» files_telefoontool.exe
Overview
Analysis
File Details
Downloads (12)

files_telefoontool.exe

This is a setup program which is used to install the application.

File name:

MD5:

565c17ce13e76b06fdcb2fa960b064ef

SHA-1:

41d400ca2cebb1e92bbb40628da33cf6cfd6f6d0

SHA-256:

92afb2eabde6a0c58d30b65137919bad3f1821dde319e5bb37abd6dd5c4def0a

Scanner detections:

5 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

12/26/2024 3:20:44 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Packed/FSG

7.1.1

IKARUS anti.virus

not-a-virus.Hacktool.Nokia

t3scan.2.2.29

Quick Heal

(Suspicious) - DNAScan

2.14.12.00

Rising Antivirus

PE:Trojan.Win32.Generic.12B538F8!313866488

23.00.65.14207

ViRobot

JS.A.Pakes.389947

2011.4.7.4223

File size:

380.8 KB (389,947 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\im\identities\{85c2a1fb-3642-4fda-89dd-1151d3e206d6}\message store\messages\1\{dc275acc-0122-4aec-85dc-6b256da36862}\attachments\files_telefoontool.exe

File PE Metadata

Compilation timestamp:

2/7/2004 6:26:28 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:rQG7UqHCgRwVFRwuQTP6qSj0FP76XCYqjms3PXfABTCY/09MbN6nJ+ydl:rBIEClHReSqhFP7+q3fCx/0CN6nJ+yX

Entry address:

0x4048

Entry point:

83, EC, 0C, 53, 55, 56, 57, C7, 44, 24, 10, E8, 91, 40, 00, 33, DB, C6, 44, 24, 14, 20, FF, 15, 2C, 70, 40, 00, 53, FF, 15, 90, 72, 40, 00, BE, 00, A4, 42, 00, BF, 00, 04, 00, 00, 56, 57, A3, A8, 3F, 42, 00, FF, 15, D8, 70, 40, 00, E8, 8D, FF, FF, FF, 8B, 2D, A4, 70, 40, 00, 85, C0, 75, 21, 68, FB, 03, 00, 00, 56, FF, 15, D4, 70, 40, 00, 68, A4, 92, 40, 00, 56, FF, D5, E8, 6A, FF, FF, FF, 85, C0, 0F, 84, 57, 01, 00, 00, BE, 20, 37, 42, 00, 56, FF, 15, 80, 70, 40, 00, 68, 98, 92, 40, 00, 56, E8, B4, 28, 00... 
[+]

Code size:

23.5 KB (24,064 bytes)

The file files_telefoontool.exe has been seen being distributed by the following 12 URLs.

temp:NokiaFREE_v310_Setup.exe

http://www.bytesendclear.com/mj4Us8YdamjWt7wrrqx3cK_EA3qbRva8NHTyDHbVV4BXNtcGPzgytzhpMP9F 3mJYkYt5JCie_FqiH7t8c0VCT1GlbrZAPLCU7eQv0P8VwEUJbazVQMhuUoJwxWNyKtU_FAeWuS4aQH4VSS6aqw 6leHxvOthGozpLFvC2u9EsHMCS1zk Y9t8G8ujiNq P2QpMUhaaV2J_qo2TpsSL8QS0KMWz2FqRHIpo6HMDW4ySVfMx2pC3byU_7Ih8ZG52dgnnUOho8ERJPpUYPbyZUVQtMMmF8tZ3kfZruUz8CocirNufrUT6U9uSZhAL8gZPmOFCMcPAG66lG 21drz3c3yV0gMzCT6XbzLQgmsMc9QWgzBEJJvzI8b34H4kHC8J04nbgRW1ubtTLVFhlZL0wWNRtLwFbrpA02EiM4eQEUMkUx7l6YxREDLQNbpGAO2XBa neiToaEyem3rNPFe4DrxMTJ3k4Yt2W3Ilj5fUJzPWksi0SOcqMqltIdZaq0AEeEr3UVXfwkruslQynB12LeHgv7fkFFuwZQSDdkrtmxrRnFNSnedw5AbdYTrUdPjmlCr8XFOXzbSna_0QshmdyXP5M4J3cnAdGBFHwzWuiu8jLOB2yJdM=-G3oAAORNd17qc0fQM_6QJmE2HbZB08npQfnf5ZBASCGHgeY2do6IokQv8jZWogK5L_ZIrq5W486F_aU9WqTpVhrnuCvIgo_panw9TB6mrA5gxwGD8cETtY6kg8XBWs4iY3aUXwA=

http://dla.uloz.to/Ps;Hs;fid=55820056;cid=1707216351;rid=1591501133;up=0;uip=83.31.145.223;tm=1482167015;ut=f;aff=zachowajto.pl;did=ulozto-pl;He;ch=bc779b7a787fc883e5eab977ff545d14;Pe/.../nokiafree-v310-setup-exe?bD&c=1707216351&De

about:internet

http://www.lo4d.com/get-file/nokiafree-unlock-codes-calculator/.../

https://alldebrid.com/service.php?link=http://.../5pgpeyz2t97x &auto=1&ssl=true

temp:NokiaFREEUnlockCalculator_downloader_by_NokiaFREEUnlockCalculator.exe

http://www.lo4d.com/get-file/nokiafree-unlock-codes-calculator/.../

http://download799.mediafire.com/vdiqe9ps4rag/.../NokiaFREE_v310_Setup.exe

https://bitbucket.org/Flashingfiles/maqsood/.../NokiaFREE_v310_Setup.exe

http://www.telefoon-unlock.com/.../download.php

http://unlock.nokiafree.org/NokiaFREEUnlockCalculator_downloader_by_NokiaFREEUnlockCalculator.exe

Scan files_telefoontool.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.