Report - riftek.com/upload/iblock/2bd/RF65xSP

Report Overview

Submitted URL
riftek.com/upload/iblock/2bd/RF65xSP_2015.zip
IP
93.125.99.131
ASN
#6697 Republican Unitary Telecommunication Enterprise Beltelecom
Submitted
2024-05-07 10:44:20
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
riftek.com	unknown	2001-01-18	2014-01-17	2024-03-14	499 B	15 MB	93.125.99.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
riftek.com/upload/iblock/2bd/RF65xSP_2015.zip
IP
93.125.99.131
ASN
#6697 Republican Unitary Telecommunication Enterprise Beltelecom

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
15 MB (15445707 bytes)
Hash
4fa0e6859ba375834f4ac73ccda6b581
c4607a48ba4cd7fd76d7acc01e91c9aee325f5c3
89359823aede2ec81a1dd6bf406e0f68b54d97f02fb13eac782513fe1739feec

Archive (28)

Filename

Md5

File type

icudt49.dll

4e2c72dd2879abfa87de3367a79db5ed

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

icuin49.dll

769c1aae92c514fd65846c56aeae48ea

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

icuuc49.dll

65e0fccdb84f9307db30a7e06d51919a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

msvcp100.dll

03e9314004f504a14a61c3d364b62f66

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

msvcr100.dll

67ec459e42d3081dd8fd34356f7cafc1

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

Packet.dll

86316be34481c1ed5b792169312673fd

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Qt5Core.dll

50ead2522464985a0461332da199cd17

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

QtCore4.dll

b082e66661c6ef5e6ac84811dc2e212f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

QtGui4.dll

82742536600a1ca8186df02445beb6d1

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

centr_aktiv_poyarche.png

42c081305c091fab468e8788a7a57439

PNG image data, 100 x 92, 8-bit/color RGBA, interlaced

centr_neaktiv.png

02eb60cd62d71f40a73a310669a8afba

PNG image data, 100 x 92, 8-bit/color RGBA, interlaced

diametr_aktiv_poyarch.png

f6ee7fbd16bdbd734ea909db25f215f5

PNG image data, 100 x 88, 8-bit/color RGBA, interlaced

diametr_neaktiv.png

590274d5605e2005e25fec072e95b959

PNG image data, 100 x 88, 8-bit/color RGBA, interlaced

nozh_aktiv_poyarche.png

72e6c04ebbfc5bd848758511da96ac22

PNG image data, 100 x 94, 8-bit/color RGBA, interlaced

nozh_neaktiv.png

e8c14246cb86bb2d8a5121d4320d7ea2

PNG image data, 100 x 94, 8-bit/color RGBA, interlaced

rascheska_aktiv_poyarch.png

6ca98f314f464e0e7394fca773442c6d

PNG image data, 100 x 88, 8-bit/color RGBA, interlaced

rascheska_neaktiv.png

485a96fa3cc9ac2508d6b78ab174e195

PNG image data, 100 x 88, 8-bit/color RGBA, interlaced

splash.png

d7bbe4cefae0130f72b47666f06497ea

PNG image data, 600 x 166, 8-bit/color RGBA, interlaced

splash_small.ico

38efc14ef3846ac378fee1f63e5c6d82

MS Windows icon resource - 6 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel

splash_small.png

027b98109bdeb599bf97985a0a5511ca

PNG image data, 380 x 105, 8-bit/color RGBA, non-interlaced

��஬�� ⨢��.png

7dc0be2fd857f24d8bd82b9695ecfdb0

PNG image data, 152 x 46, 8-bit/color RGBA, interlaced

��஬�� ⢭��.png

ca8bbd0c5384c8c7c4927a6497a53c49

PNG image data, 152 x 46, 8-bit/color RGBA, interlaced

RF65x.exe

8e0fc2893f02992a3235b6b52ac5ae1f

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

RFDevice.dll

8eec0863512f59525d0ae437a9745bf0

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

RFMath4.dll

8db0dcfbbeccba349187895a1cce6455

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

RFWidgets4.dll

38cd6c4797e15c87eed5402c18bb6b67

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

winpcap.exe

020de63da57e751d98028fa16ae21c42

PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections

wpcap.dll

4633b298d57014627831ccac89a2c50b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	Detect files is `SliverFox` malware

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	riftek.com/upload/iblock/2bd/RF65xSP_2015.zip	93.125.99.131	200 OK	15 MB
URL User Request GET HTTP/2 riftek.com/upload/iblock/2bd/RF65xSP_2015.zip IP 93.125.99.131:443 ASN #6697 Republican Unitary Telecommunication Enterprise Beltelecom Certificate IssuerLet's Encrypt Subjectriftek.com Fingerprint5D:7A:5A:1E:95:4E:5B:6F:50:4C:81:29:A4:71:9F:CF:84:1A:4B:FD ValiditySat, 20 Apr 2024 02:50:08 GMT - Fri, 19 Jul 2024 02:50:07 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 15 MB (15445707 bytes) Hash 4fa0e6859ba375834f4ac73ccda6b581 c4607a48ba4cd7fd76d7acc01e91c9aee325f5c3 89359823aede2ec81a1dd6bf406e0f68b54d97f02fb13eac782513fe1739feec HTTP Headers `GET /upload/iblock/2bd/RF65xSP_2015.zip HTTP/1.1 Host: riftek.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Tue, 07 May 2024 10:43:46 GMT content-type: application/zip content-length: 15445707 last-modified: Tue, 28 Jul 2020 14:15:56 GMT etag: "5f20331c-ebaecb" expires: Mon, 12 Aug 2024 10:43:46 GMT cache-control: max-age=8380800 accept-ranges: bytes X-Firefox-Spdy: h2`

riftek.com/upload/iblock/2bd/RF65xSP_2015.zip

93.125.99.131

200 OK

15 MB

URL User Request GET HTTP/2
riftek.com/upload/iblock/2bd/RF65xSP_2015.zip
IP
93.125.99.131:443
ASN
#6697 Republican Unitary Telecommunication Enterprise Beltelecom

Certificate
IssuerLet's Encrypt
Subjectriftek.com
Fingerprint5D:7A:5A:1E:95:4E:5B:6F:50:4C:81:29:A4:71:9F:CF:84:1A:4B:FD
ValiditySat, 20 Apr 2024 02:50:08 GMT - Fri, 19 Jul 2024 02:50:07 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
15 MB (15445707 bytes)
Hash
4fa0e6859ba375834f4ac73ccda6b581
c4607a48ba4cd7fd76d7acc01e91c9aee325f5c3
89359823aede2ec81a1dd6bf406e0f68b54d97f02fb13eac782513fe1739feec

HTTP Headers

GET /upload/iblock/2bd/RF65xSP_2015.zip HTTP/1.1
Host: riftek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 10:43:46 GMT
content-type: application/zip
content-length: 15445707
last-modified: Tue, 28 Jul 2020 14:15:56 GMT
etag: "5f20331c-ebaecb"
expires: Mon, 12 Aug 2024 10:43:46 GMT
cache-control: max-age=8380800
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (28)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers