Tcpview[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Tcpview.exe
Size

1.3MB
MD5

126d1dba7efc0faed18afa036fb0468b
SHA1

fe58c79cc3b5d11d9c1fbf53db1e0d726c94c491
SHA256

adb8b6cfb9633759f3a08ecb160790aaa6a733d5671991c21a5a28deafbeef26
SHA512

a3c32b7b4961c13c4fafb1b71b123bf4d0ecdfc4087912429019fb63aaf17f132ae2c58135f2ea8d64643966e99a28c89fc67c6256e9dafcb310049ab6951ad9
SSDEEP

24576:a4zvFYvS8i38HEMlagTFUKhVobD8FjJ7D25OD6wdRkPHpFFFLChKMdDBbwngXAY8:ei3+EMltTFUKhVouv25yBXkPHpFFFOhI

Score

N/A

Malware Config

Signatures

Files

Tcpview.exe
.exe windows x86

d1a671a4801a60e1a4a029d2b64a6739

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:32

Not After

01/09/2022, 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:b8:4c:4b:b1:6e:a6:47:64:e1:46:d2:9d:bd:fe:77:a9:cb:24:ee:23:db:ef:84:ad:f5:76:3b:d2:01:04:3f
Signer

Actual PE Digest

5f:b8:4c:4b:b1:6e:a6:47:64:e1:46:d2:9d:bd:fe:77:a9:cb:24:ee:23:db:ef:84:ad:f5:76:3b:d2:01:04:3f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

20/01/2023, 15:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
TrySubmitThreadpoolCallback
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleExW
FormatMessageW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetNumberFormatEx
CreateDirectoryW
SetThreadPriority
SetPriorityClass
lstrcmpW
DecodePointer
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
lstrcmpiW
CreateThread
TerminateThread
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetTickCount64
FileTimeToSystemTime
ReadFile
SetFilePointerEx
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
MapViewOfFileEx
VirtualAlloc
PeekConsoleInputA
ReadConsoleInputW
GetNumberOfConsoleInputEvents
SetConsoleMode
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetConsoleCP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
GetCPInfo
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
TryAcquireSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetStringTypeW
FormatMessageA
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
OutputDebugStringW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
CreateFileMappingW
SetFilePointer
GetFileSize
DebugBreak
VirtualQuery
VirtualFree
FindClose
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
IsWow64Process
WriteProcessMemory
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
VirtualAllocEx
OpenProcess
CreateProcessW
CreateProcessA
GetExitCodeProcess
TerminateProcess
ExitProcess
WaitForSingleObject
GetEnvironmentVariableW
GetEnvironmentVariableA
VerifyVersionInfoW
lstrlenW
LoadLibraryW
FreeLibrary
CreateRemoteThreadEx
GetThreadId
ResumeThread
GetCurrentThread
CloseHandle
GetTempPathW
WriteFile
CreateFileW
VerSetConditionMask
GetModuleFileNameW
GetCurrentThreadId
DeleteCriticalSection
VirtualProtect
WriteConsoleW
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
WritePrivateProfileStructW
GetPrivateProfileStructW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetFileAttributesW
GetCurrentProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
GlobalLock
GlobalUnlock
GlobalAlloc
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExW
GetVersionExW
ReadConsoleW
SetLastError

user32

GetMenuItemID
GetSubMenu
CreatePopupMenu
LoadMenuW
LoadAcceleratorsW
GetKeyState
CharNextW
CharLowerW
PostQuitMessage
GetMessagePos
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DrawEdge
RegisterWindowMessageW
LoadStringA
LoadIconW
EnableWindow
AppendMenuW
UnhookWindowsHookEx
MessageBoxW
SetRectEmpty
GetMenuItemInfoW
ModifyMenuW
GetMenuItemCount
GetMenuStringW
SetMenu
GetMenu
TranslateAcceleratorW
GetActiveWindow
GetDlgCtrlID
DialogBoxParamW
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsMenu
IsWindow
RemoveMenu
SetMenuDefaultItem
MessageBeep
GetCursorPos
MonitorFromPoint
WindowFromPoint
GetWindowThreadProcessId
SendMessageW
DialogBoxIndirectParamW
EndDialog
GetDlgItem
SetWindowTextW
SetCursor
GetSysColorBrush
CheckMenuRadioItem
LockWindowUpdate
CallNextHookEx
LoadStringW
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
GetAncestor
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
InflateRect
LoadCursorW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DestroyMenu
SetMenuItemInfoW
GetSysColor
LoadImageW
DrawIconEx
DestroyIcon
DrawFrameControl
SetWindowsHookExW
GetClassNameW
SetClassLongW
PtInRect
OffsetRect
CopyRect
GetIconInfo
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetFocus
GetFocus
SetTimer
KillTimer
DrawTextW
BeginPaint
EndPaint
InvalidateRect
GetWindowTextW
GetWindowTextLengthW
GetClientRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
ValidateRect
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
TrackPopupMenuEx
GetSystemMetrics
IsWindowEnabled
ReleaseCapture
SetCapture
IsZoomed
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
GetParent
SetWindowLongW
GetWindowLongW

gdi32

SetBrushOrgEx
CreatePatternBrush
CreateBitmap
CreateDIBSection
Polyline
ExcludeClipRect
GetCurrentObject
Polygon
TextOutW
MoveToEx
GetTextMetricsW
SetTextAlign
Rectangle
LineTo
GetTextExtentPoint32W
GetStockObject
CreatePen
CreateSolidBrush
GetObjectW
SetTextColor
SetBkMode
CreateFontIndirectW
SetViewportOrgEx
GetDeviceCaps
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject
PatBlt
ExtTextOutW
SetBkColor

comdlg32

GetSaveFileNameW
GetOpenFileNameW
PrintDlgW
ChooseFontW

advapi32

ControlTraceW
RegCreateKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
CloseTrace
ProcessTrace
OpenTraceW
RegCloseKey
StartTraceW
RegQueryInfoKeyW
RegEnumKeyExW

shell32

SHGetFolderPathW
ShellExecuteW
ExtractIconExW
SHGetStockIconInfo
ExtractIconW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr

comctl32

ImageList_Destroy
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Create
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_DrawIndirect
CreateStatusWindowW
InitCommonControlsEx
ImageList_Draw

uxtheme

IsThemeActive
IsAppThemed
SetWindowTheme

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

dwmapi

DwmSetWindowAttribute
DwmDefWindowProc

iphlpapi

GetOwnerModuleFromTcpEntry
GetExtendedUdpTable
GetOwnerModuleFromUdpEntry
GetOwnerModuleFromTcp6Entry
GetOwnerModuleFromUdp6Entry
SetTcpEntry
GetExtendedTcpTable

ws2_32

getservbyport
gethostname
socket
send
WSAGetLastError
htons
connect
closesocket
ntohs
getaddrinfo
freeaddrinfo
WSAStartup
GetNameInfoW
recv

tdh

TdhGetEventInformation
TdhGetPropertySize

Sections

.text
Size: 733KB - Virtual size: 733KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1a671a4801a60e1a4a029d2b64a6739

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

5f:b8:4c:4b:b1:6e:a6:47:64:e1:46:d2:9d:bd:fe:77:a9:cb:24:ee:23:db:ef:84:ad:f5:76:3b:d2:01:04:3fSigner

Signature Validations

Verification

20/01/2023, 15:38 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

uxtheme

version

dwmapi

iphlpapi

ws2_32

tdh

Sections

.text Size: 733KB - Virtual size: 733KB

.rdata Size: 141KB - Virtual size: 140KB

.data Size: 17KB - Virtual size: 25KB

.detourc Size: 14KB - Virtual size: 13KB

.detourd Size: 512B - Virtual size: 36B

.rsrc Size: 423KB - Virtual size: 423KB

.reloc Size: 35KB - Virtual size: 35KB

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

5f:b8:4c:4b:b1:6e:a6:47:64:e1:46:d2:9d:bd:fe:77:a9:cb:24:ee:23:db:ef:84:ad:f5:76:3b:d2:01:04:3f
Signer

20/01/2023, 15:38
Valid: false

.text
Size: 733KB - Virtual size: 733KB

.rdata
Size: 141KB - Virtual size: 140KB

.data
Size: 17KB - Virtual size: 25KB

.detourc
Size: 14KB - Virtual size: 13KB

.detourd
Size: 512B - Virtual size: 36B

.rsrc
Size: 423KB - Virtual size: 423KB

.reloc
Size: 35KB - Virtual size: 35KB