URLhaus Database

You are currently viewing the URLhaus database entry for http://aidasign.de/QLh0/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:2964
URL:http://aidasign.de/QLh0/
URL Status:Offline
Host:aidasign.de
Date added:2018-04-05 17:13:16 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@JAMESWT_MHT
Abuse complaint sent (?):No
Tags:emotet

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-04-118281.exeexe052e0c68d31fff49ba327afe8525e01a77f049f0f80efb90d92e693ca253b4efVirustotal results 48 / 68 (70.59)Heodo
2018-04-078281.exeexe052e0c68d31fff49ba327afe8525e01a77f049f0f80efb90d92e693ca253b4efVirustotal results 26 / 67 (38.81)Heodo
2018-04-0612809.exeexef56eb65ecf74010886fea5537a789a50e185ba78eb647d2f5c5ce9f417f0278fVirustotal results 13 / 67 (19.40)Heodo
2018-04-066378.exeexe2961c1675a7923efa753427cb6a38069df3ab2239383d6edd8726e42a0837932n/aHeodo
2018-04-067183.exeexedd19e544ce60070bd6f17d9e895809b31df3514cae50017d4c780c7eca4df06cVirustotal results 12 / 67 (17.91)Heodo
2018-04-0613286.exeexe1696862ba3df3b5f79d3bb8c1e4a237c9bf788cef705583b2d2f9136cdeb2b32Virustotal results 10 / 66 (15.15)Heodo
2018-04-059220.exeexec5d9e95da0775f89abb4818c372f0ba1b85381e40b03f7c87e916c3d9976caf9Virustotal results 14 / 67 (20.90)Heodo
2018-04-0516705.exeexe86e95c669de733d27aa9b1978fdac08e50e4aed27accd91f39f99b0d81f4ce45Virustotal results 14 / 67 (20.90)Heodo
2018-04-0553260.exeexe84e70b81100d647fb56e7a0c23e54f05a22c4e34de663158f1bb3139c5d53294Virustotal results 13 / 66 (19.70)