URLhaus Database

You are currently viewing the URLhaus database entry for http://178.16.55.189/files/6331503294/Gdh7tSv.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3611357
URL: http://178.16.55.189/files/6331503294/Gdh7tSv.exe
URL Status:Offline
Host: 178.16.55.189
Date added:2025-08-25 14:15:10 UTC
Last online:2025-08-29 02:XX:XX UTC
Threat:Malware download Malware download
Reporter: c2hunter
Abuse complaint sent (?): Yes (2025-08-25 14:16:14 UTC to abuse{at}metaspinner[dot]net,info{at}metaspinner[dot]net)
Takedown time:3 days, 11 hours, 48 minutes Bad (down since 2025-08-29 02:04:28 UTC)
Tags:c2-monitor-auto dropped-by-amadey

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-08-27Gdh7tSv.exeexe a886e2fe5c499cb9209e146c3c1276910f1a2b3c98a272f85bf1c33a6846bf75Virustotal results 37.50% 
2025-08-27Gdh7tSv.exeexe a83fcdde75b15a3024ef8e3bc88102bf5e0974bc32a1d0d0091be88cc84659beVirustotal results 43.75%
2025-08-27Gdh7tSv.exeexe ec19b63b0e069cb5c1a596c987c501ec849b854cfe10ebc1949ef8e94032e49cn/a
2025-08-26Gdh7tSv.exeexe 7f40916415945ac51aaa8b78891050032e30e08a55505cd478dc0cc8c9dfad2dn/a
2025-08-26Gdh7tSv.exeexe 63a2eb0a1cf874aea256c4cd00754860c418a4844db30cab6d51beef395a22f2n/a
2025-08-25Gdh7tSv.exeexe a069e0bea241b2e202ac7d3c4f14c0de1022f71a077ca0f07d8796952711a125Virustotal results 45.07%
2025-08-25Gdh7tSv.exeexe 5d0ce28c3edbdd680bbbcdc5a7ffee02e9b52abc117a6f01f901843e21907446Virustotal results 16.67%