PHacking - TFM.exe

PHacking - TFM

This is a setup program which is used to install the application. The file has been seen being downloaded from fs07n3.sendspace.com and multiple other hosts.
Product:
PHacking - TFM

Version:
1.0.0.0

MD5:
00ac3b05e6ed6ff54cc048b942882426

SHA-1:
c17eba200a7544e6fc2504cc82405fc1751aacaf

SHA-256:
37684a575428a4b07facb24480c5ea61a81731951ef01a6209a9283fe5372720

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/26/2024 12:31:43 PM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1077

File size:
1.2 MB (1,223,680 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
PHacking - TFM.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\phacking - tfm.exe

File PE Metadata
Compilation timestamp:
1/18/2016 2:51:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:BnjOI+Qw+MHD21NEMxphzWm8POCeekAZnEGSxPLff1jjtrOxFrWA49M3PME4AeE0:lPMHD21zS2tZK+6

Entry address:
0x5D0E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
15.5 KB (15,872 bytes)

The file PHacking - TFM.exe has been seen being distributed by the following 27 URLs.

https://fs07n3.sendspace.com/dl/8ca41a3f8683bb6095543f9a756924db/57b0ad1417b1c88e/.../PHacking - TFM.exe

https://fs07n5.sendspace.com/dl/d76c2b767c90b75ad25f2d5d5235d20d/5861b27225b70415/.../PHacking - TFM.exe

https://fs07n1.sendspace.com/dl/d0bf4854a6c281791f1ac976d138fbec/5765989a4d7d230e/.../PHacking - TFM.exe

https://fs07n4.sendspace.com/dl/e070f2bbda8da38751f42b6ed680a09b/58420f4807fd8eb2/.../PHacking - TFM.exe

https://fs07n4.sendspace.com/dl/3572b263c200f95437312b4958913d4e/57d579a32e503ae3/.../PHacking - TFM.exe

https://fs07n2.sendspace.com/dl/4bf8757cdc5baf79f2c894c569cea74e/57091f494afe730c/.../PHacking - TFM.exe

https://fs07n4.sendspace.com/dl/209758541a6b485041f2a893f7971c79/5727978c4a6af3c1/.../PHacking - TFM.exe

https://fs07n4.sendspace.com/dl/885b15c860cc2241ef2268007fce2f69/5791348e6f7c3ab9/.../PHacking - TFM.exe

https://fs07n2.sendspace.com/dl/21a65080b9c7b3f7f49e02cf4d303736/57714f2d416f814c/.../PHacking - TFM.exe

Scan PHacking - TFM.exe - Powered by Reason Core Security