Suspicious
Suspect

39e768eb955cd06d1913400b2ef761de

ZIP Archive
|
MD5: 39e768eb955cd06d1913400b2ef761de
|
Size: 12.75 MB
|
application/zip

Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
39e768eb955cd06d1913400b2ef761de
Sha1
1e6cb37293300f481ebdd45256efa3c00890c88b
Sha256
4f9c2b3bac41ddf540d8f057173dba89bc8bec6b52822710667d9975f9059249
Sha384
71fc793935c2afb81e22bb8f7eceb727181fdc6d97a5cc4e13b5bbe66f7a73982541c3411cd73874852220bcde3f50c7
Sha512
e09eda28db7ca5e3b50681e5e9558f32ce0f56b21210f682a8bf7920d0768db42149a34f2dc886fce04b8e870cee4c1a9ef88ee0d8a315e6e2ebf7127102f6c0
SSDeep
393216:zqAr0RKyBJfwlb9CRZYzT/uH2ESl+2XZnfyAIKqdifFJS4:zl0RKyfficRGzTdXZnfyAbqdUS4
TLSH
2AD633A3732DB36ADB11DAF730E32D118EB1F6E196EB0451E29167F4E40B4E6A7501E0
File Structure
39e768eb955cd06d1913400b2ef761de
frp_0.60.0-HAYFRP_windows_amd64
frpc.exe
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.xdata
.idata
.reloc
.symtab
frpc.exe
0x00867275.svg
frpc.toml
frps.exe
[Base64-Block@0x009C30A8]
[Base64-Block-Decoded]
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.xdata
.idata
.reloc
.symtab
frps.toml
LICENSE
Artefacts
Name
 Value
URLs in VB Code - #1

http://chunkednosniffCreatedIM
URLs in VB Code - #2

https://api.hayfrp.org/bytes.Buffer
URLs in VB Code - #3

https://github.com/fatedier/frp
URLs in VB Code - #4

https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
URLs in VB Code - #5

https://github.com/quic-go/quic-go/wiki/LoggingDisabling
URLs in VB Code - #6

https://github.com/spf13/cobra/issues/1279
URLs in VB Code - #7

https://github.com/spf13/cobra/issues/1508
URLs in VB Code - #8

http://www.w3.org/2000/svg
URLs in VB Code - #9

https://vuejs.org/error-reference/#runtime-$
URLs in VB Code - #10

http://www.w3.org/1998/Math/MathML
URLs in VB Code - #11

http://www.w3.org/1999/xlink
URLs in VB Code - #12

https://element-plus.org/en-US/component/button.html#button-attributes
URLs in VB Code - #13

https://element-plus.org/en-US/component/menu.html#submenu-attributes
URLs in VB Code - #14

https://element-plus.org/en-US/component/switch.html#attributes
URLs in VB Code - #1

https://H9
URLs in VB Code - #2

https://H
URLs in VB Code - #3

http://chunkednosniffCreatedIM
URLs in VB Code - #4

https://api.hayfrp.org/reflectlite.Value.IsNilreflect.Value.Interfacereflect.Value.NumMethodDestroyEnvironmentBlockindex
URLs in VB Code - #5

https://accounts.google.commismatch
URLs in VB Code - #6

https://api.hayfrp.org/NodeAPIregex
URLs in VB Code - #7

https://api.hayfrp.org/NodeAPI?type=userlogin&utoken=
URLs in VB Code - #8

https://api.hayfrp.org/NodeAPI?type=GetNodeName&token=https://api.hayfrp.org/NodeAPI?type=checkonline&token=fmt
URLs in VB Code - #9

https://protobuf.dev/reference/go/faq#namespace-conflicttype
URLs in VB Code - #10

https://github.com/fatedier/frp
URLs in VB Code - #11

https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
URLs in VB Code - #12

https://github.com/quic-go/quic-go/wiki/LoggingDisabling
URLs in VB Code - #13

https://github.com/spf13/cobra/issues/1279
URLs in VB Code - #14

https://github.com/spf13/cobra/issues/1508
URLs in VB Code - #15

https://api.rcov.top/api/v1/acg?source=fj&json=false
URLs in VB Code - #16

https://learn.hayfrp.org
URLs in VB Code - #17

https://www.hayfrp.org
URLs in VB Code - #18

http://www.w3.org/2000/svg
URLs in VB Code - #19

https://vuejs.org/error-reference/#runtime-$
URLs in VB Code - #20

http://www.w3.org/1998/Math/MathML
URLs in VB Code - #21

http://www.w3.org/1999/xlink
URLs in VB Code - #22

https://element-plus.org/en-US/component/button.html#button-attributes
URLs in VB Code - #23

https://element-plus.org/en-US/component/dialog.html#slots
URLs in VB Code - #24

https://element-plus.org/en-US/component/dialog.html#attributes
URLs in VB Code - #25

https://element-plus.org/en-US/component/menu.html#submenu-attributes
URLs in VB Code - #26

https://element-plus.org/en-US/component/switch.html#attributes
URLs in VB Code - #27

https://github.com/ecomfe/zrender/blob/master/LICENSE.txt
39e768eb955cd06d1913400b2ef761de (12.75 MB)
File Structure
39e768eb955cd06d1913400b2ef761de
frp_0.60.0-HAYFRP_windows_amd64
frpc.exe
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.xdata
.idata
.reloc
.symtab
frpc.exe
0x00867275.svg
frpc.toml
frps.exe
[Base64-Block@0x009C30A8]
[Base64-Block-Decoded]
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.xdata
.idata
.reloc
.symtab
frps.toml
LICENSE
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
URLs in VB Code - #1

http://chunkednosniffCreatedIM

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frpc.exe
URLs in VB Code - #2

https://api.hayfrp.org/bytes.Buffer

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frpc.exe
URLs in VB Code - #3

https://github.com/fatedier/frp

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frpc.exe
URLs in VB Code - #4

https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frpc.exe
URLs in VB Code - #5

https://github.com/quic-go/quic-go/wiki/LoggingDisabling

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frpc.exe
URLs in VB Code - #6

https://github.com/spf13/cobra/issues/1279

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frpc.exe
URLs in VB Code - #7

https://github.com/spf13/cobra/issues/1508

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frpc.exe
URLs in VB Code - #8

http://www.w3.org/2000/svg

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frpc.exe
URLs in VB Code - #9

https://vuejs.org/error-reference/#runtime-$

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frpc.exe
URLs in VB Code - #10

http://www.w3.org/1998/Math/MathML

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frpc.exe
URLs in VB Code - #11

http://www.w3.org/1999/xlink

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frpc.exe
URLs in VB Code - #12

https://element-plus.org/en-US/component/button.html#button-attributes

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frpc.exe
URLs in VB Code - #13

https://element-plus.org/en-US/component/menu.html#submenu-attributes

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frpc.exe
URLs in VB Code - #14

https://element-plus.org/en-US/component/switch.html#attributes

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frpc.exe
URLs in VB Code - #1

https://H9

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #2

https://H

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #3

http://chunkednosniffCreatedIM

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #4

https://api.hayfrp.org/reflectlite.Value.IsNilreflect.Value.Interfacereflect.Value.NumMethodDestroyEnvironmentBlockindex

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #5

https://accounts.google.commismatch

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #6

https://api.hayfrp.org/NodeAPIregex

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #7

https://api.hayfrp.org/NodeAPI?type=userlogin&utoken=

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #8

https://api.hayfrp.org/NodeAPI?type=GetNodeName&token=https://api.hayfrp.org/NodeAPI?type=checkonline&token=fmt

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #9

https://protobuf.dev/reference/go/faq#namespace-conflicttype

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #10

https://github.com/fatedier/frp

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #11

https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #12

https://github.com/quic-go/quic-go/wiki/LoggingDisabling

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #13

https://github.com/spf13/cobra/issues/1279

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #14

https://github.com/spf13/cobra/issues/1508

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #15

https://api.rcov.top/api/v1/acg?source=fj&json=false

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #16

https://learn.hayfrp.org

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #17

https://www.hayfrp.org

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #18

http://www.w3.org/2000/svg

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #19

https://vuejs.org/error-reference/#runtime-$

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #20

http://www.w3.org/1998/Math/MathML

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #21

http://www.w3.org/1999/xlink

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #22

https://element-plus.org/en-US/component/button.html#button-attributes

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #23

https://element-plus.org/en-US/component/dialog.html#slots

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #24

https://element-plus.org/en-US/component/dialog.html#attributes

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #25

https://element-plus.org/en-US/component/menu.html#submenu-attributes

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #26

https://element-plus.org/en-US/component/switch.html#attributes

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
URLs in VB Code - #27

https://github.com/ecomfe/zrender/blob/master/LICENSE.txt

39e768eb955cd06d1913400b2ef761de > frp_0.60.0-HAYFRP_windows_amd64 > frps.exe
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙