See: https://www.virustotal.com/en/url/2cacd2e9248fa6e2910a8e5f79337be7c6d66321ff8517f8233058522e5326f4/analysis/1379358983/
and
https://www.virustotal.com/en/file/b0c0671584ff6c85df7dabe9928e9c15ba4a705d5b4fb75cf9cf4c6f59cb1c7a/analysis/1379341235/
Misused server?
IDS alerted here: http://urlquery.net/report.php?id=5445387
119 domains on same IP: http://support.clean-mx.de/clean-mx/viruses
Non-detected here: http://app.webinspector.com/public/reports/17145490
and see: http://processchecker.com/file/RootBlade3.exe.html

polonus

http://sitecheck.sucuri.net/results/zteblade3.com

this file It looks clean

Hi jefferson santiag,

It is not that straight forward an answer: http://blog.inliniac.net/2011/11/29/file-extraction-in-suricata/
and this message link from Kyle Creyts: https://lists.openinfosecfoundation.org/pipermail/oisf-users/2012-March/001429.html
The application used on the website has many vulnerabilities to be abused: http://seclists.org/fulldisclosure/2012/May/94
So establishiong the true nature of the content-type: application/x-msdownload is not that easy,
site may now be clean but certainly had issues in the past or may still have,

polonus