Report - ftpmirror1.infania.net/pub/pc/utilprog/pestudio.zip

Report Overview

Visitedpublic

2025-05-08 20:55:13

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
ftpmirror1.infania.net	unknown	2005-09-28	2020-03-12	2025-05-05	519 B	980 kB	194.132.225.213

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

ftpmirror1.infania.net/pub/pc/utilprog/pestudio.zip

IP / ASN

194.132.225.213

#48803 Mediateknik i Varberg AB

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size980 kB (979718 bytes)

MD52c51a13a6c042d346eac579dda6bedbf

SHA1ab00cf7506ae6904592672ce6e67e3f6c9ed714a

SHA256233c6dfc69d452ecb9b50dd3f84f643e9d312035081385136c5b44a9b26e7b9c

Archive (15)

Modified	Filename	Size	MD5	File type
2015-03-06 05:41	AddToShell.reg	478 B	44c58d263e80a790741983f8ab7f582b	Windows Registry little-endian text (Win2K or above)
2020-12-17 09:23	changes.log	13 kB	3fb42c3c908e5994b8497232ecadf22a	ASCII text, with CRLF line terminators
2020-12-26 07:06	peparser.dll	1.0 MB	a647838808db3c4565576701ab36f03a	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections
2020-12-26 07:05	pestudio.exe	598 kB	651b0412b5b0cb4ebca4c636a8d7caaf	PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
2015-03-06 05:42	RemoveFromShell.reg	112 B	0ded085325dfa9b82fc98fbce96b2f72	Unicode text, UTF-16, little-endian text, with CRLF line terminators
2020-12-23 00:18	functions.xml	509 kB	1cc9bb1206efee5be70729ed1759891c	exported SGML document, ASCII text, with CRLF line terminators
2020-12-25 13:13	indicators.xml	18 kB	2763cd21038c4a2078e868c2eedf2f32	exported SGML document, ASCII text, with CRLF line terminators
2019-04-27 10:19	languages.xml	20 kB	e3f9a0cce4910bd79ef75d4229d4436a	exported SGML document, ASCII text, with CRLF line terminators
2020-10-09 08:48	mitre.xml	16 kB	3cc78a8cc133afe2284d31021c591596	exported SGML document, ASCII text, with CRLF line terminators
2020-12-25 05:19	rich-header.xml	30 kB	22e8370dedfcfe0d7907f83d47ee62b4	exported SGML document, ASCII text, with CRLF line terminators
2020-12-23 03:47	settings.xml	5.1 kB	88aebc30226a276f657f94b42139fd23	exported SGML document, ASCII text, with CRLF line terminators
2019-05-04 07:16	signatures.xml	1.3 MB	401c762357963bfa846ff69d3567cdc8	exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1639), with CRLF line terminators
2020-12-25 06:49	strings.xml	134 kB	8df1b7f938e752ce273513ff37a00abe	exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
2020-11-16 10:30	thresholds.xml	3.4 kB	d2e5e1967ec1df59e5228ed8ee974b5a	exported SGML document, ASCII text, with CRLF line terminators
2020-12-20 02:37	translations.xml	35 kB	f1b2851c49baeae15f9f70f60053260b	exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies AutoIT script.
VirusTotal	suspicious	VirusTotal - Scan result 6/66

JavaScript (0)

HTTP Transactions (1)

	URL	IP	Response	Size