Report - mva1.androidfilehost.com/dl/lZXiyiEJvz497W0Avz_6JA/1715369313/14871746926876835679/SamFw_Tool

Report Overview

Submitted URL
mva1.androidfilehost.com/dl/lZXiyiEJvz497W0Avz_6JA/1715369313/14871746926876835679/SamFw_Tool_v3.31.zip
IP
51.81.56.103
ASN
#16276 OVH SAS
Submitted
2024-05-09 19:29:36
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mva1.androidfilehost.com	unknown	2011-07-27	2022-04-07	2023-07-03	557 B	12 MB	51.81.56.103

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
mva1.androidfilehost.com/dl/lZXiyiEJvz497W0Avz_6JA/1715369313/14871746926876835679/SamFw_Tool_v3.31.zip
IP
51.81.56.103
ASN
#16276 OVH SAS

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
12 MB (12129339 bytes)
Hash
88b94ed96007d78c4805e8a4d0cad481
804e592b696fce5af0801b24b987a564db30190a
6102dd6c610ab456aaf79d71d634b972d12b81084c9480e4e6ef0cf797f71bca

Archive (37)

Filename

Md5

File type

7za.exe

2e3309647ce678ca313fe3825a57ccb9

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

7zax64.exe

81fcdc5ba90fb5f6fca1d123cbe8c0d8

PE32+ executable (console) x86-64, for MS Windows, 5 sections

adb.exe

9ce50faf6c6a778a0b5d31da0475af74

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections

AdbWinApi.dll

ed5a809dc0024d83cbab4fb9933d598d

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

AdbWinUsbApi.dll

0e24119daf1909e398fa1850b6112077

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

cyggcc_s-1.dll

d6c813d4571c2957ba9e5bc652f80966

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 10 sections

cygusb-1.0.dll

db1ea9f7283b51edb4414d123003b5f5

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 11 sections

cygwin1.dll

26dc9423dabf300185c57fc9aee36a38

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 13 sections

linux-adk.exe

1c08bd098ca2da6b5c8bd0fd3bf8d37a

PE32 executable (console) Intel 80386, for MS Windows, 15 sections

d.exe

16c15504e09238d54b3de2ad016db5f2

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

libusb-1.0_x86.dll

3935ec3158d0e488da1929b77edd1633

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

libusb0.dll

f6a47e2a46c778b7ab915dfadf2c6e06

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

libusb0.sys

c7d21310ea0a644aa6394de1e46e3d31

PE32+ executable (native) x86-64, for MS Windows, 7 sections

libusb0_x86.dll

8574627d4a5415c36176bf4ab9058183

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

libusbK.dll

97470a3e5505f6fdec57fa1e4126052e

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

libusbK.sys

ada2d34031c8981d8a31089733ebff0d

PE32+ executable (native) x86-64, for MS Windows, 7 sections

libusbK_x86.dll

3935ec3158d0e488da1929b77edd1633

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

WdfCoInstaller01009.dll

4da5da193e0e4f86f6f8fd43ef25329a

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

winusbcoinstaller2.dll

246900ce6474718730ecd4f873234cf5

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

install_x64.exe

70d0952dd1ea25b26f6c22570efd1576

PE32+ executable (console) x86-64, for MS Windows, 7 sections

install_x86.exe

4f8370912c09da1119e822d294ac74b6

PE32 executable (console) Intel 80386, for MS Windows, 6 sections

SAMSUNG_Android.cat

c2d76f7be6872f7eb5f3e8a6b6722589

DER Encoded PKCS#7 Signed Data

SAMSUNG_Android.inf

9545e0c0d709c0a8c026e0b622b63134

Unicode text, UTF-16, little-endian text, with CRLF line terminators

libusb0.dll

8574627d4a5415c36176bf4ab9058183

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

libusb0.sys

b716d4d759663bc4174fd0a379da8e50

PE32 executable (native) Intel 80386, for MS Windows, 6 sections

libusb0_x86.dll

f498d8337f2d393232b7140dc287f5ff

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

libusbK.dll

3935ec3158d0e488da1929b77edd1633

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

libusbK.sys

3081c6c34049d16d519b3b23776312e3

PE32 executable (native) Intel 80386, for MS Windows, 6 sections

WdfCoInstaller01009.dll

a9970042be512c7981b36e689c5f3f9f

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

winusbcoinstaller2.dll

8e7b9f81e8823fee2d82f7de3a44300b

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

FacRst.apk

11bb9ced2c96362f96fc043f3c5cff79

Android package (APK), with AndroidManifest.xml Zip archive data, at least v2.0 to extract, compression method=deflate

fix.tar

d41d8cd98f00b204e9800998ecf8427e

frp.bin

e4276f6d395264b80b73d91ea4ae7f3f

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (GNU/Linux)

L.apk

12cc147a0fc426b193d0c349e8f8b481

Android package (APK), with AndroidManifest.xml Zip archive data, at least v2.0 to extract, compression method=deflate

SamFwFRPTool.exe

c82314720e12a99a70b7f911ba4c8642

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SamFwFRPTool.exe.config

0bdb5c2f814e27606445c4fdff22036d

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

settings.ini

89b197619519646297db192fda3c1b23

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 2/63

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

mva1.androidfilehost.com/dl/lZXiyiEJvz497W0Avz_6JA/1715369313/14871746926876835679/SamFw_Tool_v3.31.zip

51.81.56.103

200 OK

12 MB

URL User Request GET HTTP/1.1
mva1.androidfilehost.com/dl/lZXiyiEJvz497W0Avz_6JA/1715369313/14871746926876835679/SamFw_Tool_v3.31.zip
IP
51.81.56.103:443
ASN
#16276 OVH SAS

Certificate
IssuerGlobalSign nv-sa
Subject*.androidfilehost.com
FingerprintB7:31:B7:F4:D6:B1:A4:BE:AB:2A:C9:53:58:B7:BE:A1:92:1F:F9:91
ValidityMon, 01 May 2023 16:31:53 GMT - Sat, 01 Jun 2024 16:31:52 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
12 MB (12129339 bytes)
Hash
88b94ed96007d78c4805e8a4d0cad481
804e592b696fce5af0801b24b987a564db30190a
6102dd6c610ab456aaf79d71d634b972d12b81084c9480e4e6ef0cf797f71bca

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/63

HTTP Headers

GET /dl/lZXiyiEJvz497W0Avz_6JA/1715369313/14871746926876835679/SamFw_Tool_v3.31.zip HTTP/1.1
Host: mva1.androidfilehost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: nginx/1.14.0
date: Thu, 09 May 2024 19:29:02 GMT
content-type: application/zip
content-length: 12129339
last-modified: Tue, 11 Oct 2022 19:50:54 GMT
etag: "6345c91e-b9143b"
content-disposition: attachment; filename=SamFw_Tool_v3.31.zip
accept-ranges: bytes
set-cookie: 443_mVA1_androidfilehost_com_=3bee3c91ad5b2dd089efb51e4615afaefae00bbd; path=/

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (37)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers