URLhaus Database

You are currently viewing the URLhaus database entry for http://103.170.254.249/document/.wininit.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	1639055
URL:	http://103.170.254.249/document/.wininit.exe
URL Status:	Offline
Host:	103.170.254.249
Date added:	2021-09-22 06:02:03 UTC
Last online:	2021-10-12 03:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2021-09-22 06:03:03 UTC to hm-changed{at}vnnic[dot]vn)
Takedown time:	19 days, 21 hours, 30 minutes (down since 2021-10-12 03:33:42 UTC)
Tags:	exe Loki opendir Quakbot

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2021-10-12	n/a	exe	c1d9b04bca7264c76a2eae6357f6a2fc931237f374db992a926db9dd714b85c5	n/a	Loki
2021-10-11	n/a	exe	b65b34a54593add5ada0cc781f370a27c19af92ff0f2621b1539efd90a001cde	31.34%	Loki
2021-10-04	n/a	exe	736330aaa3a4683d3cc866153510763351a60062a236d22b12f4fe0f10853582	4.41%	Quakbot
2021-09-22	n/a	exe	6f81e9018b78b81e1c993dd58fd1024c771c50da29fa60f0736ec5824fcbfc08	n/a	Loki
2021-09-22	n/a	exe	135ecfd293ccd2b23f29fe2caa223df6d827ec6a11669608361e61ccee2b99e9	30.88%	Loki
2021-09-22	n/a	exe	9ee2d9fa81f867c19beae4747b32d276f5b09e325759babb78f39336f5ae23a7	36.92%	Loki