URLhaus Database

You are currently viewing the URLhaus database entry for http://103.167.92.21/ProgramFile/.wininit.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2045141
URL:	http://103.167.92.21/ProgramFile/.wininit.exe
URL Status:	Offline
Host:	103.167.92.21
Date added:	2022-02-16 09:20:06 UTC
Last online:	2022-02-23 06:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2022-02-17 17:11:39 UTC to hm-changed{at}vnnic[dot]vn)
Takedown time:	5 days, 13 hours, 40 minutes (down since 2022-02-23 06:52:14 UTC)
Tags:	exe Loki opendir

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2022-02-20	n/a	exe	202b1ecd1c331be4b90e20c22e219ab05cdf07795d221a79cdf583aae1458326	n/a	Loki
2022-02-18	n/a	exe	ffe823abb3c806772c54f94db204bbb85891f2b4ec638fea125f17bd11ccec16	n/a	Loki
2022-02-18	n/a	exe	8e5deff48aade01bd88316b0ab63aea8ace103e876ab762100aa2104fe144d63	n/a	Loki
2022-02-17	n/a	exe	5aa086a62fca673bf6db0c029ca7dbe0126f1c286a6cee61fe74bc6db590a7e3	n/a	Loki
2022-02-17	n/a	exe	58540b0c7fa89e78f3a5c8f47beda3c43dd1a960ecd732ebc5ec203711d812ce	n/a	Loki
2022-02-16	n/a	exe	acfc080f5af723cf8d3fb03a0dc7d73ef4ea51248a09ff35b06fe93c5d800019	42.86%	Loki