Static task
static1
Behavioral task
behavioral1
Sample
tfccltd.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
tfccltd.exe
Resource
win10v2004-20220721-en
General
-
Target
tfccltd.exe
-
Size
292KB
-
MD5
a1bfff3769a3962c5075e041c1c937b3
-
SHA1
2936ad4944f553277842155b0de2aa5f43d741fb
-
SHA256
ae8369a28b53ba7e283436a65c211ef032af555515fb961e6cb0c56c635d1834
-
SHA512
31eb0d602e1621b40cbc27acc85ac96eae2ab5d11d074fd13df2e08501c55bce328e75acb53ac666d4135246e018e85ac90e2a8b3099deb0d148c9e88186b7c5
-
SSDEEP
6144:R2IKJkxNAKuw/UdVCa/9j0vZAvwMQbttFVKIg/JcmaR:R2IKJkxNAKursa/Zoj5KIWJO
Malware Config
Signatures
Files
-
tfccltd.exe.exe windows x86
94968d895300f8d8e056d0ab87e2a8f1
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
socket
accept
__WSAFDIsSet
select
recv
htons
inet_ntoa
getpeername
ntohs
connect
inet_addr
htonl
recvfrom
sendto
gethostname
getsockname
WSAGetLastError
ioctlsocket
bind
closesocket
listen
gethostbyname
WSACleanup
WSAStartup
send
kernel32
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
CloseHandle
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetModuleFileNameA
GetCurrentDirectoryA
WriteFile
CreateFileA
GetEnvironmentVariableA
GetTickCount
GetUserDefaultLCID
SetWaitableTimer
FormatMessageA
Sleep
SetFileAttributesA
MoveFileA
DeleteFileA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
LocalFree
CreateFileMappingA
MapViewOfFile
GetCurrentThreadId
GetLastError
TerminateThread
CreateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateWaitableTimerA
WideCharToMultiByte
GetComputerNameA
MultiByteToWideChar
IsWow64Process
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateEventA
OpenEventA
UnmapViewOfFile
user32
UpdateWindow
SendMessageA
DestroyWindow
PostQuitMessage
SetWindowTextA
GetDlgItem
SetWindowLongA
GetWindowRect
ScreenToClient
GetWindowLongA
GetWindowTextLengthA
PeekMessageA
CreateDialogIndirectParamA
ShowWindow
SetForegroundWindow
SetWindowPos
GetSystemMetrics
MsgWaitForMultipleObjects
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
IsWindowVisible
GetWindowThreadProcessId
GetWindowTextA
GetClassNameA
advapi32
RegOpenKeyA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
CryptAcquireContextA
winhttp
WinHttpQueryHeaders
WinHttpCheckPlatform
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpOpen
WinHttpSendRequest
WinHttpConnect
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetCredentials
WinHttpReadData
ole32
CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoInitialize
msvcrt
strncpy
printf
strtol
_snprintf
_stricmp
rand
srand
sscanf
abort
__dllonexit
_onexit
_strdup
free
time
isxdigit
exit
isdigit
strstr
_beginthreadex
floor
localtime
toupper
tolower
fwrite
fopen
fseek
ftell
??3@YAXPAX@Z
strrchr
??2@YAPAXI@Z
_ftol
sprintf
strchr
_itoa
malloc
atoi
_atoi64
atof
realloc
modf
memmove
strncmp
__CxxFrameHandler
fclose
oleaut32
SafeArrayGetElemsize
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
Sections
.text Size: 162KB - Virtual size: 162KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 122KB - Virtual size: 187KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE