Report - www.sterjosoft.com/download/mailpasswords.zip

Report Overview

Submitted URL
www.sterjosoft.com/download/mailpasswords.zip
IP
192.3.85.50
ASN
#36352 AS-COLOCROSSING
Submitted
2024-03-28 13:44:52
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
7

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.sterjosoft.com	unknown	2010-06-30	2012-05-26	2024-03-27	499 B	2.3 MB	192.3.85.50

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.sterjosoft.com/download/mailpasswords.zip
IP
192.3.85.50
ASN
#36352 AS-COLOCROSSING

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.3 MB (2288638 bytes)
Hash
b59e832b17e671132313c5fe3cec0883
f709abbdffb29a8a2cfbccec112feca2f2bc0932
484e6d0976b3f1fb2efad73872ba8a2a237e92b5a7800203f638fb9b45750a2c

Archive (24)

Filename

Md5

File type

comctl32.ocx

2640ad05ab39321e6c9d3c71236ca0df

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

iteSql.dll

f8e8fd057e53ac5e597d0f1cb1ffc40e

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

Arabic.lng

912794b9b0906ccb51cb4c18e7c1971b

Unicode text, UTF-16, little-endian text, with CRLF line terminators

English.lng

39252e99e61605333e49f99f4d834fc3

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Finnish.lng

082d9e73737b8b945594c8cda7428b81

Unicode text, UTF-16, little-endian text, with CRLF line terminators

French.lng

823f3d9d6a0a2f840336c73002be966c

Unicode text, UTF-16, little-endian text, with CRLF line terminators

German.lng

794bcf62fd63bdca41aafbec08d0d72c

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Greek.lng

0772991c184ecbd677c794f63d81ab0f

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Italian.lng

20e462200b8c4ff43e4075fd7ab90954

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Japanese.lng

3c6a07d698068b2857479b666061d4b1

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Macedonian.lng

e6023fec01e6cff89f0d1e64d499fd37

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Polish.lng

4b835e59783cee72c8171259a93941cf

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Portuguese.lng

5d2e648a86cb0d3efb1e7c8a51ffebbe

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Russian.lng

b63909a3a72ec9c939e017e47b17ac5a

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Simplified_Chinese.lng

82647a2b9d2348f2122eed231ac0ba06

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Slovenian.lng

054045f20a96a4f670cadef490b8011d

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Spanish.lng

a83dd2a340713f8d5f2c41e0f17a75e1

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Translate.lng

39252e99e61605333e49f99f4d834fc3

Unicode text, UTF-16, little-endian text, with CRLF line terminators

libcrypto-1_1.dll

244537a7fafeb634a9dba27cf60d51ff

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

libcryptoVB.dll

db35c38ed7721ae110ec8aa4628d028d

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

License Agreement.txt

b7840fe54240d9508be13e38be782fc9

ASCII text, with very long lines (472), with CRLF line terminators

MailPasswords.exe

fe5cd113e079d6999610f1b66b11c12c

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

msvcr120.dll

034ccadc1c073e4216e9466b720f9849

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

resources.dll

35e40c18ef745f7d40d414493f04329d

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 5/63

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.sterjosoft.com/download/mailpasswords.zip

192.3.85.50

200 OK

2.3 MB

URL User Request GET HTTP/1.1
www.sterjosoft.com/download/mailpasswords.zip
IP
192.3.85.50:443
ASN
#36352 AS-COLOCROSSING

Certificate
IssuerLet's Encrypt
Subjectsterjosoft.com
Fingerprint8C:EF:5F:AF:67:42:BB:17:3F:0B:A9:A6:65:10:B8:81:C5:EF:CD:CB
ValidityWed, 13 Mar 2024 11:49:09 GMT - Tue, 11 Jun 2024 11:49:08 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.3 MB (2288638 bytes)
Hash
b59e832b17e671132313c5fe3cec0883
f709abbdffb29a8a2cfbccec112feca2f2bc0932
484e6d0976b3f1fb2efad73872ba8a2a237e92b5a7800203f638fb9b45750a2c

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 5/63

HTTP Headers

GET /download/mailpasswords.zip HTTP/1.1
Host: www.sterjosoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 13:44:26 GMT
Server: Apache
Last-Modified: Sun, 29 Mar 2020 15:06:56 GMT
ETag: "22ebfe-5a1ffaf758400"
Accept-Ranges: bytes
Content-Length: 2288638
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip