» hfs262_rus.exe
Overview
Analysis
File Details
Network (1)

hfs262_rus.exe

Http File Server

rejetto

The application hfs262_rus.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. While running, it connects to the Internet address 2ip.ru on port 80 using the HTTP protocol.

File name:

hfs262_rus.exe

Publisher:

rejetto

Product:

Http File Server

Version:

2.3.0.0

MD5:

da6c9d7867dd21f9142fd3e8f4ff20e1

SHA-1:

720937a4e8a77b850c0adf181ada82d5ba25b67f

SHA-256:

4452ae3ab2455f49d10d05ce35c2c5ae1be76b07871a99f6d6b00690a5b24a93

Scanner detections:

12 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 10:14:53 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Server-Web

7.1.1

Avira AntiVirus

SPR/hfs.O

7.11.123.254

avast!

Win32:PUP-gen [PUP]

2014.9-140108

Baidu Antivirus

HackTool.Win32.SFH

4.0.3.1418

Bkav FE

W32.HfsAutoB

1.3.0.4613

ESET NOD32

Win32/Server-Web.HFS (variant)

8.9262

Fortinet FortiGate

W32/Server_Web_HFS.A

1/8/2014

Kaspersky

not-a-virus:Server-FTP.Win32.SFH

14.0.0.4495

McAfee

Artemis!DA6C9D7867DD

5600.7256

NANO AntiVirus

Riskware.Win32.HFS.oxvxw

0.28.0.57029

Norman

Suspicious_Gen2.NSZHK

11.20140108

Sophos

Generic PUA HC

4.96

File size:

2.5 MB (2,626,560 bytes)

Product version:

2.3

Original file name:

hfs.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\hfs262_rus.exe

File PE Metadata

Compilation timestamp:

6/20/1992 4:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:25kD3D2Sm+hyaTtUE3+6iMyNed80YjiGIp/Tvu7qvy0OcLnD1Z:25kDlm+hyaTyW+XTNS8MpSs

Entry address:

0x187F10

Entry point:

55, 8B, EC, 83, C4, D8, 53, 33, C0, 89, 45, E8, 89, 45, EC, B8, CC, 4D, 58, 00, E8, F7, FB, E7, FF, 8B, 1D, 50, 19, 59, 00, 33, C0, 55, 68, A8, 80, 58, 00, 64, FF, 30, 64, 89, 20, A1, 94, 15, 59, 00, 8B, 00, C7, 40, 14, 2C, 4C, 58, 00, 6A, 11, E8, BA, 08, E8, FF, 0F, BF, C0, F6, C4, 80, 75, 6C, A1, 94, 15, 59, 00, 8B, 00, BA, C0, 80, 58, 00, E8, 25, 32, F2, FF, 84, C0, 75, 30, A1, 94, 15, 59, 00, 8B, 00, 8B, 48, 0C, 8D, 45, EC, BA, D8, 80, 58, 00, E8, 82, D9, E7, FF, 8B, 45, EC, 33, C9, BA, 10, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

1.5 MB (1,598,976 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 2ip.ru (188.40.74.9:80)

Remove hfs262_rus.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.