Report - 7g.sharemods.com/cgi-bin/dl.cgi/heuursz3wynbwelshv5k2l5fan6hypnpm45rbmln4plfi4m6hp3ptma/Fix_Not

Report Overview

Submitted URL
7g.sharemods.com/cgi-bin/dl.cgi/heuursz3wynbwelshv5k2l5fan6hypnpm45rbmln4plfi4m6hp3ptma/Fix_Not_Launch.7z
IP
46.4.85.206
ASN
#24940 Hetzner Online GmbH
Submitted
2024-04-25 20:50:28
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
7g.sharemods.com	unknown	2013-01-31	2018-05-04	2022-12-07	559 B	5.7 MB	46.4.85.206

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
7g.sharemods.com/cgi-bin/dl.cgi/heuursz3wynbwelshv5k2l5fan6hypnpm45rbmln4plfi4m6hp3ptma/Fix_Not_Launch.7z
IP
46.4.85.206
ASN
#24940 Hetzner Online GmbH

File type
7-zip archive data, version 0.4
Size
5.7 MB (5714075 bytes)
Hash
6e318938dab5ad8ae7975fcad7b41e54
6690ce4f569d8db2a332339a3b9cbe57e5f6993f
f7d980de018f5cdee348f0aa1dda3ba5894ca799c6197f7eb4ec02ffde5ae968

Archive (10)

Filename

Md5

File type

SpecOpsTheLine.exe

bcb271c1fbfdbec8742971f4acd5c880

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

language.changer.exe

8bc4d77f066a15f339dce6cd7fcbee37

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

language.changer.ini

ea8f8e55cf6d722c26b0af87ab7f58d4

Generic INItialization configuration [x86]

bassmod.dll

e4ec57e8508c5c4040383ebe6d367928

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

header.jpg

aa927bba55f4ebe94c5bbdfa338fe269

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 460x215, components 3

languages.conf

ded4e7cddeeafb4d9cc9b8d63d1eb64c

ASCII text, with CRLF line terminators

steam_api.cdx

b7f3385125b78eb33877cc76db01a00f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

steam_api.dll

e9ecb1d50df1e8b2fe379d52b9d6ba92

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 3 sections

steam_emu.ini

f2963c2ec9fa0e728df52196abe8bc4d

ISO-8859 text, with CRLF line terminators

steam_emu_t

89e2705686b225edd15ef499f4af8277

ISO-8859 text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	7g.sharemods.com/cgi-bin/dl.cgi/heuursz3wynbwelshv5k2l5fan6hypnpm45rbmln4plfi4m6hp3ptma/Fix_Not_Launch.7z	46.4.85.206	200 OK	5.7 MB
URL User Request GET HTTP/1.1 7g.sharemods.com/cgi-bin/dl.cgi/heuursz3wynbwelshv5k2l5fan6hypnpm45rbmln4plfi4m6hp3ptma/Fix_Not_Launch.7z IP 46.4.85.206:443 ASN #24940 Hetzner Online GmbH Certificate IssuerSectigo Limited Subject.sharemods.com FingerprintEF:09:52:DE:C2:15:9F:BC:95:0E:6E:29:0B:32:73:D2:E7:7E:1C:6E ValidityWed, 04 Oct 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT File type 7-zip archive data, version 0.4 Size 5.7 MB (5714075 bytes) Hash 6e318938dab5ad8ae7975fcad7b41e54 6690ce4f569d8db2a332339a3b9cbe57e5f6993f f7d980de018f5cdee348f0aa1dda3ba5894ca799c6197f7eb4ec02ffde5ae968 HTTP Headers GET /cgi-bin/dl.cgi/heuursz3wynbwelshv5k2l5fan6hypnpm45rbmln4plfi4m6hp3ptma/Fix_Not_Launch.7z HTTP/1.1 Host: 7g.sharemods.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 20:49:58 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.40 Access-Control-Allow-Origin: Content-Disposition: attachment Content-Transfer-Encoding: binary Content-length: 5714075 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/octet-stream`

7g.sharemods.com/cgi-bin/dl.cgi/heuursz3wynbwelshv5k2l5fan6hypnpm45rbmln4plfi4m6hp3ptma/Fix_Not_Launch.7z

46.4.85.206

200 OK

5.7 MB

URL User Request GET HTTP/1.1
7g.sharemods.com/cgi-bin/dl.cgi/heuursz3wynbwelshv5k2l5fan6hypnpm45rbmln4plfi4m6hp3ptma/Fix_Not_Launch.7z
IP
46.4.85.206:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerSectigo Limited
Subject*.sharemods.com
FingerprintEF:09:52:DE:C2:15:9F:BC:95:0E:6E:29:0B:32:73:D2:E7:7E:1C:6E
ValidityWed, 04 Oct 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT

File type
7-zip archive data, version 0.4
Size
5.7 MB (5714075 bytes)
Hash
6e318938dab5ad8ae7975fcad7b41e54
6690ce4f569d8db2a332339a3b9cbe57e5f6993f
f7d980de018f5cdee348f0aa1dda3ba5894ca799c6197f7eb4ec02ffde5ae968

HTTP Headers

GET /cgi-bin/dl.cgi/heuursz3wynbwelshv5k2l5fan6hypnpm45rbmln4plfi4m6hp3ptma/Fix_Not_Launch.7z HTTP/1.1
Host: 7g.sharemods.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 20:49:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.40
Access-Control-Allow-Origin: *
Content-Disposition: attachment
Content-Transfer-Encoding: binary
Content-length: 5714075
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/octet-stream

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (10)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers