Report Overview
Visitedpublic
2025-05-12 20:29:24
Tags
Submit Tags
URL
sk-data.special-k.info/redist/WinRing0_32.7z
Finishing URL
about:privatebrowsing
IP / ASN
104.18.42.227
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0

Host Summary

HostRankRegisteredFirst SeenLast Seen
sk-data.special-k.info
unknown2020-07-282020-08-032025-05-09

Related reports

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected


OpenPhish

No alerts detected


PhishTank

No alerts detected


Quad9 DNS

No alerts detected


ThreatFox

No alerts detected


File detected

URL
sk-data.special-k.info/redist/WinRing0_32.7z
IP / ASN
172.64.145.29
#13335 CLOUDFLARENET
File Overview
File Type7-zip archive data, version 0.4
Size33 kB (33430 bytes)
MD5f7d441d534b37441b08bdd1a6c4642b5
SHA194921471ec82ad1222a2524030b8f6c00b8844ee
Archive (4)
FilenameMD5File type
WinRing0.dllee9de580406199f0f6789e90c68e2fc5PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections
WinRing0.sys845af1ba23c8d5e64def61bcc441604cPE32 executable (native) Intel 80386, for MS Windows, 6 sections
WinRing0x64.dll168625537e17442935de4ab929f4e7e3PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections
WinRing0x64.sys0c0195c48b6b8582fa6f6373032118daPE32+ executable (native) x86-64, for MS Windows, 6 sections

Detections

AnalyzerVerdictAlert
Public Nextron YARA rulesmalware
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - WinRing0x64.sys
YARAhub by abuse.chmalware
signed_sys_with_vulnerablity
Public Nextron YARA rulesmalware
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - WinRing0x64.sys
YARAhub by abuse.chmalware
signed_sys_with_vulnerablity
VirusTotalsuspicious
VirusTotal - Scan result 1/60

JavaScript (0)

HTTP Transactions (1)

URLIPResponseSize