URLhaus Database

You are currently viewing the URLhaus database entry for http://visam.info/update_vbase/VOKLIGHT.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:1364815
URL: http://visam.info/update_vbase/VOKLIGHT.exe
URL Status:flame Online (spreading malware for 5 years, 0 months, 8 days, 3 hours, 2 minutes)
Host: visam.info
Date added:2021-06-14 11:04:06 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (malware)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Blocked
Cloudflare :Blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Not blocked
Reporter: zbetcheckin
Abuse complaint sent (?): Yes (2021-10-08 06:41:40 UTC to abuse{at}oneandone[dot]net)
Tags:32 exe RedLineStealer link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-03-25VOKLIGHT.exeexe 7ac04efc79e4db1a0363e3fdf7de933f23077b52c70f7d3f5ef8986c60391009n/a 
2025-04-30VOKLIGHT.exeexe 23af26bf42f28b75211c8d423d87c17e66e3c6517b8277381a3d114d520a0e35n/a 
2022-03-31n/aexe eedc351dc950fc4330da4f64dbc3005e96e692a86f20df79421adfa5cacd29f0n/a
2022-03-29n/aexe 39d358dbd10e46f9f16a4df0ff75ba181c1a111ef25f26fad631e1681b5321ecn/a 
2022-03-27n/aexe 307efac9beb7bf9e2e6f6cee019143c12b536969aa25a4cb3f46a0a14dbb3240n/a
2022-03-21n/aexe 646c6e6f4880caa931892f6aa4c1a4ae7067adb1944a4918dee9672f65225512n/a 
2022-03-11n/aexe 0d1ffbdb141fc8e67945ad6afcf1adae0e5fc84d4686931558b8e2e847f942b8n/a 
2021-09-29n/aexe a9c16d705760f6907ab1e39fb0d2e809fed1b72ec45b1224f4a562af732d3209n/a RedLineStealer
2021-06-14n/aexe 648071554a71aeab1671abf122cdd67da6f356853ae322534394de276b10034dVirustotal results 18.84%