Report - www.networktunnel.net/dwn/supersocks5cap.zip

Report Overview

Visitedpublic

2024-08-20 19:44:57

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.networktunnel.net	unknown	2009-05-03	2012-05-21 05:09:40	2024-03-18 02:58:10	414 B	5.1 MB	198.12.234.106
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-08-19 18:12:02	2.0 kB	5.3 kB	23.36.76.226
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-08-19 18:12:03	981 B	2.7 kB	23.36.76.243

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

www.networktunnel.net/dwn/supersocks5cap.zip

IP / ASN

198.12.234.106

#26496 AS-26496-GO-DADDY-COM-LLC

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size5.1 MB (5052464 bytes)

MD5195fc1dd4a96e96dceae1e9c8c9f70ef

SHA127d853da3730c8339a2d8f4edefd0a52996536ad

SHA2567145989278c1b77738071cdfc4b7b02953a6dcada4fdde13b818d436c1cbe6d8

Archive (26)

Modified	Filename	Size	MD5	File type
2007-02-17 01:49	devconia64.exe	70 kB	20f619ebb6d10ee6a5c164d7dfd36f32	PE32+ executable (console) x86-64, for MS Windows, 4 sections
2011-12-26 10:34	devconx86.exe	56 kB	f512a399167e9c81aa4ff40617a1d06d	PE32 executable (console) Intel 80386, for MS Windows, 3 sections
2011-05-09 10:32	gamesetuphelp.txt	1.9 kB	c99c1e05aa203a8a818f921f6fa4e172	ASCII text, with CRLF line terminators
2013-05-08 14:05	lang_936.xml	58 kB	9274054a80225ddacb77aa670a583b27	XML 1.0 document, ISO-8859 text, with very long lines (55640), with CRLF line terminators
2013-05-08 14:05	lang_950.xml	57 kB	6de2f7bb3c1b2c98f8752ddca38f0d81	XML 1.0 document, ISO-8859 text, with very long lines (57314), with CRLF line terminators
2012-09-25 22:16	lang_default.xml	70 kB	9dd606ae0aad97af97ca2c6b7c03cb39	XML 1.0 document, ASCII text, with very long lines (1133), with CRLF line terminators
2001-07-26 14:17	libeay32.dll	692 kB	263af932c3d1a8a876f122e32498e058	PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections
2020-05-03 21:30	networkdll.dll	493 kB	744044c87f6df272b882786f9e7faffa	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections
2020-05-03 21:29	networkdlllsp.dll	464 kB	6b61046909dbcf9a0b51b978977a98dc	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections
2020-05-07 17:34	networkdllx64.dll	1.8 MB	3f575fc6239394f84d1a595690e14758	PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 10 sections
2019-11-20 03:10	networkdllx64_L.dll	223 kB	b10fea334255fd4b83192b97e38ca6ac	PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 10 sections
2019-11-20 03:10	networkdll_L.dll	178 kB	2a6440b7b91dde91c4c54aa918dab460	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections
2019-11-20 20:27	networktunneldrv.dat	73 kB	82e6f79bde4a63b88c3e79107eaed719	PE32 executable (native) Intel 80386, for MS Windows, 6 sections
2019-11-20 20:27	networktunnelx64.sys	91 kB	b5612580119e64d1228e1b8007a5eaf2	PE32+ executable (native) x86-64, for MS Windows, 6 sections
2019-06-20 11:06	networktunnelx64helper.exe	1.8 MB	e6ab0371c029a2c978c3e6a1af09b654	PE32+ executable (GUI) x86-64, for MS Windows, 11 sections
2020-09-18 11:22	plinkforss5.exe	537 kB	805fd3faf6fef9e025417d290958556d	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 6 sections
2020-09-18 11:18	RunProgInSS5Cmd.exe	191 kB	925e027e68ca62e458234c61b52b7134	PE32 executable (console) Intel 80386, for MS Windows, 8 sections
2018-01-09 11:04	sntutils.dll	228 kB	03cdfc4b82d3258d0162b201db27e9ea	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 8 sections
2018-01-09 11:04	sntx64tool.dll	351 kB	991dff173776a13e459a939f18c6acd0	PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections
2020-09-18 14:13	socks.dat	23 kB	9d921c94f0619a5fae2a6d6e45e67416	data
2011-08-02 21:01	socks5cap.chm	452 kB	fa52b45efbf12d050ea1caada6e8ac1f	MS Windows HtmlHelp Data
2001-07-26 14:18	ssleay32.dll	152 kB	4b0465c7e934fa0ef98cf663f5bca74b	PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections
2020-09-18 11:47	SuperSocks5cap.exe	3.0 MB	77c532e1b860b781f73510c9c8e669ee	PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
2011-08-02 21:10	supersocks5cap_readme.txt	401 B	a204ee4f01cf6d0917bfca876096e85b	ASCII text, with CRLF line terminators
2020-09-18 11:17	SuperSocks5Cap_RunAsAdmin.exe	409 kB	24f8d60ece0e52951664c64e79f9f522	PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
2020-09-18 11:29	ToolPrj.exe	603 kB	ee1fbf6fc08126116da5997b69e02ca0	PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	meth_stackstrings
VirusTotal	suspicious	VirusTotal - Scan result 1/45

JavaScript (0)

HTTP Transactions (10)

	URL	IP	Response	Size