| www.wireshark.org/download/win32/all-versions/wireshark-setup-1.0.1.exe |  172.67.75.39 | 200 OK | 22 MB |
URL User Request GET www.wireshark.org/download/win32/all-versions/wireshark-setup-1.0.1.exe IP172.67.75.39:443
CertificateIssuerGoogle Trust Services Subjectwireshark.org Fingerprint32:0F:40:F6:32:37:6F:EC:DC:7A:DD:CF:04:36:12:9C:DB:EC:D4:56 ValidityTue, 07 Jan 2025 11:51:06 GMT - Mon, 07 Apr 2025 12:50:43 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections Size22 MB (22212707 bytes) Hashaec6dda6e5d165aa7023289f4a95b445 9f81be9d7afbc0d175998a753960550b99604cd3 255171030040cfc8dd9c55028b77969599a7e8153e0c911ce752fabe4560c448
| Analyzer | Verdict | Alert |
|---|
| YARAhub by abuse.ch | malware | Detect pe file that no import table |
GET /download/win32/all-versions/wireshark-setup-1.0.1.exe HTTP/1.1
Host: www.wireshark.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 07 Mar 2025 07:07:02 GMT
content-type: application/x-msdos-program
content-length: 22212707
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-slogan: Go deep., Go deep.
last-modified: Mon, 30 Jun 2008 23:17:33 GMT
etag: "152f063-450ea76d3bd40"
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://*.googletagmanager.com https://conference.wireshark.org https://ticketing.wireshark.org; connect-src 'self' https://cloudflareinsights.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ticketing.wireshark.org; style-src 'self' 'unsafe-inline' https://ticketing.wireshark.org; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://ipv6.google.com https://ipv4.google.com https://ticketing.wireshark.org; media-src data:; font-src 'self' https:; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://ticketing.wireshark.org; report-uri https://wiresharkfoundation.uriports.com/reports/report; report-to default
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Platform, Sec-CH-UA-WoW64
cache-control: public, max-age=14400, s-maxage=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bq6WEoQ%2FkPn1A876JASnTe4SBrtHJ5R%2BSTujHFOc0QdWgGpH0Yfp9cBQ7zQnLFfAzRHBEaBVVcbgJRqKMFxNwO%2FHodcrwRLcBmf9q5lTS8Kfq%2FeS4I570JGsRabjoB7xATnx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91c840e6390f5694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6044&min_rtt=608&rtt_var=10744&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3201&recv_bytes=1165&delivery_rate=3844247&cwnd=254&unsent_bytes=0&cid=c69b44b00dd264ed&ts=704&x=0"
X-Firefox-Spdy: h2
|