Report - update.arcgames.com/arc2/Arc2Update_202402042211

Report Overview

Submitted URL
update.arcgames.com/arc2/Arc2Update_202402042211_b.zip
IP
23.36.79.25
ASN
#20940 Akamai International B.V.
Submitted
2024-05-02 13:19:25
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
update.arcgames.com	unknown	2006-07-16	2020-02-29	2022-09-09	508 B	18 MB	23.36.79.25

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
update.arcgames.com/arc2/Arc2Update_202402042211_b.zip
IP
23.36.79.25
ASN
#20940 Akamai International B.V.

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
18 MB (17555379 bytes)
Hash
d5efa86116e4d4ccaead6e5803a6be99
42e59631117b980d6edd25889c00e8095886e63c
c289712f0e98c61c130a7b3f85dd222fc23fce6646ecfa8f905a9399d666f633

Archive (22)

Filename

Md5

File type

Arc.exe

8598336220b3ce411d2c1f7b00271400

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

ArcChat.exe

700bd2ff8cd4ef06f31b88f4d2edb684

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

ArcDepends.exe

658e3e8176c98de0578287bb630a88a2

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ArcErrRep.exe

9b53a443e2b2237199ed35940340fa65

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ArcLauncher.exe

75da9d3c462099fd9c53fefb495d35e7

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ArcOSBrowser.exe

8f76357e9e0c82fab68cf74a4c6df7cd

PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections

ArcOSOverlay.exe

75cb16c7f942869f30c6207e990a83a0

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ArcOverlayStub.dll

4eb0f4bef2d18f94a7e0aa399ce525f1

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

ArcOverlayStub_64.dll

a314ed9fd27680f870771426ef775195

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 9 sections

ArcRepair.exe

c3dd12a910bef63823751a4f1b5c86ce

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ArcSDK.dll

a743e2fe63d11f2b726bf2755284703b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

ArcSDK_64.dll

869741b02295301595313b1fbdeaccf3

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

ArcService.exe

48f9cb2c8f847d98b20155c7de0d239c

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ArcSteamHelper.exe

3fd80fd2ab96ed549d15d1cb03e34b83

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ArcUpdate.exe

fff1aba716f027213e576adb0a87e3ef

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

ArcZone.dll

6a7aa1859b01e2a1966c8b24ce83ddd6

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

CfgFileList.xml

affd8fd7b2d103501a34eaeb4ff75a70

XML 1.0 document, ASCII text

Config.ini

29095a452c1e8f57788d3b0e0856480a

ASCII text

CoreUI.dll

25598b50b0a80fe8f33334db21698e55

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

HttpDownloader.dll

4dbc8ed9ad68e4b1c3c56aeacb666ab2

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

SonicUI.dll

b7b58efda8f6d34cc7cb43d664b59ec8

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

version.ini

6063dc5d0a00e8fd3609dd3a1c58b2e6

ASCII text, with CRLF, LF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	update.arcgames.com/arc2/Arc2Update_202402042211_b.zip	23.36.79.25	200 OK	18 MB
URL User Request GET HTTP/2 update.arcgames.com/arc2/Arc2Update_202402042211_b.zip IP 23.36.79.25:443 ASN #20940 Akamai International B.V. Certificate IssuerDigiCert Inc Subjectsf.gearboxpublishing.com FingerprintD6:64:C6:9B:8B:18:51:A6:A1:B9:FB:5E:A7:79:47:EF:97:0E:9D:40 ValidityMon, 17 Jul 2023 00:00:00 GMT - Fri, 19 Jul 2024 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 18 MB (17555379 bytes) Hash d5efa86116e4d4ccaead6e5803a6be99 42e59631117b980d6edd25889c00e8095886e63c c289712f0e98c61c130a7b3f85dd222fc23fce6646ecfa8f905a9399d666f633 HTTP Headers `GET /arc2/Arc2Update_202402042211_b.zip HTTP/1.1 Host: update.arcgames.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx content-type: application/zip last-modified: Mon, 05 Feb 2024 06:22:06 GMT etag: "65c07e8e-10bdfb3" content-length: 17555379 cache-control: must-revalidate, max-age=21550 expires: Thu, 02 May 2024 19:18:02 GMT date: Thu, 02 May 2024 13:18:52 GMT X-Firefox-Spdy: h2`

update.arcgames.com/arc2/Arc2Update_202402042211_b.zip

23.36.79.25

200 OK

18 MB

URL User Request GET HTTP/2
update.arcgames.com/arc2/Arc2Update_202402042211_b.zip
IP
23.36.79.25:443
ASN
#20940 Akamai International B.V.

Certificate
IssuerDigiCert Inc
Subjectsf.gearboxpublishing.com
FingerprintD6:64:C6:9B:8B:18:51:A6:A1:B9:FB:5E:A7:79:47:EF:97:0E:9D:40
ValidityMon, 17 Jul 2023 00:00:00 GMT - Fri, 19 Jul 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
18 MB (17555379 bytes)
Hash
d5efa86116e4d4ccaead6e5803a6be99
42e59631117b980d6edd25889c00e8095886e63c
c289712f0e98c61c130a7b3f85dd222fc23fce6646ecfa8f905a9399d666f633

HTTP Headers

GET /arc2/Arc2Update_202402042211_b.zip HTTP/1.1
Host: update.arcgames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/zip
last-modified: Mon, 05 Feb 2024 06:22:06 GMT
etag: "65c07e8e-10bdfb3"
content-length: 17555379
cache-control: must-revalidate, max-age=21550
expires: Thu, 02 May 2024 19:18:02 GMT
date: Thu, 02 May 2024 13:18:52 GMT
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (22)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers