tfccltd[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tfccltd.exe
Size

292KB
MD5

a1bfff3769a3962c5075e041c1c937b3
SHA1

2936ad4944f553277842155b0de2aa5f43d741fb
SHA256

ae8369a28b53ba7e283436a65c211ef032af555515fb961e6cb0c56c635d1834
SHA512

31eb0d602e1621b40cbc27acc85ac96eae2ab5d11d074fd13df2e08501c55bce328e75acb53ac666d4135246e018e85ac90e2a8b3099deb0d148c9e88186b7c5
SSDEEP

6144:R2IKJkxNAKuw/UdVCa/9j0vZAvwMQbttFVKIg/JcmaR:R2IKJkxNAKursa/Zoj5KIWJO

Score

N/A

Malware Config

Signatures

Files

tfccltd.exe
.exe windows x86

94968d895300f8d8e056d0ab87e2a8f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
accept
__WSAFDIsSet
select
recv
htons
inet_ntoa
getpeername
ntohs
connect
inet_addr
htonl
recvfrom
sendto
gethostname
getsockname
WSAGetLastError
ioctlsocket
bind
closesocket
listen
gethostbyname
WSACleanup
WSAStartup
send

kernel32

GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
CloseHandle
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetModuleFileNameA
GetCurrentDirectoryA
WriteFile
CreateFileA
GetEnvironmentVariableA
GetTickCount
GetUserDefaultLCID
SetWaitableTimer
FormatMessageA
Sleep
SetFileAttributesA
MoveFileA
DeleteFileA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
LocalFree
CreateFileMappingA
MapViewOfFile
GetCurrentThreadId
GetLastError
TerminateThread
CreateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateWaitableTimerA
WideCharToMultiByte
GetComputerNameA
MultiByteToWideChar
IsWow64Process
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateEventA
OpenEventA
UnmapViewOfFile

user32

UpdateWindow
SendMessageA
DestroyWindow
PostQuitMessage
SetWindowTextA
GetDlgItem
SetWindowLongA
GetWindowRect
ScreenToClient
GetWindowLongA
GetWindowTextLengthA
PeekMessageA
CreateDialogIndirectParamA
ShowWindow
SetForegroundWindow
SetWindowPos
GetSystemMetrics
MsgWaitForMultipleObjects
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
IsWindowVisible
GetWindowThreadProcessId
GetWindowTextA
GetClassNameA

advapi32

RegOpenKeyA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
CryptAcquireContextA

winhttp

WinHttpQueryHeaders
WinHttpCheckPlatform
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpOpen
WinHttpSendRequest
WinHttpConnect
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetCredentials
WinHttpReadData

ole32

CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoInitialize

msvcrt

strncpy
printf
strtol
_snprintf
_stricmp
rand
srand
sscanf
abort
__dllonexit
_onexit
_strdup
free
time
isxdigit
exit
isdigit
strstr
_beginthreadex
floor
localtime
toupper
tolower
fwrite
fopen
fseek
ftell
??3@YAXPAX@Z
strrchr
??2@YAPAXI@Z
_ftol
sprintf
strchr
_itoa
malloc
atoi
_atoi64
atof
realloc
modf
memmove
strncmp
__CxxFrameHandler
fclose

oleaut32

SafeArrayGetElemsize
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 122KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

94968d895300f8d8e056d0ab87e2a8f1

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

winhttp

ole32

msvcrt

oleaut32

Sections

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 122KB - Virtual size: 187KB

.CRT Size: 512B - Virtual size: 4B

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 122KB - Virtual size: 187KB

.CRT
Size: 512B - Virtual size: 4B