Report - gsmclassic.com/download/tools/samfirm/SamFirms+FRP+Tool+2.7.1.zip

Report Overview

Visited public
2025-01-18 15:40:02
Tags
Submit Tags
URL
gsmclassic.com/download/tools/samfirm/SamFirms+FRP+Tool+2.7.1.zip
Finishing URL
about:privatebrowsing
IP / ASN
104.21.62.136
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gsmclassic.com	336231	2021-07-04	2021-07-04	2025-01-13	519 B	14 MB	172.67.136.47

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
gsmclassic.com/download/tools/samfirm/SamFirms+FRP+Tool+2.7.1.zip
IP
172.67.136.47
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
14 MB (13469084 bytes)
Hash
f6d231163bfb5891b934376f87f1db2e
b30c89588a77e370ef2bf5d621a3953be9abf434
95f12837d4b823e565b533115c84bf158bc3d13022cb691bb30e077856d08160

Archive (36)

Filename

Md5

File type

7za.exe

2e3309647ce678ca313fe3825a57ccb9

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

7zax64.exe

81fcdc5ba90fb5f6fca1d123cbe8c0d8

PE32+ executable (console) x86-64, for MS Windows, 5 sections

adb.exe

58098ebe7867b0accbbcec74792d8cdf

PE32 executable (console) Intel 80386, for MS Windows, 7 sections

AdbWinApi.dll

ed5a809dc0024d83cbab4fb9933d598d

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

AdbWinUsbApi.dll

0e24119daf1909e398fa1850b6112077

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

cyggcc_s-1.dll

d6c813d4571c2957ba9e5bc652f80966

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 10 sections

cygusb-1.0.dll

db1ea9f7283b51edb4414d123003b5f5

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 11 sections

cygwin1.dll

26dc9423dabf300185c57fc9aee36a38

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 13 sections

linux-adk.exe

1c08bd098ca2da6b5c8bd0fd3bf8d37a

PE32 executable (console) Intel 80386, for MS Windows, 15 sections

d.exe

16c15504e09238d54b3de2ad016db5f2

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

libusb-1.0_x86.dll

3935ec3158d0e488da1929b77edd1633

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

libusb0.dll

f6a47e2a46c778b7ab915dfadf2c6e06

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

libusb0.sys

c7d21310ea0a644aa6394de1e46e3d31

PE32+ executable (native) x86-64, for MS Windows, 7 sections

libusb0_x86.dll

8574627d4a5415c36176bf4ab9058183

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

libusbK.dll

97470a3e5505f6fdec57fa1e4126052e

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

libusbK.sys

ada2d34031c8981d8a31089733ebff0d

PE32+ executable (native) x86-64, for MS Windows, 7 sections

libusbK_x86.dll

3935ec3158d0e488da1929b77edd1633

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

WdfCoInstaller01009.dll

4da5da193e0e4f86f6f8fd43ef25329a

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

winusbcoinstaller2.dll

246900ce6474718730ecd4f873234cf5

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

install_x64.exe

70d0952dd1ea25b26f6c22570efd1576

PE32+ executable (console) x86-64, for MS Windows, 7 sections

install_x86.exe

4f8370912c09da1119e822d294ac74b6

PE32 executable (console) Intel 80386, for MS Windows, 6 sections

SAMSUNG_Android.cat

c2d76f7be6872f7eb5f3e8a6b6722589

DER Encoded PKCS#7 Signed Data

SAMSUNG_Android.inf

9545e0c0d709c0a8c026e0b622b63134

Unicode text, UTF-16, little-endian text, with CRLF line terminators

libusb0.dll

8574627d4a5415c36176bf4ab9058183

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

libusb0.sys

b716d4d759663bc4174fd0a379da8e50

PE32 executable (native) Intel 80386, for MS Windows, 6 sections

libusb0_x86.dll

f498d8337f2d393232b7140dc287f5ff

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

libusbK.dll

3935ec3158d0e488da1929b77edd1633

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

libusbK.sys

3081c6c34049d16d519b3b23776312e3

PE32 executable (native) Intel 80386, for MS Windows, 6 sections

WdfCoInstaller01009.dll

a9970042be512c7981b36e689c5f3f9f

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

winusbcoinstaller2.dll

8e7b9f81e8823fee2d82f7de3a44300b

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

FacRst.apk

11bb9ced2c96362f96fc043f3c5cff79

Android package (APK), with AndroidManifest.xml Zip archive data, at least v2.0 to extract, compression method=deflate

fix.tar

d41d8cd98f00b204e9800998ecf8427e

frp.bin

e4276f6d395264b80b73d91ea4ae7f3f

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (GNU/Linux)

L.apk

12cc147a0fc426b193d0c349e8f8b481

Android package (APK), with AndroidManifest.xml Zip archive data, at least v2.0 to extract, compression method=deflate

SamFirms Tool.exe

d491bf246779f35310effe4f65e54bf7

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Samsung USB Driver.url

411c3fa4277439319027d9c35d390bc9

MS Windows 95 Internet shortcut text (URL=<https://gsmclassic.com/samsung-usb-driver/>), ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 1/35

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET gsmclassic.com/download/tools/samfirm/SamFirms+FRP+Tool+2.7.1.zip

172.67.136.47

200 OK

14 MB

URL User Request GET HTTP/2
gsmclassic.com/download/tools/samfirm/SamFirms+FRP+Tool+2.7.1.zip
IP
172.67.136.47:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectgsmclassic.com
Fingerprint4E:D5:1D:AF:23:17:AA:73:2C:95:68:D4:42:E7:92:F0:BD:BA:F0:7F
ValidityFri, 17 Jan 2025 01:46:47 GMT - Thu, 17 Apr 2025 02:39:55 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
14 MB (13469084 bytes)
Hash
f6d231163bfb5891b934376f87f1db2e
b30c89588a77e370ef2bf5d621a3953be9abf434
95f12837d4b823e565b533115c84bf158bc3d13022cb691bb30e077856d08160

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/35

HTTP Headers

GET /download/tools/samfirm/SamFirms+FRP+Tool+2.7.1.zip HTTP/1.1
Host: gsmclassic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 18 Jan 2025 15:39:27 GMT
content-type: application/zip
content-length: 13469084
etag: "cd859c-674adb87-562352;;;"
last-modified: Sat, 30 Nov 2024 09:31:51 GMT
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mO0Ipc9P7bWXFJwB5rmMevJCHhlhlhAM1FAA0Xg6aa1eZWrGs1WhSWVoJf88EJ12Dwy%2FAIjWmMnqLghfIZkkTne6B4vzMWcR2xGr5lZBaVjSH4EMBoJZLyDZv4hGx%2Blcow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 903fad819855b4ed-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=7629&min_rtt=571&rtt_var=11913&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3280&recv_bytes=1281&delivery_rate=2535901&cwnd=254&unsent_bytes=0&cid=1380c858ce0679ac&ts=1139&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (36)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers