5ac20055047092f753b77b5c36

MS-DOS executable, LE executable for MS Windows (VxD)

slabcr.sys

56b42c306b2ba9bdee0c22264fd6119d

PE32 executable (native) Intel 80386 (stripped to external PDB), for MS Windows, 6 sections

slabser.sys

c471a21df9a26deb2ff5e8eccb4db622

PE32 executable (native) Intel 80386 (stripped to external PDB), for MS Windows, 5 sections

slabvcd.vxd

94f25c4fdee65de608a1704d6846f81b

MS-DOS executable, LE executable for MS Windows (VxD)

slabvcr.vxd

2c91fc55a0d4b3d77842240b50514c25

MS-DOS executable, LE executable for MS Windows (VxD)

slabvxd.inf

4ded6613de538f75ee41050aad488a47

Windows setup INFormation

slabwh95.sys

72a4a69170026bbaac104bdcdd923b06

PE32 executable (native) Intel 80386 (stripped to external PDB), for MS Windows, 6 sections

slabwhnt.sys

69b7b6fbff4f453dbfa181335979424b

PE32 executable (native) Intel 80386 (stripped to external PDB), for MS Windows, 5 sections

zclkbus.inf

020b3c17f1b29a2e0a5060ec3e259490

Windows setup INFormation

zclkun.exe

bccd37332c31e8461ac1138879c3c005

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

zclkun.u2k

2e5a42490f1d35699f70fd5b4fe6abf6

ASCII text, with CRLF line terminators

zclkun.u98

cab61864a9a7035cb5c3dfd1fbbd6c81

ASCII text, with CRLF line terminators

zclkun2k.exe

44c6dc2b49f766fee3fa8f9f2598c734

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

zclkw2k.inf

686de481afdac706ac78731d8c71e393

Windows setup INFormation

zclkwdm.inf

79769732249f90a07ce409465c0aa889

Windows setup INFormation

CP210xVCPInstaller_x64.exe

b3766c35b387ae1a624fc5e83a01e224

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

dpinst.xml

866cdf5731f9b642ab907bea0db6eec0

XML 1.0 document, ASCII text, with CRLF line terminators

ReleaseNotes.txt

f201653f04bcfc82d33e1e8600a15d31

ASCII text, with CRLF line terminators

Silabs_License_Agreement.txt

5e871e45a92887d87d045b6377710e5f

ASCII text, with very long lines (957), with CRLF line terminators

slabvcp.inf

5a54aac592d2a63c9e720cf6f432f146

Windows setup INFormation

silabenm.sys

7799106fee728b907a86d9c9751e02d5

PE32+ executable (native) x86-64, for MS Windows, 8 sections

silabser.sys

db394fdaa383d05538c02a7299eb0ff9

PE32+ executable (native) x86-64, for MS Windows, 10 sections

WdfCoInstaller01009.dll

4da5da193e0e4f86f6f8fd43ef25329a

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

Readme_64Bit.txt

7ed33d5b145ba3e91b0730c9482b27f7

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (5)

	URL	IP	Response	Size
	status.geotrust.com/	192.229.221.95		471 B
URL status.geotrust.com/ IP 192.229.221.95:0 ASN #15133 EDGECAST File type data Size 471 B (471 bytes) Hash 0e0f806bd7c997154f3ab3de6b61f106 6d6a146ca1d2d5d9bf6edf995b10839eb6153fcc 1f065d1d38282fc5f01b76b3e6cbd2f0e6171e2a5af2eea2553fdbbc795294dc HTTP Headers `POST / HTTP/1.1 Host: status.geotrust.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Accept-Ranges: bytes Age: 3 Cache-Control: max-age=7200 Content-Type: application/ocsp-response Date: Tue, 07 May 2024 22:18:53 GMT Last-Modified: Tue, 07 May 2024 22:18:50 GMT Server: ECAcc (ska/F775) X-Cache: HIT Content-Length: 471`

	www.sidiary.org/download/driver/ZeroClickDriverLinus.zip	52.169.206.2	302 Object moved	271 B
URL User Request GET HTTP/1.1 www.sidiary.org/download/driver/ZeroClickDriverLinus.zip IP 52.169.206.2:443 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Certificate IssuerDigiCert Inc Subjectsidiary.org Fingerprint44:98:77:34:FE:AD:BA:26:A4:90:FF:44:97:CE:2F:E5:D9:21:D8:A8 ValidityMon, 06 Nov 2023 00:00:00 GMT - Fri, 22 Nov 2024 23:59:59 GMT File type HTML document, ASCII text Size 271 B (271 bytes) Hash 90651db1f7f89471b23702dc6ec1499b 64fe04149df8d597452f4b6ab8476fd29bb9ae98 751568076e0c8a6d07a98fff819f6a6a32ab60c30ad49303f5983cd42c71ed76 HTTP Headers `GET /download/driver/ZeroClickDriverLinus.zip HTTP/1.1 Host: www.sidiary.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 302 Object moved Cache-Control: private Content-Type: text/html Location: https://diabetes.sinovo.net/dlc.aspx?s=https://www.sidiary.org/DownloadM/driver/ZeroClickDriverLinus.zip&dk=driver/ZeroClickDriverLinus.zip&r= Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDAGSTAAQD=KHDOMOABHEFECAICHPABJLHA; secure; path=/ X-Powered-By: Hello World X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin X-Xss-Protection: 1; mode=block Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Tue, 07 May 2024 22:18:52 GMT Content-Length: 271

	status.geotrust.com/	192.229.221.95		471 B
URL status.geotrust.com/ IP 192.229.221.95:0 ASN #15133 EDGECAST File type data Size 471 B (471 bytes) Hash 83f6571a802a4e570d84dfc09242bdaa 9d1f703fe153824bf4c01fa0b43eb2ef7216479d 147b4d8a62a59814ed574a716f56b541f77aca12eb132002a5f3234b949202ce HTTP Headers `POST / HTTP/1.1 Host: status.geotrust.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Accept-Ranges: bytes Age: 2 Cache-Control: max-age=7200 Content-Type: application/ocsp-response Date: Tue, 07 May 2024 22:18:53 GMT Last-Modified: Tue, 07 May 2024 22:18:51 GMT Server: ECAcc (ska/F756) X-Cache: HIT Content-Length: 471`

	diabetes.sinovo.net/dlc.aspx?s=https://www.sidiary.org/DownloadM/driver/ZeroClickDriverLinus.zip&dk=driver/ZeroClickDriverLinus.zip&r=	52.169.206.2	302 Found	182 B
URL User Request GET HTTP/1.1 diabetes.sinovo.net/dlc.aspx?s=https://www.sidiary.org/DownloadM/driver/ZeroClickDriverLinus.zip&dk=driver/ZeroClickDriverLinus.zip&r= IP 52.169.206.2:443 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Certificate IssuerDigiCert Inc Subjectsinovo.net FingerprintE1:C2:BB:68:0C:00:13:C4:10:52:BA:74:50:80:49:63:1B:06:C4:DE ValidityMon, 13 Nov 2023 00:00:00 GMT - Tue, 26 Nov 2024 23:59:59 GMT File type HTML document, ASCII text, with CRLF line terminators Size 182 B (182 bytes) Hash 1cfb93fa44780500088ca3f1a4b7f2e5 483be5871895b9f5e9d6134c44f2468998259433 57139c62e1e3b061d076a90976f95ab59325f7c7be83a6b4db5f0b1a035b354c HTTP Headers GET /dlc.aspx?s=https://www.sidiary.org/DownloadM/driver/ZeroClickDriverLinus.zip&dk=driver/ZeroClickDriverLinus.zip&r= HTTP/1.1 Host: diabetes.sinovo.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: https://www.sidiary.org/DownloadM/driver/ZeroClickDriverLinus.zip Server: Microsoft-IIS/8.5 X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin X-Xss-Protection: 1; mode=block Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Tue, 07 May 2024 22:18:52 GMT Content-Length: 182`

	www.sidiary.org/DownloadM/driver/ZeroClickDriverLinus.zip	52.169.206.2	200 OK	2.2 MB
URL User Request GET HTTP/1.1 www.sidiary.org/DownloadM/driver/ZeroClickDriverLinus.zip IP 52.169.206.2:443 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Certificate IssuerDigiCert Inc Subjectsidiary.org Fingerprint44:98:77:34:FE:AD:BA:26:A4:90:FF:44:97:CE:2F:E5:D9:21:D8:A8 ValidityMon, 06 Nov 2023 00:00:00 GMT - Fri, 22 Nov 2024 23:59:59 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 2.2 MB (2151420 bytes) Hash e3ce5adeeb3c9cd16c2d38755c72c3d8 48545392c886e4e265dd5c07c401e1efbffee8e2 4e3a6c72efe57815d0db5f6005d05f26d66cccb76eee3ea5c7d6c88b06a8a2b7 HTTP Headers GET /DownloadM/driver/ZeroClickDriverLinus.zip HTTP/1.1 Host: www.sidiary.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Cookie: ASPSESSIONIDAGSTAAQD=KHDOMOABHEFECAICHPABJLHA Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Content-Type: application/x-zip-compressed Last-Modified: Thu, 15 Nov 2012 10:16:19 GMT Accept-Ranges: bytes ETag: "405c30411ac3cd1:0" Server: Microsoft-IIS/8.5 X-Powered-By: Hello World X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin X-Xss-Protection: 1; mode=block Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Tue, 07 May 2024 22:18:52 GMT Content-Length: 2151420`

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (31)

Detections

JavaScript (0)

HTTP Transactions (5)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers