Report - file.order-master.com/OMDownLoad/AllAPI/%E7%BE%A4%E7%9B%8A-%E5%A4%96%E6%8E%9B%E7%A8%8B%E5%BC%8F%E5%A5%97%E4%BB%B6.zip

Report Overview

Submitted URL
file.order-master.com/OMDownLoad/AllAPI/%E7%BE%A4%E7%9B%8A-%E5%A4%96%E6%8E%9B%E7%A8%8B%E5%BC%8F%E5%A5%97%E4%BB%B6.zip
IP
144.48.140.18
ASN
#135343 Cross Geminis Limited
Submitted
2024-05-04 18:06:04
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
file.order-master.com	unknown	2014-04-25	2019-03-22	2024-01-26	571 B	8.6 MB	144.48.140.18
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-03	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
file.order-master.com/OMDownLoad/AllAPI/%E7%BE%A4%E7%9B%8A-%E5%A4%96%E6%8E%9B%E7%A8%8B%E5%BC%8F%E5%A5%97%E4%BB%B6.zip
IP
144.48.140.18
ASN
#135343 Cross Geminis Limited

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
8.6 MB (8641922 bytes)
Hash
7d3f65f884833f404ee243c2421e13bf
a59f47c9e57a66165e26ad91f92e1cd659dc4686
4f76072f1dc3f4396255a0671bf9fd932f1dff83a958f9dd8bd12bbee9099aa0

Archive (13)

Filename

Md5

File type

CapitalReg32.bat

bdeba4d71cd6a453d53ed81469038cf5

DOS batch file, ASCII text, with CRLF line terminators

CTSecuritiesATL.dll

d4e0be62dc7eb3ab2cb2c6fa01c00367

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Interop.SKCOMLib.dll

3f974d5f52b6e08e7ed63e4b1a5ae0be

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

libsolclient.dll

1426e716b4ce13ae65b70502bf27a07a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

OrderAPI-006.dll

d035e970870cd18f73689441080e283c

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SKCOM.dll

fda2a103b9efde387370c26c25784f8a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

SKCOMTester.exe

92952e3d74c87f3b82fb1790dc53d483

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SKTradeLib.dll

42af238f7d1e2f86d4a6202d391f4e65

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Start.txt

336d5ebc5436534e61d16e63ddfca327

very short file (no magic)

UnCapitalReg32.bat

acefd0e61d3780dfe19972655bb3574b

DOS batch file, ASCII text, with CRLF line terminators

vcredist_x86.exe

b88228d5fef4b6dc019d69d4471f23ec

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

�s�q-�w�˻��.ppt

1dc912c02941652400670f1d689d5c5a

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 950, Title: v 1, Author: Linsf0717, Template: Blends, Last Saved By: Windows , Revision Number: 2334, Name of Creating Application: Microsoft Office PowerPoint, Total Editing Time: 6d+20:36:26, Create Time/Date: Sat Jan 24 12:46:21 2009, Last Saved Time/Date: Tue Jul 3 09:18:16 2018, Number of Words: 585

�s�q��s��-20230415(�ФŧR��).txt

7b52c777f3faca66ef6aa486e9cdabce

ISO-8859 text, with no line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	win_amadey_bytecodes_oct_2023
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	file.order-master.com/OMDownLoad/AllAPI/%E7%BE%A4%E7%9B%8A-%E5%A4%96%E6%8E%9B%E7%A8%8B%E5%BC%8F%E5%A5%97%E4%BB%B6.zip	144.48.140.18	200 OK	8.6 MB
URL User Request GET HTTP/2 file.order-master.com/OMDownLoad/AllAPI/%E7%BE%A4%E7%9B%8A-%E5%A4%96%E6%8E%9B%E7%A8%8B%E5%BC%8F%E5%A5%97%E4%BB%B6.zip IP 144.48.140.18:443 ASN #135343 Cross Geminis Limited Certificate IssuerDigiCert Inc Subjectfile.order-master.com Fingerprint48:12:85:1E:8A:0F:85:E7:77:8E:BD:5C:59:51:97:04:0C:90:5E:3B ValiditySun, 14 Jan 2024 00:00:00 GMT - Thu, 13 Feb 2025 23:59:59 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 8.6 MB (8641922 bytes) Hash 7d3f65f884833f404ee243c2421e13bf a59f47c9e57a66165e26ad91f92e1cd659dc4686 4f76072f1dc3f4396255a0671bf9fd932f1dff83a958f9dd8bd12bbee9099aa0 HTTP Headers GET /OMDownLoad/AllAPI/%E7%BE%A4%E7%9B%8A-%E5%A4%96%E6%8E%9B%E7%A8%8B%E5%BC%8F%E5%A5%97%E4%BB%B6.zip HTTP/1.1 Host: file.order-master.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK content-type: application/zip last-modified: Sun, 31 Dec 2023 07:13:12 GMT accept-ranges: bytes content-length: 8641922 date: Sat, 04 May 2024 18:05:37 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" X-Firefox-Spdy: h2`

	aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml	35.244.181.201		444 B
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP 35.244.181.201:0 ASN #396982 GOOGLE-CLOUD-PLATFORM File type XML 1.0 document, ASCII text, with very long lines (332) Size 444 B (444 bytes) Hash 3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463 HTTP Headers `GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK server: nginx rule-id: unknown rule-data-version: unknown content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=XenXdxKvXlEgippizctnKmdmJjkCAteICK8NJ6nDssJ8jnaMLtqwoNlCjRouYibKp1flcJPMuvfRbAhIQn_OUpUrR-xl313C4gIqLcQdsBIyckeiH-z24qgF9IgNVFUW strict-transport-security: max-age=31536000; x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none' x-proxy-cache-status: EXPIRED content-encoding: gzip via: 1.1 google date: Sat, 04 May 2024 18:05:49 GMT content-type: text/xml; charset=utf-8 vary: Accept-Encoding content-length: 444 age: 6 cache-control: public,max-age=90 alt-svc: clear X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (13)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers