Report - gsmclassic.com/download/tools/samfirm/SamFirms+FRP+Tool+2.7.1.zip

Report Overview

Visitedpublic

2025-01-18 15:40:02

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
gsmclassic.com	336231	2021-07-04	2021-07-04	2025-01-13	519 B	14 MB	172.67.136.47

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

gsmclassic.com/download/tools/samfirm/SamFirms+FRP+Tool+2.7.1.zip

IP / ASN

172.67.136.47

#13335 CLOUDFLARENET

File Overview

File TypeZip archive data, at least v1.0 to extract, compression method=store

Size14 MB (13469084 bytes)

MD5f6d231163bfb5891b934376f87f1db2e

SHA1b30c89588a77e370ef2bf5d621a3953be9abf434

SHA25695f12837d4b823e565b533115c84bf158bc3d13022cb691bb30e077856d08160

Archive (36)

Modified	Filename	Size	MD5	File type
2022-06-12 00:36	7za.exe	692 kB	2e3309647ce678ca313fe3825a57ccb9	PE32 executable (console) Intel 80386, for MS Windows, 5 sections
2022-06-12 00:36	7zax64.exe	1.1 MB	81fcdc5ba90fb5f6fca1d123cbe8c0d8	PE32+ executable (console) x86-64, for MS Windows, 5 sections
2022-04-30 10:39	adb.exe	6.0 MB	58098ebe7867b0accbbcec74792d8cdf	PE32 executable (console) Intel 80386, for MS Windows, 7 sections
2022-04-30 10:39	AdbWinApi.dll	98 kB	ed5a809dc0024d83cbab4fb9933d598d	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections
2022-04-30 10:39	AdbWinUsbApi.dll	63 kB	0e24119daf1909e398fa1850b6112077	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections
2022-05-25 13:15	cyggcc_s-1.dll	112 kB	d6c813d4571c2957ba9e5bc652f80966	PE32 executable (DLL) (console) Intel 80386, for MS Windows, 10 sections
2022-05-25 13:15	cygusb-1.0.dll	142 kB	db1ea9f7283b51edb4414d123003b5f5	PE32 executable (DLL) (console) Intel 80386, for MS Windows, 11 sections
2022-05-25 13:15	cygwin1.dll	3.3 MB	26dc9423dabf300185c57fc9aee36a38	PE32 executable (DLL) (console) Intel 80386, for MS Windows, 13 sections
2022-05-25 13:15	linux-adk.exe	262 kB	1c08bd098ca2da6b5c8bd0fd3bf8d37a	PE32 executable (console) Intel 80386, for MS Windows, 15 sections
2022-06-04 16:25	d.exe	686 kB	16c15504e09238d54b3de2ad016db5f2	PE32 executable (console) Intel 80386, for MS Windows, 5 sections
2022-05-25 13:15	libusb-1.0_x86.dll	170 kB	3935ec3158d0e488da1929b77edd1633	PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections
2022-05-25 13:15	libusb0.dll	76 kB	f6a47e2a46c778b7ab915dfadf2c6e06	PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections
2022-05-25 13:15	libusb0.sys	52 kB	c7d21310ea0a644aa6394de1e46e3d31	PE32+ executable (native) x86-64, for MS Windows, 7 sections
2022-05-25 13:15	libusb0_x86.dll	46 kB	8574627d4a5415c36176bf4ab9058183	PE32 executable (console) Intel 80386, for MS Windows, 4 sections
2022-05-25 13:15	libusbK.dll	238 kB	97470a3e5505f6fdec57fa1e4126052e	PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections
2022-05-25 13:15	libusbK.sys	47 kB	ada2d34031c8981d8a31089733ebff0d	PE32+ executable (native) x86-64, for MS Windows, 7 sections
2022-05-25 13:15	libusbK_x86.dll	170 kB	3935ec3158d0e488da1929b77edd1633	PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections
2022-05-25 13:15	WdfCoInstaller01009.dll	1.7 MB	4da5da193e0e4f86f6f8fd43ef25329a	PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections
2022-05-25 13:15	winusbcoinstaller2.dll	1.0 MB	246900ce6474718730ecd4f873234cf5	PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections
2022-05-25 13:15	install_x64.exe	802 kB	70d0952dd1ea25b26f6c22570efd1576	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2022-05-25 13:15	install_x86.exe	649 kB	4f8370912c09da1119e822d294ac74b6	PE32 executable (console) Intel 80386, for MS Windows, 6 sections
2022-05-25 13:15	SAMSUNG_Android.cat	7.4 kB	c2d76f7be6872f7eb5f3e8a6b6722589	DER Encoded PKCS#7 Signed Data
2022-05-25 13:15	SAMSUNG_Android.inf	7.9 kB	9545e0c0d709c0a8c026e0b622b63134	Unicode text, UTF-16, little-endian text, with CRLF line terminators
2022-05-25 13:15	libusb0.dll	46 kB	8574627d4a5415c36176bf4ab9058183	PE32 executable (console) Intel 80386, for MS Windows, 4 sections
2022-05-25 13:15	libusb0.sys	43 kB	b716d4d759663bc4174fd0a379da8e50	PE32 executable (native) Intel 80386, for MS Windows, 6 sections
2022-05-25 13:15	libusb0_x86.dll	68 kB	f498d8337f2d393232b7140dc287f5ff	PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections
2022-05-25 13:15	libusbK.dll	170 kB	3935ec3158d0e488da1929b77edd1633	PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections
2022-05-25 13:15	libusbK.sys	42 kB	3081c6c34049d16d519b3b23776312e3	PE32 executable (native) Intel 80386, for MS Windows, 6 sections
2022-05-25 13:15	WdfCoInstaller01009.dll	1.5 MB	a9970042be512c7981b36e689c5f3f9f	PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections
2022-05-25 13:15	winusbcoinstaller2.dll	851 kB	8e7b9f81e8823fee2d82f7de3a44300b	PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections
2022-05-25 12:25	FacRst.apk	1.6 MB	11bb9ced2c96362f96fc043f3c5cff79	Android package (APK), with AndroidManifest.xml Zip archive data, at least v2.0 to extract, compression method=deflate
2022-06-04 18:10	fix.tar	0 B	d41d8cd98f00b204e9800998ecf8427e
2022-04-30 10:39	frp.bin	11 kB	e4276f6d395264b80b73d91ea4ae7f3f	ELF 32-bit LSB shared object, ARM, EABI5 version 1 (GNU/Linux)
2022-06-04 19:50	L.apk	832 kB	12cc147a0fc426b193d0c349e8f8b481	Android package (APK), with AndroidManifest.xml Zip archive data, at least v2.0 to extract, compression method=deflate
2022-06-18 04:16	SamFirms Tool.exe	54 MB	d491bf246779f35310effe4f65e54bf7	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
2022-09-04 11:34	Samsung USB Driver.url	68 B	411c3fa4277439319027d9c35d390bc9	MS Windows 95 Internet shortcut text (URL=<https://gsmclassic.com/samsung-usb-driver/>), ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 1/35

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET gsmclassic.com/download/tools/samfirm/SamFirms+FRP+Tool+2.7.1.zip

172.67.136.47

200 OK

14 MB

URL User Request GET HTTPS

gsmclassic.com/download/tools/samfirm/SamFirms+FRP+Tool+2.7.1.zip

IP / ASN

172.67.136.47

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeZip archive data, at least v1.0 to extract, compression method=store

First Seen2024-03-06

Last Seen2025-01-18

Times Seen4

Size14 MB (13469084 bytes)

MD5f6d231163bfb5891b934376f87f1db2e

SHA1b30c89588a77e370ef2bf5d621a3953be9abf434

SHA25695f12837d4b823e565b533115c84bf158bc3d13022cb691bb30e077856d08160

Certificate Info

IssuerGoogle Trust Services

Subjectgsmclassic.com

Fingerprint4E:D5:1D:AF:23:17:AA:73:2C:95:68:D4:42:E7:92:F0:BD:BA:F0:7F

ValidityFri, 17 Jan 2025 01:46:47 GMT - Thu, 17 Apr 2025 02:39:55 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/35

HTTP Headers

GET /download/tools/samfirm/SamFirms+FRP+Tool+2.7.1.zip HTTP/1.1
Host: gsmclassic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 18 Jan 2025 15:39:27 GMT
content-type: application/zip
content-length: 13469084
etag: "cd859c-674adb87-562352;;;"
last-modified: Sat, 30 Nov 2024 09:31:51 GMT
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mO0Ipc9P7bWXFJwB5rmMevJCHhlhlhAM1FAA0Xg6aa1eZWrGs1WhSWVoJf88EJ12Dwy%2FAIjWmMnqLghfIZkkTne6B4vzMWcR2xGr5lZBaVjSH4EMBoJZLyDZv4hGx%2Blcow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 903fad819855b4ed-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=7629&min_rtt=571&rtt_var=11913&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3280&recv_bytes=1281&delivery_rate=2535901&cwnd=254&unsent_bytes=0&cid=1380c858ce0679ac&ts=1139&x=0"
X-Firefox-Spdy: h2