Report - github.com/Bytrl/zips/raw/664eea8ace048e7e9f3a18c3549a83dc23fd3771/bin.zip

Report Overview

Submitted URL
github.com/Bytrl/zips/raw/664eea8ace048e7e9f3a18c3549a83dc23fd3771/bin.zip
IP
140.82.121.4
ASN
#36459 GITHUB
Submitted
2024-04-19 01:34:53
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2024-03-24	528 B	3.5 kB	140.82.121.4
raw.githubusercontent.com	35802	2014-02-06	2014-03-01	2024-04-18	539 B	18 MB	185.199.110.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
raw.githubusercontent.com/Bytrl/zips/664eea8ace048e7e9f3a18c3549a83dc23fd3771/bin.zip
IP
185.199.110.133
ASN
#54113 FASTLY

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
18 MB (17572180 bytes)
Hash
fd1d297d8a05461e63d7ca438aeca320
c349badc62cbe658570b76f1133d63aa7a687189
422fe5993d6cc8a003adc3b55b5402b3d5e6a2c8038ccae8e30b6b6f1d8f250c

Archive (73)

Filename

Md5

File type

allochook-x86_64.dll

daa81711ad1f1b1f8d96dc926d502484

PE32+ executable (DLL) (console) x86-64, for MS Windows, 13 sections

AddToNewGroup.LUA

83bdbb1ba0dd3c8c5a18f125951c9325

ASCII text

affinity.lua

736a8bbd0d34eefd4c1eb6d02b2f35e2

ASCII text, with CRLF line terminators

alternateSpeedhack.LUA

69b03b6395c4c780fed5091c0b8230c3

C source, ASCII text

babyce.lua

2752eb057b40d4490c866315c6f50055

ASCII text, with CRLF line terminators

bigendian.lua

4b2ee1e7fcff5281b4f39698d8ca5a16

ASCII text

copytoclipboardastext.lua

f83c9de409b7a119a56462385ff846a5

ASCII text, with CRLF line terminators

cpuid.lua

fa2ef4f82b9bdb07a9e719ce4d8b094d

ASCII text, with CRLF line terminators

CEJVMTI.dll

b02fa5c8eefbcd010aaac97a94ff62bb

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

CEJVMTI.dll

cefc5c56720ca850ccb20faf47733bd2

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

DotNetInterface.dll

ed7867296697880928f297914d80f211

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

MonoDataCollector32.dll

c5b870ce07da5206d8a81e139920b7dc

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

MonoDataCollector64.dll

4237719534b21bb179480ed8bb23c0cc

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

UnrealDataCollector64.dll

6184b1bdaab63f6364f9ddbdf502c63e

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

dotnetinfo.lua

e1a77fa8c3e3d0b23bb4159f8e0c673c

ASCII text, with very long lines (338)

DotNetInject.lua

019537c21e839ed2dcf6372d4ee5437d

ASCII text

DotNetInterface.lua

1dce4c5122636604f6ef299e5e6d8211

ASCII text

dotnetpatch.lua

c18e49c994d019ff8f3e80025bec09ec

JavaScript source, ASCII text

dotnetsearch.lua

79aa90c390c0be62610422b6ec0eb8e1

JavaScript source, ASCII text

DotNetInfo.frm

991e56a5ca83f02c8da3354cae66f68b

XML 1.0 document, ASCII text, with very long lines (1926)

DotNetSearch.frm

27296ba069a8d9c9d50c0ba6ad506f14

XML 1.0 document, ASCII text, with very long lines (929)

frmUltimap2.FRM

4e5b77ebb18e7e86a7d9785ecffa701f

XML 1.0 document, ASCII text, with very long lines (729), with CRLF line terminators

GH_UE_Dumper.frm

0e7e06cc203efe179d5f587825be126c

XML 1.0 document, ASCII text, with very long lines (7930), with CRLF line terminators

MonoDataCollector.frm

03d4dd46084bcbe16a39d72ba22e5446

XML 1.0 document, ASCII text, with very long lines (1475), with CRLF line terminators

UnrealDataCollector64.dll

6184b1bdaab63f6364f9ddbdf502c63e

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

GH_UE_Dumper.frm

0e7e06cc203efe179d5f587825be126c

XML 1.0 document, ASCII text, with very long lines (7930), with CRLF line terminators

GH-UEDumperClient.lua

ad4101439753f7cce5338439df940b57

ASCII text, with CRLF line terminators

GH-UEDumperForm.lua

704348d790c03565b227f41b49b1da5b

ASCII text, with CRLF line terminators

UE Data Collector Documentation.txt

10fb68caf921575f4aac79c8fd0a9057

ASCII text, with CRLF line terminators

UEToolDataDissectExt.lua

a41a2c02c0c3056db60b86981ced0e79

ASCII text, with CRLF line terminators

GH-UEDumperClient.lua

ad4101439753f7cce5338439df940b57

ASCII text, with CRLF line terminators

GH-UEDumperForm.lua

704348d790c03565b227f41b49b1da5b

ASCII text, with CRLF line terminators

java.lua

54151e1842473981d08c4b1b69ceb46c

ASCII text, with very long lines (312), with CRLF line terminators

javaclass.lua

e4fa493cbf4f5e932dce648a78800616

ASCII text, with CRLF line terminators

javaClassEditor.lua

96a64006f752ecd75faed81f86212f93

ASCII text, with very long lines (332), with CRLF line terminators

luahook.lua

08a55bfd1dcf6702c39bd107d350d2c9

ASCII text

luasymbols.lua

df4d243ab0407a1f03ccf448232fcf62

JavaScript source, ASCII text, with CRLF line terminators

modulelistscan.lua

ca347def8a682d2adf951c4ecbabd948

JavaScript source, ASCII text, with CRLF line terminators

monoscript.lua

76168ca68f3ed8ade110b140244efbaf

ASCII text, with CRLF line terminators

my_utilities.lua

800d10d9da30b0dfc80bd76652f51436

Unicode text, UTF-8 text, with very long lines (2921), with CRLF line terminators

patchscan.lua

f2896031568f43a7e4a7529a16f4ea12

ASCII text, with CRLF line terminators

pseudocode.lua

2be703bf1ff1ea4dd6d1eff673367e48

ASCII text, with CRLF line terminators

pseudocodediagram.lua

49c105dc0f4e732802284180722747c2

ASCII text, with very long lines (301), with CRLF line terminators

show_modules_compressed.lua

f723945716d5c27ed4c16698a2097988

ASCII text, with very long lines (962), with no line terminators

splitscanintonewtab.lua

16070ac8ae7c9e1a5dfdf5353de647bd

ASCII text

UEToolDataDissectExt.lua

a41a2c02c0c3056db60b86981ced0e79

ASCII text, with CRLF line terminators

ultimap2.lua

0343d5d130e8522727b70aeebbedd02e

ASCII text, with CRLF line terminators

xmlSimple.lua

274946677cb1fb1c63a04aeb641e21d0

ASCII text, with CRLF line terminators

Bytrl.sys

c3302362439e5f0e1cd0ad0588c85afa

PE32+ executable (native) x86-64, for MS Windows, 6 sections

lfs.dll

5e8ad34ff069b6a2e1ae00bdfe96b612

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

clone.exe

d9c04c84a6c7e04740803627891645fd

PE32+ executable (console) x86-64, for MS Windows, 6 sections

control.exe

6ae2451afa3e9cafa9aa88a3751cb24a

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

defines.lua

62e1fa241d417668f7c5da6e4009a5a6

ASCII text, with CRLF line terminators

gerye465ye4h4y.exe

c8d8e81e64630c0fdb38de2ea112d05e

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

hide.exe

5750cf9b348e5b9316f6a0c49589cbba

PE32+ executable (console) x86-64, for MS Windows, 17 sections

launch-auth.bat

5f42bcfcc61691ed10f1aaaa8e3d06b1

DOS batch file, ASCII text, with CRLF line terminators

launch-masked.bat

2c0cf59cbb5e56b97fb44e1daf1b28d5

DOS batch file, ASCII text, with CRLF line terminators

libipt-64.dll

4a3b7c52ef32d936e3167efc1e920ae6

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

lua53-64.dll

b7c9f1e7e640f1a034be84af86970d45

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

luaclient-x86_64.dll

dd71848b5bbd150e22e84238cf985af0

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

main.lua

62771a63fdc87764bff87d82918ab02a

JavaScript source, ASCII text, with CRLF line terminators

mask.exe

2eb4b1fd293e2c3210fa7bd5d5ae3dc4

PE32+ executable (console) x86-64, for MS Windows, 6 sections

PsExec.exe

24a648a48741b1ac809e47b9543c6f12

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

SecurityHealthSystray-x86_64-SSE4-AVX2.exe

6f046ebbee2d18b2d2fac4167c82e625

PE32+ executable (GUI) x86-64, for MS Windows, 9 sections

speedhack-x86_64.dll

bf4355602689c0f686204f84894659ef

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

unload.exe

9af96706762298cf72df2a74213494c9

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

unload+.bat

feb69d605984e73e4f3db9ab76695a76

ASCII text, with CRLF line terminators

vehdebug-x86_64.dll

8d487547f1664995e8c47ec2ca6d71fe

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

vmdisk.img

c50b9376df81869850f0ea23dd994a16

DOS/MBR boot sector

dbghelp.dll

7a7a9cd081ab016f84249ef4f06493ad

PE32+ executable (DLL) (console) x86-64, for MS Windows, 8 sections

sqlite3.dll

c11138204609ea63a3e88b4c8c09b035

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

symsrv.dll

1473a9ccb67526d4010f1b0f9e6b2977

PE32+ executable (DLL) (console) x86-64, for MS Windows, 8 sections

winhook-x86_64.dll

f9c562b838a3c0620fb6ee46b20b554c

PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows, 9 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Zero hits with with search for 'imphash:x p:0' on Virustotal)
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Public Nextron YARA rules	malware	Detects suspicious InjectDLL keyword found in hacktools or possibly unwanted applications

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	github.com/Bytrl/zips/raw/664eea8ace048e7e9f3a18c3549a83dc23fd3771/bin.zip	140.82.121.4	302 Found	0 B
URL User Request GET HTTP/2 github.com/Bytrl/zips/raw/664eea8ace048e7e9f3a18c3549a83dc23fd3771/bin.zip IP 140.82.121.4:443 ASN #36459 GITHUB Certificate IssuerSectigo Limited Subjectgithub.com FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0 ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /Bytrl/zips/raw/664eea8ace048e7e9f3a18c3549a83dc23fd3771/bin.zip HTTP/1.1 Host: github.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found server: GitHub.com date: Fri, 19 Apr 2024 01:34:20 GMT content-type: text/html; charset=utf-8 vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With access-control-allow-origin: location: https://raw.githubusercontent.com/Bytrl/zips/664eea8ace048e7e9f3a18c3549a83dc23fd3771/bin.zip cache-control: no-cache strict-transport-security: max-age=31536000; includeSubdomains; preload x-frame-options: deny x-content-type-options: nosniff x-xss-protection: 0 referrer-policy: no-referrer-when-downgrade content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ content-length: 0 x-github-request-id: E1D0:3B9AAB:249BB79B:24E70AA4:6621CA1B X-Firefox-Spdy: h2

	raw.githubusercontent.com/Bytrl/zips/664eea8ace048e7e9f3a18c3549a83dc23fd3771/bin.zip	185.199.110.133	200 OK	18 MB
URL User Request GET HTTP/2 raw.githubusercontent.com/Bytrl/zips/664eea8ace048e7e9f3a18c3549a83dc23fd3771/bin.zip IP 185.199.110.133:443 ASN #54113 FASTLY Certificate IssuerDigiCert Inc Subject.github.io Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28 ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 18 MB (17572180 bytes) Hash fd1d297d8a05461e63d7ca438aeca320 c349badc62cbe658570b76f1133d63aa7a687189 422fe5993d6cc8a003adc3b55b5402b3d5e6a2c8038ccae8e30b6b6f1d8f250c HTTP Headers GET /Bytrl/zips/664eea8ace048e7e9f3a18c3549a83dc23fd3771/bin.zip HTTP/1.1 Host: raw.githubusercontent.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK cache-control: max-age=300 content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox content-type: application/zip etag: W/"d0c03f2c1cf0679f98c77ed3d4ec510c3df004c4a62610550f72f731e6b04c22" strict-transport-security: max-age=31536000 x-content-type-options: nosniff x-frame-options: deny x-xss-protection: 1; mode=block x-github-request-id: D584:2C793C:774ECB:7C38E5:6621CA1C accept-ranges: bytes date: Fri, 19 Apr 2024 01:34:21 GMT via: 1.1 varnish x-served-by: cache-hel1410029-HEL x-cache: MISS x-cache-hits: 0 x-timer: S1713490460.213393,VS0,VE1570 vary: Authorization,Accept-Encoding,Origin access-control-allow-origin: cross-origin-resource-policy: cross-origin x-fastly-request-id: ef252a970fb718c16947b51adce943e63c9d44e0 expires: Fri, 19 Apr 2024 01:39:21 GMT source-age: 1 content-length: 17572180 X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (73)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers