URLhaus Database

You are currently viewing the URLhaus database entry for http://103.89.90.94/http/wininit.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	1390690
URL:	http://103.89.90.94/http/wininit.exe
URL Status:	Offline
Host:	103.89.90.94
Date added:	2021-06-23 07:25:07 UTC
Last online:	2021-06-27 12:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2021-06-23 07:26:04 UTC to abuse{at}vnn[dot]vn,abuse{at}vdc[dot]com[dot]vn)
Takedown time:	4 days, 5 hours, 15 minutes (down since 2021-06-27 12:41:10 UTC)
Tags:	exe Loki opendir

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2021-06-24	n/a	exe	153a5dd3cfb6e0c3839a2b3520d94134cc00a919c589ed7ad18589a10839cc1a	n/a	Loki
2021-06-24	n/a	exe	1ddaaee76ba8c071f2eceb430832b6c8ed07a5c0822ece54bd8927183dd29db8	n/a	Loki
2021-06-23	n/a	exe	5d6b7ef677711fc8e227f7c37c2e13a696fe34a4c2982f9a3d194e453eb33130	n/a	Loki
2021-06-23	n/a	exe	45ce5d0d1198fd183287729fd73b38c417180d9972d95c21dceecdf2990f6b51	n/a	Loki
2021-06-23	n/a	exe	b4727bde0f4df5ec4527cb9918d1271bc133dee24d0623576f771b7d0bae75f3	38.81%	Loki