Report - tn4.tjhnk.com/file/FIFA_23.zip

Report Overview

Submitted URL
tn4.tjhnk.com/file/FIFA_23.zip
IP
104.21.87.241
ASN
#13335 CLOUDFLARENET
Submitted
2024-03-28 10:48:33
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tn4.tjhnk.com	unknown	2023-11-04	2023-12-13	2023-12-13	484 B	15 MB	104.21.87.241

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
tn4.tjhnk.com/file/FIFA_23.zip
IP
104.21.87.241
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
15 MB (15448541 bytes)
Hash
7d7338b6496b9007c9211d177593455c
afe4e54d26fda041ea65c70f36c4f22156a185fd
d4cde0100f60ff9dffa84a0a4aadc2f160c9fee8755af2d4b018b5d1e53171e0

Archive (16)

Filename

Md5

File type

[Bluesofts] FIFA_23.exe

a1a802b1cbe696e4f0c47bbc13379425

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Aliyun.Log.dll

dcb7d24b7c24bdc474a4ddbce4404c97

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Aliyun.OSS.dll

4872d3a698bc17ed99d24f452cb6ac69

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Apowersoft.CommUtilities.Base.V2.dll

6d69010a6fd0d3b8808df569eabdb368

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Apowersoft.CommUtilities.dll

d56a5b75974d41704403769b2a84e14b

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Apowersoft.CommUtilities.Native.dll

ee15f0a51269e5576987ff835c8a4bc3

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Apowersoft.UI.Prompts.dll

34cda5aada0b47b0277336ad2f18a1a7

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Apowersoft.Utils.Record.dll

deca52b733faafcf710ce5576730a818

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

ApowersoftWinApi.dll

67f5a82ea1796502b257de8cae1b9761

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

log4net.dll

6b88e52cc2d0ca0d1f1b03a4f3218d0b

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

NewtonNative.exe

42badc1d2f03a8b1e4875740d3d49336

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

Newtonsoft.Json.dll

5e02ddaf3b02e43e532fc6a52b04d14b

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

NewUtilities

5410ddeaa724c1f28a61c7cd84e54868

7-zip archive data, version 0.4

System.Windows.Interactivity.dll

14d624783afba2b330320dc6ba3780af

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

eprd.txt

7cbb3502e78951edbeac5badec199abc

Unicode text, UTF-8 text, with CRLF line terminators

xprd.txt

922f607681161bd5bfc6058939d763c6

Unicode text, UTF-8 text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Identify partial Agent Tesla strings
VirusTotal	malicious	VirusTotal - Scan result 24/66

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

tn4.tjhnk.com/file/FIFA_23.zip

104.21.87.241

200 OK

15 MB

URL User Request GET HTTP/2
tn4.tjhnk.com/file/FIFA_23.zip
IP
104.21.87.241:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecttjhnk.com
FingerprintA6:98:46:17:62:D8:62:5D:5F:DC:A3:FB:3C:AC:F8:E6:97:BC:9B:F1
ValidityFri, 01 Mar 2024 20:24:34 GMT - Thu, 30 May 2024 20:24:33 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
15 MB (15448541 bytes)
Hash
7d7338b6496b9007c9211d177593455c
afe4e54d26fda041ea65c70f36c4f22156a185fd
d4cde0100f60ff9dffa84a0a4aadc2f160c9fee8755af2d4b018b5d1e53171e0

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 24/66

HTTP Headers

GET /file/FIFA_23.zip HTTP/1.1
Host: tn4.tjhnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 10:47:56 GMT
content-type: application/zip
content-length: 15448541
last-modified: Fri, 17 Nov 2023 10:56:22 GMT
etag: "655746d6-ebb9dd"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l%2BmYoJgR8weTVopi36KmIsSVaz4TnY9jX9lNl4rp9%2BFprSr6SoOHvDH52kDckLxj11%2FmM6EX30c22kRX%2F6zgvJ0b%2B101t1288ZszT14MezabMNmAUPanAvyxiZzgL%2B92"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86b70b82cc3a5684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2