Report - q5r8g8c5.rocketcdn.me/wp-content/uploads/2016/07/TurboV_Core

Report Overview

Visited public
2024-03-14 12:43:40
Tags
URL
q5r8g8c5.rocketcdn.me/wp-content/uploads/2016/07/TurboV_Core_1.00.Z170.zip
Finishing URL
about:privatebrowsing
IP / ASN
194.242.11.186
#34989 ServeTheWorld AS
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
q5r8g8c5.rocketcdn.me	unknown	2018-10-29	2024-03-04 10:43:52	2024-03-04 10:43:52	528 B	1.1 kB	194.242.11.186
overclocking.com	361013	unknown	2014-11-28 07:55:02	2023-01-03 06:26:43	522 B	14 MB	185.100.5.50

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
overclocking.com/wp-content/medias/2016/07/TurboV_Core_1.00.Z170.zip
IP
185.100.5.50
ASN
#35393 CTS Computers and Telecommunications Systems SAS

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
14 MB (14536456 bytes)
Hash
b2e64075238978818d19396c62f949d3
22901e4d347902f2039fb13cdae471a9988c80af
34dd0c6ee6b87c0bd873a448f6cae3974d67b7ad3b406456a93a937e58027d88

Archive (60)

Filename

Md5

File type

AsAcpiIns.exe

854f453b3426dea4cc1526371ec70f7a

PE32+ executable (console) x86-64, for MS Windows, 4 sections

install.ini

55c51f8fe5a1b12986394c4ca573e049

Generic INItialization configuration [WINXP]

asacpi.cat

39a0844d3dbef06b011f48f34d1102f9

DER Encoded PKCS#7 Signed Data

AsAcpi.inf

7147030cbbff401efaff21c09737ed53

Windows setup INFormation

Asacpi.sys

cac3bb575e4a0417bff28d3196e44d3a

PE32+ executable (native) x86-64, for MS Windows, 7 sections

asacpi.cat

2c4abfd0430858bb6e526a8819e96fd1

DER Encoded PKCS#7 Signed Data

AsAcpi.inf

10ab3e55fb67e7a933c9d97af5e3e65d

Windows setup INFormation

Asacpi.sys

19b006b181e3875fd254f7b67acf1e7c

PE32+ executable (native) x86-64, for MS Windows, 7 sections

asacpi.cat

42df4e91f8b5a2a9db8b7bd9bfe987ae

DER Encoded PKCS#7 Signed Data

AsAcpi.inf

b4bbf3ca64e2cf2f1a312b58d5ba3195

Windows setup INFormation

Asacpi.sys

6936198f2cc25b39cf5262436c80df46

PE32+ executable (native) x86-64, for MS Windows, 7 sections

AsAcpiIns.exe

30fd6e30447e0cae0438118963ef9af4

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

install.ini

0eba7a3a3a4c360ba5c4a85f4d32e765

Generic INItialization configuration [WINXP]

asacpi.sys

d48659bb24c48345d926ecb45c1ebdf5

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

ATK2000.CAT

b24c02aac252e974d4f6a03fbb67e409

DER Encoded PKCS#7 Signed Data

ATK2000.INF

0faef21d2c59944f9c3ea62ac17eb82b

Windows setup INFormation

asacpi.cat

6dd3a68191b715f7a135805280437ab7

DER Encoded PKCS#7 Signed Data

AsAcpi.inf

f0494a29b6cd47efc1eae6757871d2bb

Windows setup INFormation

Asacpi.sys

cbe71c122434805cb73ffb6619f60598

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

asacpi.cat

12148b2fc0026d2ea2507e41198443a1

DER Encoded PKCS#7 Signed Data

AsAcpi.inf

74d30e706ebc1663164fb3b7a93b9665

Windows setup INFormation

AsAcpi.sys

dcdaab8697a47894a554050ce18d0b56

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

ATKEX.dll

affebdf6ce01fcb74b3bb7cc3c7b7eec

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

atkexComSvc.exe

bbf8f831c7720dd5135d8c4c8325187a

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

axIns.exe

25731b66be6787fe0d15430a785c56fc

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

axIns.ini

4e58db0ccc913eaabaeee7d4587f50b5

Generic INItialization configuration [Files]

CheckWin8.exe

6eacbd280f9253624fc3e687f4e1fba9

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

data1.cab

7d3bfd221d8a179bb637cc55de47320d

InstallShield CAB, version 0x100600c

data1.hdr

1b39a92fc70c8c6aa2cf5b5fd6170a92

InstallShield setup header, version 0x100600c, descriptor size 0x288c

data2.cab

9fa8d329459e000a9d4aed3a7d714f2f

InstallShield CAB, version 0x100600c

setup.exe

7287c348d09cf3c403ffa8b533b7c1a2

PE32 executable (console) Intel 80386, for MS Windows, 7 sections

setup.xml

2af401ffdc7eb55d246ca7dfed92dbec

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

SetupICCS.exe

4cfcf8cadf6e2dcea8abe6f58d73ff5f

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

vcredist_x86.exe

b88228d5fef4b6dc019d69d4471f23ec

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

DIFxAPI.dll

1bd976dd77b31fe0f25708ad5c1351ae

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

iccwdt.cat

827d2d303942f99435e19e7baa6b8eb4

DER Encoded PKCS#7 Signed Data

iccwdt.inf

a3003b101d97d52126177e07cd537769

Windows setup INFormation

iccwdt.sys

8661b1d7706889463289a8660352f0f8

PE32 executable (native) Intel 80386, for MS Windows, 7 sections

WdfCoInstaller01009.dll

a9970042be512c7981b36e689c5f3f9f

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

iccwdt.sys

c1010add3ddae1196ed21057af7b2aae

PE32+ executable (native) x86-64, for MS Windows, 8 sections

WdfCoInstaller01009.dll

4da5da193e0e4f86f6f8fd43ef25329a

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

license.txt

df73a63a646350459a100d5db48b6d46

Non-ISO extended-ASCII text, with very long lines (765), with CRLF line terminators

Readme.txt

d08b162bf197e0c06c4fa2510c6ead57

ASCII text, with CRLF line terminators

Setup.cfg

3947616ce97906d704e76e49b8450e25

ISO-8859 text, with CRLF line terminators

setup.exe

58f52903a000c0faeed3770dfd39dd1a

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Setup.if2

1431d2ce7f8e8ba3214346d845ab434c

Generic INItialization configuration [Groups]

DIFxAPI.dll

f5558c67a3adb662d43d40a1cbde4160

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 5 sections

Drv64.exe

3133d7aa82f537248a1646be640c5e4f

PE32+ executable (GUI) x86-64, for MS Windows, 4 sections

ikernel.ex_

93b63f516482715a784bbec3a0bf5f3a

MS Compress archive data, SZDD variant, original size: 614532 bytes

AsIO.dll

8128b54eaa48f9c06b19a86c87752996

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

AsIO.VXD

11a0fa714ac5f920490df59d37a3aa25

MS-DOS executable, LE executable for MS Windows (VxD)

AsIO32.sys

bfe96411cf67edb3cee2b9894b910cd5

PE32 executable (native) Intel 80386, for MS Windows, 5 sections

AsIO64.sys

798de15f187c1f013095bbbeb6fb6197

PE32+ executable (native) x86-64, for MS Windows, 5 sections

AsIoIns.exe

a7b7fae8049dfa73b8712024fafbf152

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

AsIoUnins.exe

746c04040c02537a84e9031d3aa3731f

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Version.ini

eaa1604bf47c6085f0797d6b1e4042d9

ASCII text, with CRLF line terminators

layout.bin

5ee69924cf9a10de37ca2fd2b73a3f77

data

Setup.exe

fb6674a519505cc93e28cf600bbc23a3

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Setup.ini

5476ae276d1f16e2149a694eec3ce2ea

Generic INItialization configuration [Languages]

setup.inx

037b0547518874610cdb34199b72b54a

data

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
Elastic Security YARA Rules	malware	Windows.VulnDriver.AsIo
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
Elastic Security YARA Rules	malware	Windows.VulnDriver.AsIo
VirusTotal	suspicious	VirusTotal - Scan result 4/52

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

q5r8g8c5.rocketcdn.me/wp-content/uploads/2016/07/TurboV_Core_1.00.Z170.zip

194.242.11.186

301 Moved Permanently

178 B

URL User Request GET HTTP/2
q5r8g8c5.rocketcdn.me/wp-content/uploads/2016/07/TurboV_Core_1.00.Z170.zip
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Certificate
IssuerLet's Encrypt
Subject*.rocketcdn.me
FingerprintDC:7C:C3:73:2C:21:2B:20:BA:58:2B:B7:B0:F6:44:DF:18:0C:54:72
ValidityMon, 26 Feb 2024 15:57:32 GMT - Sun, 26 May 2024 15:57:31 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /wp-content/uploads/2016/07/TurboV_Core_1.00.Z170.zip HTTP/1.1
Host: q5r8g8c5.rocketcdn.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 14 Mar 2024 12:43:10 GMT
content-type: text/html
content-length: 178
location: https://overclocking.com/wp-content/medias/2016/07/TurboV_Core_1.00.Z170.zip
server: BunnyCDN-NO1-830
cdn-pullzone: 1682639
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestcountrycode: NO
cache-control: public, max-age=31919000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: MISS
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 301
cdn-cachedat: 03/14/2024 12:43:10
cdn-edgestorageid: 830
link: <https://overclocking.com/wp-content/uploads/2016/07/TurboV_Core_1.00.Z170.zip>; rel="canonical"
x-powered-by: RocketCDN - b
cdn-status: 301
cdn-requestid: f526ffe8e0f939860dddc02de94d082e
cdn-cache: MISS
vary: Accept-Encoding
X-Firefox-Spdy: h2

overclocking.com/wp-content/medias/2016/07/TurboV_Core_1.00.Z170.zip

185.100.5.50

200 OK

14 MB

URL User Request GET HTTP/2
overclocking.com/wp-content/medias/2016/07/TurboV_Core_1.00.Z170.zip
IP
185.100.5.50:443
ASN
#35393 CTS Computers and Telecommunications Systems SAS

Certificate
IssuerLet's Encrypt
Subjectoverclocking.com
Fingerprint6E:B7:FC:FA:3C:E9:DB:47:78:66:B0:F5:D2:CF:13:61:F6:67:A2:7B
ValidityWed, 14 Feb 2024 22:03:56 GMT - Tue, 14 May 2024 22:03:55 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
14 MB (14536456 bytes)
Hash
b2e64075238978818d19396c62f949d3
22901e4d347902f2039fb13cdae471a9988c80af
34dd0c6ee6b87c0bd873a448f6cae3974d67b7ad3b406456a93a937e58027d88

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 4/52

HTTP Headers

GET /wp-content/medias/2016/07/TurboV_Core_1.00.Z170.zip HTTP/1.1
Host: overclocking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 14 Mar 2024 12:43:10 GMT
content-type: application/zip
content-length: 14536456
last-modified: Mon, 16 Aug 2021 14:32:51 GMT
etag: "611a7713-ddcf08"
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (60)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers