hfs.exe

First submission 2024-09-30 03:08:05

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 2121.0 KB (2171904 bytes)
Compile time: 1992-06-20 00:22:17
MD5: 9e8557e98ed1269372ff0ace91d63477
SHA1: d0c4192b65e36553f6fd2b83f3123f6ae8380dac
SHA256: e678899d7ea9702184167b56655f91a69f8a0bdc9df65612762252c053c2cd7c
Import Hash : eb58f6a65d91e853b4dcfa5f6c10386b
Sections 9 .text .itext .data .bss .idata .tls .rdata .reloc .rsrc
Directories 4 import resource tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 23/77 VT report date: 2024-09-30 03:06:51
Malware Type 3 trojan pua virus
Threat Type 2 server httpfileserver

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://103.43.18.71:88/hfs.exe VirusTotal Report 103.43.18.71 VirusTotal Report 2024-09-30 03:08:05

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1766b8 1533952 f272ea55d625fe6bb9ef782f9da9c07e538efb31 3f942d6c37616e0d8d9ac5fd5876e441
.itext 0x178000 0x1e64 8192 95a8e8c0097a803b01235ff5405220b166a5bddf f4582be31f56c88cbd18ab7ba9099d38
.data 0x17a000 0x8c94 36352 5daf3f8c98c2ca6add023bd50291dfdea45e5802 9f9a41de15042165e91ffa796cbd7dc1
.bss 0x183000 0xd974 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x191000 0x3966 14848 c8202bb324d7439122bbb0066f92f0547443d1e5 87db3a2d95e6a0a244ebc9dc6a2f460d
.tls 0x195000 0x44 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x196000 0x45 512 0dccd04164e1a529de90d5d4821b0f1d779c55c5 c7f385b277b29965aeda94ad0884eccc
.reloc 0x197000 0x15764 88064 99bd8a0526fca5790255ac3c9c92fb65bafc32cf eec81278c172ce8dcc7aa4a87e5d3dd7
.rsrc 0x1ad000 0x77600 488960 67f202f9e1467066137b83794a436f5460d1b2fd e474116bbf0bad0c701fe37e23c3c0d9

PE Resources 13

Name Language Sublanguage Offset Size Data
GIF LANG_ENGLISH SUBLANG_ENGLISH_US 0x1aea00 6046
TEXT LANG_ENGLISH SUBLANG_ENGLISH_US 0x1ced90 292
UNICODEDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x1f69ac 5317
RT_CURSOR LANG_ENGLISH SUBLANG_ENGLISH_US 0x1f85ac 308
RT_BITMAP LANG_ENGLISH SUBLANG_ENGLISH_US 0x1fa21c 224
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x201374 1384
RT_DIALOG LANG_NEUTRAL SUBLANG_NEUTRAL 0x201930 82
RT_STRING LANG_NEUTRAL SUBLANG_NEUTRAL 0x208f08 724
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x223a88 763
RT_GROUP_CURSOR LANG_ENGLISH SUBLANG_ENGLISH_US 0x223dfc 20
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x223e10 62
RT_VERSION LANG_ITALIAN SUBLANG_ITALIAN 0x223e50 792
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x224168 671

Meta infos 11

LegalCopyright: Copyright (C) 2002-2010 Massimo Melina (www.rejetto.com)
InternalName: HFS
FileVersion: 2.3.0.0
CompanyName: rejetto
LegalTrademarks:
Comments:
ProductName: Http File Server
ProductVersion: 2.3
FileDescription:
Translation: 0x0410 0x04e4
OriginalFilename: hfs.exe

Packers detected 3

Borland Delphi 3.0 (???)
Borland Delphi 4.0
Borland Delphi v3.0

Anti debug functions 7

FindWindowA
GetLastError
GetWindowThreadProcessId
OutputDebugStringA
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Binary
hfs-dump.bin
Log
hfs.log
Enable macros.log
Append macros.log
Temporary
HFS last update check.tmp
hfs~%d.tmp
%s~%d.tmp
test.tmp
hfs script.tmp
Linker File
\HFS.lnk
\target.lnk
hfs.*;*.htm*;descript.ion;*.comment;*.md5;*.corrupted;*.lnk
\hfs.*;*.htm*;descript.ion;*.comment;*.md5;*.corrupted;*.lnk
Text
*.txt
http://www.rejetto.com/hfs/hfs.updateinfo.txt
/robots.txt
hfs.comments.txt
hfs.updateinfo.txt
http://www.rejetto.com/sw/license.txt
Text File|*.txt
hfs.ips.txt
Library
Failed to Save Stream %s is already associated with %sE%d is an invalid PageIndex value. PageIndex must be between 0 and %d=This control requires version 4.70 or greater of COMCTL32.DLL
UxTheme.dll
OLEAUT32.dll
PSAPI.DLL
COMCTL32.dll
ole32.dll
IMM32.dll
USER32.dll
MAPI32.dll
WSOCK32.dll
KERNEL32.dll
riched32.dll
WINMM.dll
ntdll.dll
COMDLG32.dll
ADVAPI32.dll
vcltest3.dll
GDI32.dll
SHELL32.dll
MSIMG32.dll
VERSION.dll
WS2_32.dll
Web Page
http://hfsservice.rejetto.com/ipservices.php

Strings analysis - Possible IPs found 3

0.0.0.1
255.255.255.255
127.0.0.1

Strings analysis - Possible URLs found 29

http://sizzlejs.com/
http://localhost:
http://2ip.ru
http://www.rejetto.com/sw/?faq=hfs
http://
http://trentrichardson.com
http://www.rejetto.com/forum/
http://www.rejetto.com/hfs/
http://checkip.dyndns.org
http://www.rejetto.com/hfs/guide/
http://www.rejetto.com/wiki/?title=HFS:_Event_scripts
http://www.mario-online.com/mio_indirizzo_ip.php
http://www.rejetto.com/hfs-donate
http://www.rejetto.com/sw/license.txt
http://hfstest.rejetto.com/?port=
http://www.canyouseeme.org
http://trentrichardson.com/Impromptu/MIT-LICENSE.txt
http://trentrichardson.com/Impromptu/GPL-LICENSE.txt
http://jquery.com/
http://rejetto.webfactional.com/hfs/ip.php
http://www.cjb.net/cgi-bin/dynip.cgi?username=
http://www.whatsmyrealip.com/
http://www.rejetto.com/hfs/guide/intro.html
http://www.rejetto.com/hfs/hfs.updateinfo.txt
http://jquery.org/license
http://hfsservice.rejetto.com/ipservices.php
http://www.melauto.it/public/rejetto/ip.php
http://www.alexnolan.net/ip/
https://

Import functions