URLhaus Database

You are currently viewing the URLhaus database entry for http://wuhanwangzhan.com/wp-content/LWfMxhb/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:431183
URL: http://wuhanwangzhan.com/wp-content/LWfMxhb/
URL Status:Offline
Host: wuhanwangzhan.com
Date added:2020-08-12 17:59:38 UTC
Last online:2020-08-14 07:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-08-12 18:00:03 UTC to abuse{at}tencent[dot]com,abuse{at}qq[dot]com,jsquare{at}tencent[dot]com,dreamsruan{at}tencent[dot]com)
Takedown time:1 day, 13 hours, 30 minutes Poor (down since 2020-08-14 07:31:02 UTC)
Tags:doc emotet link epoch3 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-08-13INVOICE_JGL580_60700426.docdoc 066ae0c03098389610d4a932ce3ce1e8f92ef4be6e00cd97e1c4647cb6dc606bVirustotal results 36.67%Heodo
2020-08-13Invoice-7976-236400.docdoc 5afd28f4c27929a5271720ade77b26422b7596600473f76d9aca778869203bacVirustotal results 36.21%Heodo
2020-08-13Invoice O92 899139079.docdoc 5068ac1fc3ea1af3eb637bed169df3a72f14ab7db56ff2996f718fbe8c05642eVirustotal results 36.67%Heodo
2020-08-13invoice_PNRM9_166132.docdoc 3423e50e3ca9d294abb9a295ac2ca4d7c44b5ff0e9642bf553ac9b6a5f44968aVirustotal results 35.59%Heodo
2020-08-13invoice-KFGU3-432391895.docdoc 894dfe7d84439530c0f7bdca76e92f6d9ff10fe2121e0ff8decfea3153f5e91fVirustotal results 35.00%Heodo
2020-08-13Inv 24 89426962.docdoc 775c7f80738784b0ea5e971bb618159e93970f0eeef8b80612dde5e1d76c953fVirustotal results 35.00%Heodo
2020-08-13INVOICE 7 633881.docdoc 9cf677f5a27b277fc9af936f45fa6f2d17dae6d17d01ac701bb52a6b8aa6cce0Virustotal results 32.20%Heodo
2020-08-13Invoice_YWO0_693045192.docdoc bbb9fe86aa40ba295e0be4880de0abbfa638f492114049528e83d17b67a1dceaVirustotal results 30.00%Heodo
2020-08-13INVOICE_7_50819469.docdoc e72282cf5896d2a6649446f6023b34c7d71ba08f5be3bb0def9185fa742c3deaVirustotal results 30.00%Heodo
2020-08-13INVOICE-285-55851265.docdoc a9daa1f1f97ea5d02fc81e34cbab89ca25f94540d2fb3506f7339f3398470d67Virustotal results 29.51%Heodo
2020-08-13INVOICE-R153-954814.docdoc 76149a3b59fe79492a16a9a3d94dc59e1759885a245cbb685d06de9a95f7278eVirustotal results 28.33%Heodo
2020-08-13Invoice_K619_680895.docdoc 592c4295c63e8c69b37668969da2d1a8514b387ad715eac7fcf7307b51a50a9bVirustotal results 27.12%Heodo
2020-08-13Inv 7 73420491.docdoc bd24e35406ae73f24ce2429c9c4f8b1badc523308a416c6125179767a924e4d3Virustotal results 28.33%Heodo
2020-08-13InvoiceOPOD999528429644.docdoc 1891c9a4d06b02d38d12e504d36af168594a2c9a5dad8ee47996b3fd99f15eebVirustotal results 26.67%Heodo
2020-08-13Invoice-4-994461.docdoc eeb469414b6509fdd0d204f306b29d55021e2de94608991794b5f59c2add1e07Virustotal results 26.67%Heodo
2020-08-13INVOICE-G505-32069290.docdoc 3a957d2e54e658d116c346dcaf0dab5ecaec5e60bf7125b32087746f27cbe35fVirustotal results 26.67%Heodo
2020-08-13invoice-ZX02-319055.docdoc d2584fd2e544991631e3c8f07453890b81a8e23495198724c174919c97d71467Virustotal results 25.00%Heodo
2020-08-13Inv-XRWS855-2814670.docdoc ff88b58cda20861bb4defc057fd5c5b094705648918b08fcb53f7433a53ff7e2Virustotal results 24.59%Heodo
2020-08-13Invoice_IHR6747_493860.docdoc 76a79a0edb93d710fc0f9d59b652733a7129a013946cd18a7965bf14abc634faVirustotal results 25.00%Heodo
2020-08-13invoice_RT7_192298815.docdoc d9d595a78d3bf3bab0e65cd5eb3a71ba4bb95ed7850e84862d01930ceefd1c35Virustotal results 26.67%Heodo
2020-08-13Inv-LTQ9889-518611.docdoc a9db211b5c0ed36501a165bda0a9c6a4f673bcb350aa5f5b7bfb4a9910f883c0Virustotal results 25.00%Heodo
2020-08-13INVOICE-MIF1-7127737.docdoc 0553f64c1a7a5f3d7557daaa77aed2454e5e90916689b9e21aff045e600109a1Virustotal results 26.67%Heodo
2020-08-13InvPIZZ78295403344.docdoc ef4bd4002ad40e14d4be0e1b65b772318b986c643bf1704805b738350cdf8747Virustotal results 25.00%Heodo
2020-08-13INVOICE-PYZH113-3971613.docdoc 0cab070d00fe082504fdc13ea0398dee0f4dd71f4d3b296c8de086abde57a87dVirustotal results 25.00%Heodo
2020-08-13INVOICEGMV1257285805.docdoc b6e322f9859749fc8f883d8e46bd164f9b3b406ab9978f5c1daa1ad43325d492Virustotal results 27.12%Heodo
2020-08-13INVOICE-B2-7967313.docdoc 701f6714acc1e2c42435c5ca1c3c5919ec11dcaaebe5791bbea60eab5c8327c5n/aHeodo
2020-08-13INVOICE_BW43_97828288.docdoc 10531f315432369a9c0706bc00ac1405445316044a9ec07b03de6606a6a9f9fbVirustotal results 55.00%Heodo
2020-08-13Inv MJFC4324 675546839.docdoc 3d1521d09be3ee5bbbc9968469250a27e97da18cb8dc7ec8bd9d211bdb683830Virustotal results 53.33%Heodo
2020-08-13INVOICE-XXFW8536-56890229.docdoc 17b6049e45eaf5263f576de1799a8b8ccd0164f7e1241cf72738d56e8793458aVirustotal results 53.33%Heodo
2020-08-13invoice G696 01672304.docdoc 015990746f332cc1ad898d46ef3de53f4ffc95d723ccd19bea5fc12b95f86b47Virustotal results 54.24%Heodo
2020-08-13INVOICE-DQQN8-725292067.docdoc 0495bca380a254ece562e62ab7bbc19cf91051ccf0ce1f56a85b0d80adc7ef27Virustotal results 54.24%Heodo
2020-08-13INVOICE-549-604509.docdoc e26bbe184e43c8251aee307aa6d392971f7facdda4ce50f9733a966dc7905ff2n/aHeodo
2020-08-12invoice GZG7 8382982.docdoc f0c882d52064e9965202bcad61de9663457c9564ab432b3a009de74238d21346Virustotal results 50.00%Heodo
2020-08-12Invoice 2144 74239275.docdoc e412c6a1097b6fdf1492ad40805d0bbb1df005f870085f3fcb57d30552974cdbVirustotal results 48.33%Heodo
2020-08-12invoice-9-2098418.docdoc 92dfce0e83a09bacf5d1ce00c4ef5c7bd7c35bbb27742bc01060cb96511f8156Virustotal results 49.15%Heodo
2020-08-12Invoice-IDMT61-83095063.docdoc 27f5a6d1c03ee22b1c20250a5cf13fc46584715e452dc107d3f7263371a96809Virustotal results 48.33%Heodo
2020-08-12invoice KYSI4241 27508371.docdoc bb323d30961f8a99384ce2c530e33ec24e0c753db29d1aa629e8bc91ae0c1201Virustotal results 49.15%Heodo
2020-08-12invoice MJI60 118474.docdoc d9ec148861bca868b82455ef1a50c34c46fd0e3ad7f337803a67c5eb67fd8469Virustotal results 49.18%Heodo
2020-08-12Invoice M1 360931557.docdoc ff563f0125c05e1a24c111ca5306fc7394a4a705167d272704bb0c2067a96b4fn/aHeodo
2020-08-12INVOICE-D2740-827669821.docdoc d1ce5170f24fdb09f187ca0e3e0f6e689fa2c73fc6953ff18ecc123bb8eed49cVirustotal results 50.00%Heodo
2020-08-12Inv_25_0943144.docdoc bbf084bcd83d08a6693798f851e3af34cc7c303afb235c8c25fe237ec00315cbVirustotal results 48.33%Heodo
2020-08-12invoiceDMR2807268.docdoc ca9fe1cffea8d057b906d925c71eedaa638e559cddec2d200ed2ff3cf09ef67dn/aHeodo
2020-08-12Inv_ZF0_85580577.docdoc 1bf7159812124e19faf31cbed4b558aa9fa78b5f1a0562cad0dac81865d03094Virustotal results 43.10%Heodo
2020-08-12INVOICE-0-1629253.docdoc b4c5fd6b2d2c1d6a9289361ec0706a72e71591e8db2094746fce1405d005496dVirustotal results 41.67%Heodo