Report - d48ehdag0go01.cloudfront.net/IcsS/S8z6FPSgc/uUTBCD2/usb-security-utilities-1.0-installer.exe

Report Overview

Visitedpublic

2024-10-07 04:31:44

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-10-05 18:12:17	327 B	888 B	23.36.76.226
d48ehdag0go01.cloudfront.net	unknown	2008-04-25	2024-09-20 03:27:34	2024-09-26 19:50:38	546 B	1.8 MB	143.204.42.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

d48ehdag0go01.cloudfront.net/IcsS/S8z6FPSgc/uUTBCD2/usb-security-utilities-1.0-installer.exe

IP / ASN

143.204.42.29

#16509 AMAZON-02

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 10 sections

Size1.8 MB (1771536 bytes)

MD535b71824e3eaec93b5fa8115d2778f80

SHA196091005bceb781a2a656e0ea94d31ac92c2c4d2

SHA256186d60f1c45448a15449682716be7b5268ce78822128ffb12704785f8fa40007

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 15/72

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-06

Last Seen2024-10-11

Times Seen23072

Size504 B (504 bytes)

MD592cd7893843bf7005d9d4281f7ddeb25

SHA11d1762ecf80a622168eb8734901fc27382da2b2a

SHA2567e1c229fca475d3a4760d7950e2ccd0b8bb27f4c4bc5fd43e96260bfa32388b7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7E1C229FCA475D3A4760D7950E2CCD0B8BB27F4C4BC5FD43E96260BFA32388B7"
Last-Modified: Sat, 05 Oct 2024 16:15:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16163
Expires: Mon, 07 Oct 2024 09:00:41 GMT
Date: Mon, 07 Oct 2024 04:31:18 GMT
Connection: keep-alive

GET d48ehdag0go01.cloudfront.net/IcsS/S8z6FPSgc/uUTBCD2/usb-security-utilities-1.0-installer.exe

143.204.42.29

200 OK

1.8 MB

URL

d48ehdag0go01.cloudfront.net/IcsS/S8z6FPSgc/uUTBCD2/usb-security-utilities-1.0-installer.exe

IP / ASN

143.204.42.29

#16509 AMAZON-02

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 10 sections

First Seen2024-10-06

Last Seen2024-10-11

Times Seen20

Size1.8 MB (1771536 bytes)

MD535b71824e3eaec93b5fa8115d2778f80

SHA196091005bceb781a2a656e0ea94d31ac92c2c4d2

SHA256186d60f1c45448a15449682716be7b5268ce78822128ffb12704785f8fa40007

Certificate Info

IssuerAmazon

Subject*.cloudfront.net

Fingerprint28:D3:87:79:3C:E8:8B:3C:D9:10:45:E5:F7:64:7A:6D:44:4E:5A:62

ValidityTue, 30 Jul 2024 00:00:00 GMT - Thu, 03 Jul 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 15/72

HTTP Headers

GET /IcsS/S8z6FPSgc/uUTBCD2/usb-security-utilities-1.0-installer.exe HTTP/1.1
Host: d48ehdag0go01.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
content-length: 1771536
access-control-allow-origin: *
cache-control: private, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
content-disposition: attachment; filename="usb-security-utilities-1.0-installer_nzrHj-1.exe"; filename*=UTF-8''usb-security-utilities-1.0-installer_nzrHj-1.exe
content-transfer-encoding: binary
date: Mon, 07 Oct 2024 04:31:19 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
pragma: public
x-cache: Miss from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: yjzqnuwrV161lTd0CgK1jN0wumJf8rEF_eAU3w4viL2oHDGq4PGSSw==
age: 0
X-Firefox-Spdy: h2