URLhaus Database

You are currently viewing the URLhaus database entry for http://sylvaclouds.eu/uzmod03/uzmod03.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:330450
URL: http://sylvaclouds.eu/uzmod03/uzmod03.exe
URL Status:Offline
Host: sylvaclouds.eu
Date added:2020-03-26 16:16:18 UTC
Last online:2020-04-02 13:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Blocked
Cloudflare :Blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: shotgunner101
Abuse complaint sent (?): Yes (2020-03-26 16:18:03 UTC to eig-abuse{at}endurance[dot]com)
Takedown time:6 days, 20 hours, 44 minutes Bad (down since 2020-04-02 13:02:51 UTC)
Tags:exe Formbook link payload stage2

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-03-31n/aexe 7f215acd5afa9a8a6996e6bd0cf1232a3b1d496b43a742557baf173873078689Virustotal results 32.88% 
2020-03-30n/aexe 25332c42e2c0f04cd54bc45cafecdea965580892cdfddecd3ba430bd376486fbn/a 
2020-03-30n/aexe 25332c42e2c0f04cd54bc45cafecdea965580892cdfddecd3ba430bd376486fbn/a 
2020-03-30n/aexe 97b1ac03b8a2bd094bd3f69252a75ffc6b49cdf77be1264509e6d27c8653d9d7n/a 
2020-03-26n/aexe eb3e94888d5e945faf0b570acc1b2a4652f1b92940e8ac1cd62ff756d39aa1a0n/aFormBook
2020-03-26n/aexe 963f30c948b2665ec147154fefe3102bda2072999210a646efedbbb1fc6335efVirustotal results 45.83%