Report - za30cod.ru/downloads/cod4x_client_21

Report Overview

Submitted URL
za30cod.ru/downloads/cod4x_client_21_1.zip
IP
104.21.53.173
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-24 12:15:50
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
za30cod.ru	unknown	2020-07-13	2021-06-24	2024-03-13	496 B	4.4 MB	172.67.215.210

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
za30cod.ru/downloads/cod4x_client_21_1.zip
IP
172.67.215.210
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
4.4 MB (4416838 bytes)
Hash
b446fb4dc61f3d8ed334d368bb2f2cf4
0fed0eb9177c25e2b4f1c5343cfe2aef6b5e99d3
ae3fef06d56c4b95ed966254beeefdc5d0130e6dc15e5324ef98bc48ac4e4c82

Archive (16)

Filename

Md5

File type

cod4x_021.dll

7382607103315f97153e18194ffc817c

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 11 sections

cod4x_patchv2.ff

ed49f2e5a8afef2929723e625d877e07

data

crashrpt1403.dll

2b1dd01b53e7757db2348ac7639db1e3

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

crashrpt_lang.ini

771da39b527e886a247a0c0a33ffb715

Unicode text, UTF-16, little-endian text, with CRLF line terminators

crashsender1403.exe

950f5e4d09a0f2563629759f379e5c59

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

dbghelp.dll

dee832103585ee41bd7f1a905f0726f7

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

install.cmd

649cf8d45e4554661f54dec8c7662a63

DOS batch file, ASCII text, with CRLF line terminators

jcod4x_00.iwd

e2450d8e8569b16905d3946670db9fa0

Zip archive data, at least v1.0 to extract, compression method=store

launcher.dll

9b724669baef65fb269f215d6fc6e035

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 11 sections

miles32.dll

548f39629f991713624527757afc5284

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

mss32.dll

4628c4b03fb5977c7f67615aa59c4117

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 11 sections

msvcp100.dll

bc83108b18756547013ed443b8cdb31b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

msvcr100.dll

0e37fbfa79d349d672456923ec5fbbe3

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

uninstall.cmd

6675e7418ce9a989b1f1f4a75968a654

DOS batch file, ASCII text, with CRLF line terminators

RU-readme.txt

c50fa335c8edb5b6b1e5d915749675eb

Unicode text, UTF-8 text, with CRLF line terminators

EN-readme.txt

8e7757250ce817fc40198630f686a4ca

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	suspicious	VirusTotal - Scan result 1/64

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

za30cod.ru/downloads/cod4x_client_21_1.zip

172.67.215.210

200 OK

4.4 MB

URL User Request GET HTTP/2
za30cod.ru/downloads/cod4x_client_21_1.zip
IP
172.67.215.210:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectza30cod.ru
Fingerprint92:44:41:70:1B:3E:C4:53:A7:DE:2A:86:28:10:49:F0:1A:5B:83:70
ValidityTue, 12 Mar 2024 21:17:49 GMT - Mon, 10 Jun 2024 21:17:48 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
4.4 MB (4416838 bytes)
Hash
b446fb4dc61f3d8ed334d368bb2f2cf4
0fed0eb9177c25e2b4f1c5343cfe2aef6b5e99d3
ae3fef06d56c4b95ed966254beeefdc5d0130e6dc15e5324ef98bc48ac4e4c82

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/64

HTTP Headers

GET /downloads/cod4x_client_21_1.zip HTTP/1.1
Host: za30cod.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 12:15:23 GMT
content-type: application/zip
content-length: 4416838
last-modified: Tue, 28 Mar 2023 16:31:55 GMT
etag: "6423167b-436546"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nFYpAGQSFg1e9VpiqIAWjQwUNbExxtRR2ZlbhvSda9isZXnEcGSDnBJztMscWg7TrbN3sWFEAoQd5aS2F8oZB%2FpbZP0dApg9z9J7ZuqrQB8m9Yba7TmfpqqImK77"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879604ba69c1568b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (16)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers