home

iphone4_hacktivate_tool.exe

i-ekb.ru

The executable iphone4_hacktivate_tool.exe, “iPhone4_Hacktivate_Tool 1.00 Installation ” has been detected as malware by 7 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from ing-negative.persiangig.com and multiple other hosts.
Publisher:
i-ekb.ru

Description:
iPhone4_Hacktivate_Tool 1.00 Installation

Version:
1.00

MD5:
4da03ed1e01ff2af4a76f0d4c21b442f

SHA-1:
38dc16e8d7e776ba3b966b65925ebe60de09d3fa

SHA-256:
2eb6e6bcff0e087e71bab3403d8486224fd7ccbebff9464077e04aff663f6796

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
4/24/2024 10:45:06 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Agent.8271615
7.11.145.12

AVG
Win32/DH
2015.0.3494

McAfee
Artemis!4DA03ED1E01F
5600.7150

Norman
Suspicious_Gen4.FUTSQ
11.20140424

Qihoo 360 Security
HEUR/Malware.QVM05.Gen
1.0.0.1015

Total Defense
Win32/Jorik.KJ
37.0.10895

Trend Micro House Call
TROJ_GEN.F47V1231
7.2.114

File size:
7.9 MB (8,271,615 bytes)

Copyright:
i-ekb.ru

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\iphone4_hacktivate_tool.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:cK/lNKxgPCYOGs1sctAtRm9Wd02X6IwtgwpTUPtCsz:DNFPCYZo2OWd0+0pIVCsz

Entry address:
0x25468

Entry point:
55, 8B, EC, 83, C4, F0, B8, 88, 53, 42, 00, E8, 24, F2, FD, FF, B8, C8, 54, 42, 00, E8, 2A, 1C, FE, FF, 8B, 15, 40, 88, 42, 00, 89, 02, 8B, 15, 40, 88, 42, 00, 8B, 12, A1, 48, 88, 42, 00, E8, E4, D3, FF, FF, 8B, 15, 40, 88, 42, 00, 8B, 12, A1, DC, 87, 42, 00, E8, 7A, 64, FF, FF, A1, 40, 88, 42, 00, E8, AC, 4E, FE, FF, E8, DF, E0, FD, FF, 00, 00, 00, FF, FF, FF, FF, 01, 00, 00, 00, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9968

Developed / compiled with:
Microsoft Visual C++

Code size:
145.5 KB (148,992 bytes)

The file iphone4_hacktivate_tool.exe has been seen being distributed by the following 24 URLs.

http://ing-negative.persiangig.com/.8DCzYrRT2W/.../iPhone4_Hacktivate_Tool.exe

https://fs09n3.sendspace.com/dl/cf65a0fc7913361f33d5cc6575b867a8/58618d567d1d7139/.../iPhone4_Hacktivate_Tool.exe

http://download1392.mediafire.com/9b7rrod9mpig/.../iPhoneHacktivateTool.exe

http://ing-negative.persiangig.com/.Qh8IMABjUo/.../iPhone4_Hacktivate_Tool.exe

https://mega.nz/persistent/.../gZAiSIwZ

http://download866.mediafire.com/8fe1avgl4y8g/.../iPhoneHacktivateTool.exe

https://mega.co.nz/temporary/.../gZAiSIwZ

blob:84C35867-E8B1-45C4-A773-3C8C83693B03

https://mega.nz/persistent/.../VUcmQSAb

https://mega.co.nz/temporary/.../VUcmQSAb

https://mega.nz/temporary/.../VUcmQSAb

blob:C6793FD3-A101-45AD-BA12-92B6076513A9

https://mega.nz/temporary/.../0xwWTCzC

https://mega.nz/temporary/.../gZAiSIwZ

https://mega.nz/temporary/.../yVtwma4b

https://mega.nz/persistent/.../80RRDaqA

https://mega.co.nz/persistent/.../VUcmQSAb

https://mega.nz/temporary/.../80RRDaqA

http://download1186.mediafire.com/qtyl1b5j16gg/.../iPhoneHacktivateTool.exe

https://mega.co.nz/temporary/.../yVtwma4b

http://www.filedropper.com/.../filedownload.php?id=iphonehacktivatetool

http://ragemasta.com/.../iPhone4_Hacktivate_Tool.exe

http://ragemasta.com/.../iPhone4_Hacktivate_Tool.exe

https://mega.co.nz/temporary/.../80RRDaqA

Remove iphone4_hacktivate_tool.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.