URLhaus Database

You are currently viewing the URLhaus database entry for http://85.209.11.204/api/files/software/s5.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2728027
URL:	http://85.209.11.204/api/files/software/s5.exe
URL Status:	Offline
Host:	85.209.11.204
Date added:	2023-11-05 19:17:10 UTC
Last online:	2024-01-22 07:XX:XX UTC
Threat:	Malware download
Reporter:	zbetcheckin
Abuse complaint sent (?):	Yes (2023-11-05 19:18:07 UTC to abuse{at}changway[dot]hk)
Takedown time:	2 months, 17 days, 12 hours, 9 minutes (down since 2024-01-22 07:27:54 UTC)
Tags:	32 Amadey exe gcleaner

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-11-09	n/a	exe	654a855dd88cbd6f1ef23e4c2bb2aadd4eff4f7faa97c9b8a5641525b7dd3128	n/a	OnlyLogger
2023-11-09	n/a	exe	a15d5f6ce3181574e73196dfb63eae98688e1f2d8946a0fce1513703d5a78b26	41.67%	GCleaner
2023-11-09	n/a	exe	43ade4ab5d5109846c6bc6dbe0c18839be832c15dcd9e9af09fe25e24023d417	n/a	OnlyLogger
2023-11-09	n/a	exe	783b4f927f6d2f17b24b74f3f6bc4dd456a7139f3b40021c5209f3dbd7d226dd	n/a	OnlyLogger
2023-11-09	n/a	exe	10b1c07cdb1fcf27d73392369141b77671472db7494b7234314c3db3a7a10a79	n/a	OnlyLogger
2023-11-09	n/a	exe	5b921064515dd6c58be1c126e4d6c66636b9f062b7d09797db7d90d016e3b7e1	n/a	OnlyLogger
2023-11-09	n/a	exe	e356c60ae2982ac2153ec396a30dacdf3cc18f8768f7af770058ce6e687a58f7	n/a	OnlyLogger
2023-11-09	n/a	exe	1334738a9dfb2c03f9187565d8184f2edbc5e38828616fa4e51fc3b7fcc13967	n/a	Amadey
2023-11-08	n/a	exe	61e2c0eb8b87b2cff74eeb9d9ad3c8a91e792b3618d9bd57f96232b70337b7fb	42.86%	GCleaner
2023-11-08	n/a	exe	6ad08772fe24c8e8252c89d137b287f1a5d715ad8aa8ca874060bc50c805fca6	n/a	OnlyLogger
2023-11-08	n/a	exe	26a1b055423bd5b2a7c53cfc9c0c89edae097470cc31af7fdebeec1ef5900061	n/a	OnlyLogger
2023-11-08	n/a	exe	ff5aeb5103313d392845609efc82ffda2f0253f8606e1ba98ffc1b0e4d7f916e	n/a	OnlyLogger
2023-11-08	n/a	exe	0dfd3ccc21caf71d4d43b6bbb7d88ef337d7470b2ca87f6dc4f224cec549e285	n/a	OnlyLogger
2023-11-08	n/a	exe	0c466ace1a70c223d25ebf65e87cb2167e8552b164361c4726012918df14d8e1	n/a	OnlyLogger
2023-11-05	n/a	exe	7d22a507a20ecd7b99cbc2688a29770874f407ca0276e08621fc4a969820cfce	44.44%	OnlyLogger