Discord_zapret_with_voice_update_2.zip?ex=670c1a18&is=670ac898&hm=a45460a10d9d539c0ceb5241aa8e20f94b70c58e3988c1feb4031d234024eeec&
First submission 2024-10-13 20:14:02
File details
| File type: | Zip archive data, at least v1.0 to extract |
| Mime type: | application/zip |
| File size: | 1388.14 KB (1421455 bytes) |
| MD5: | 18f0d6604e75324246f91cc8d0a8d011 |
| SHA1: | 30f2a96912947d2f9798e6045b804793e15413ee |
| SHA256: | f6c7f52c05982a7f9dc37b67e303efe58bc4c3cb6cbed27e0906711b0df27c81 |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
OSINT Enrichments
| Virus Total: | 3/77 VT report date: 2024-10-13 20:03:56 |
| Threat Type 1 | windivert |
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXps://cdn.discordapp.com/attachments/862343599593357314/1294737858065596498/Discord_zapret_with_voice_update_2.zip?ex=670c1a18&is=670ac898&hm=a45460a10d9d539c0ceb5241aa8e20f94b70c58e3988c1feb4031d234024eeec&  |
cdn.discordapp.com |
2024-10-13 20:14:02 |
Strings analysis - File found
| Binary |
| bin/tls_clienthello_www_google_com.bin |
| bin/quic_initial_www_google_com.bin |
| Text |
| list-youtube.txt |
| list-discord.txt |
| Library |
| cygwin1.dll |
| OLEAUT32.dll |
| ntdll.dll |
| ADVAPI32.dll |
| bin/WinDivert.dll |
| ole32.dll |
| KERNEL32.dll |
| bin/cygwin1.dll |
| WinDivert.dll |
| hal.dll |
| wlanapi.dll |
Strings analysis - Possible IPs found 6
| 169.254.255.255 |
| 127.255.255.255 |
| 127.0.0.1 |
| 192.168.255.255 |
| 172.31.255.255 |
| 10.255.255.255 |
Strings analysis - Possible URLs found 33
| http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 |
| http:// |
| http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0% |
| https://github.com/bol-van/zapret |
| http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# |
| https://howdyho.net |
| https://github.com/bol-van/zapret-win-bundlePK |
| http://ocsp.sectigo.com0H |
| https://t.me/official_xochat |
| http://crl.comodo.net/AAACertificateServices.crl0 |
| https://reqrypt.org/windivert.html |
| https://H9D$0u |
| http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0# |
| http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0 |
| http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# |
| http://ocsp.comodoca.com0 |
| https://sectigo.com/CPS0 |
| http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v |
| https://www.microsoft.com/en-us/windows |
| http://www.microsoft.com/pkiops/Docs/Repository.htm0 |
| http://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202014.crl0 |
| http://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202014.crt0 |
| https://github.com/bol-van/zapret-win-bundle |
| http://ocsp.usertrust.com0 |
| http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt0 |
| http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0 |
| http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z |
| http://ocsp.sectigo.com0 |
| http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t |
| http://crl.comodoca.com/AAACertificateServices.crl06 |
| http://crl.comodoca.com/AAACertificateServices.crl04 |
| https:// |
| http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl0l |