popup

Report - 645d85f10366f.zip

ZIP Format
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.05.12 09:43 Machine s1_win7_x6402
Filename 645d85f10366f.zip
Type Zip archive data, at least v2.0 to extract
AI Score Not founds Behavior Score
0.8
ZERO API file : clean
VT API (file)
md5 e5e14d83b8c78f4ef66ec2fa554ddada
sha256 532dbb190b2a5e48dbd26ceaa2592d28c4d6a26d8bbdf03fb7fbafc404689808
ssdeep 49152:6Q6J3WM202p5GutgAJuIxyxWCIZsS85PWZ5FvcBg:p89i7JDmWgzP+Ug
imphash
impfuzzy
  Network IP location

Signature (2cnts)

Level Description
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Performs some HTTP requests

Rules (1cnts)

Level Name Description Collection
info zip_file_format ZIP file format binaries (upload)

Network (6cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://geo.netsupportsoftware.com/location/loca.asp
whois
GB British Telecommunications PLC 62.172.138.67 clean
http://89.22.237.94:5222/http://89.22.237.94/fakeurl.htm
whois
TR M247 Ltd 89.22.237.94 clean
geo.netsupportsoftware.com
whois
GB British Telecommunications PLC 62.172.138.67 clean
blahadfurtik.com
whois
TR M247 Ltd 89.22.237.94 mailcious
89.22.237.94
whois
TR M247 Ltd 89.22.237.94 mailcious
62.172.138.67
whois
GB British Telecommunications PLC 62.172.138.67 clean

Suricata ids

ET INFO NetSupport Remote Admin Checkin
ET POLICY NetSupport GeoLocation Lookup Request
ET INFO NetSupport Remote Admin Response

Similarity measure (PE file only) - Checking for service failure