tcpview64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

tcpview64.exe
Size

1.7MB
MD5

06022baeddac003989d75eee785e59d5
SHA1

e85dc6f20f1148b7ac9b9b8fb5297493f0338ad4
SHA256

912446bc6d54d26a08fc5623cba7290673301a1eddf04c0a25ba48886c191143
SHA512

4b15655df3c89d7e974902595ade9cad91f8c2e201bea2b9e5d109b0be2e6dff659eec102f03fee366e0d64ed2ed906ca8eec10fb37cfd0efb9b7a5c05e385d7
SSDEEP

24576:9FLErZgRJNlafphMoLXROH89vQ8oF6/D1F4+8KkN+VtFFFLChKMdDBbG:KgbNlaf57RfoFg1F41atFFFOhKMdDB

Score

1^/10

Malware Config

Signatures

Files

tcpview64.exe
.exe windows x64

66ae11d7536b16a1f01462617f63dcc2

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:32

Not After

01/09/2022, 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:5f:4d:cc:85:e8:c0:d0:27:40:27:a5:9d:8a:70:17:57:6b:12:8a:6b:29:92:e9:7b:6a:9f:a4:c9:fa:7e:f0
Signer

Actual PE Digest

3c:5f:4d:cc:85:e8:c0:d0:27:40:27:a5:9d:8a:70:17:57:6b:12:8a:6b:29:92:e9:7b:6a:9f:a4:c9:fa:7e:f0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/03/2023, 16:06
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryExA
TrySubmitThreadpoolCallback
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleExW
FormatMessageW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetNumberFormatEx
CreateDirectoryW
SetThreadPriority
SetPriorityClass
lstrcmpW
DecodePointer
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
lstrcmpiW
CreateThread
TerminateThread
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetTickCount64
FileTimeToSystemTime
WriteConsoleW
ReadFile
SetFilePointerEx
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetConsoleCtrlHandler
ReadConsoleW
MapViewOfFileEx
ReadConsoleInputW
GetNumberOfConsoleInputEvents
SetConsoleMode
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetConsoleCP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
TryAcquireSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetStringTypeW
FormatMessageA
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
OutputDebugStringW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
CreateFileMappingW
SetFilePointer
GetFileSize
DebugBreak
VirtualQuery
VirtualFree
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
IsWow64Process
WriteProcessMemory
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
VirtualAllocEx
OpenProcess
CreateProcessW
CreateProcessA
GetExitCodeProcess
TerminateProcess
ExitProcess
WaitForSingleObject
GetEnvironmentVariableW
GetEnvironmentVariableA
VerifyVersionInfoW
lstrlenW
LoadLibraryW
FreeLibrary
CreateRemoteThreadEx
GetThreadId
ResumeThread
GetCurrentThread
CloseHandle
GetTempPathW
WriteFile
CreateFileW
VerSetConditionMask
GetModuleFileNameW
GetCurrentThreadId
RtlUnwind
DeleteCriticalSection
VirtualProtect
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
WritePrivateProfileStructW
GetPrivateProfileStructW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetFileAttributesW
GetCurrentProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
GlobalLock
GlobalUnlock
GlobalAlloc
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExW
GetVersionExW
PeekConsoleInputA
SetLastError

user32

GetMenuItemID
GetSubMenu
CreatePopupMenu
LoadMenuW
LoadAcceleratorsW
GetKeyState
CharNextW
CharLowerW
PostQuitMessage
GetMessagePos
PeekMessageW
DispatchMessageW
TranslateMessage
DrawFrameControl
DrawEdge
RegisterWindowMessageW
LoadStringA
AppendMenuW
EnableWindow
MonitorFromPoint
UnhookWindowsHookEx
SetRectEmpty
LockWindowUpdate
GetMenuItemInfoW
ModifyMenuW
GetMenuItemCount
GetMenuStringW
SetMenu
GetMenu
TranslateAcceleratorW
GetActiveWindow
GetDlgCtrlID
DialogBoxParamW
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
RemoveMenu
SetMenuDefaultItem
MessageBeep
GetCursorPos
LoadIconW
WindowFromPoint
GetWindowThreadProcessId
SendMessageW
DialogBoxIndirectParamW
EndDialog
GetDlgItem
SetWindowTextW
SetCursor
GetSysColorBrush
CheckMenuRadioItem
MessageBoxW
SetWindowsHookExW
DestroyWindow
IsMenu
IsWindow
LoadStringW
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
GetAncestor
GetMonitorInfoW
MonitorFromWindow
InflateRect
LoadCursorW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DestroyMenu
SetMenuItemInfoW
GetSysColor
LoadImageW
DrawIconEx
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
DestroyIcon
CallNextHookEx
GetMessageW
GetClassNameW
SetClassLongPtrW
GetIconInfo
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetFocus
GetFocus
SetTimer
KillTimer
DrawTextW
BeginPaint
EndPaint
InvalidateRect
GetWindowTextW
GetWindowTextLengthW
GetClientRect
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
ValidateRect
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
TrackPopupMenuEx
GetSystemMetrics
IsWindowEnabled
ReleaseCapture
SetCapture
IsZoomed
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
GetParent
SetWindowLongPtrW
GetWindowLongPtrW

gdi32

SetBrushOrgEx
CreatePatternBrush
CreateBitmap
CreateDIBSection
Polyline
ExcludeClipRect
GetCurrentObject
Polygon
TextOutW
MoveToEx
GetTextMetricsW
SetTextAlign
Rectangle
LineTo
GetTextExtentPoint32W
GetStockObject
CreatePen
CreateSolidBrush
GetObjectW
SetTextColor
GetDeviceCaps
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject
SetBkColor
ExtTextOutW
SetViewportOrgEx
PatBlt
SetBkMode
CreateFontIndirectW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
PrintDlgW
ChooseFontW

advapi32

ControlTraceW
RegCreateKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
CloseTrace
ProcessTrace
OpenTraceW
RegCloseKey
StartTraceW
RegQueryInfoKeyW
RegEnumKeyExW

shell32

SHGetFolderPathW
ShellExecuteW
ExtractIconExW
SHGetStockIconInfo
ExtractIconW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr

comctl32

ImageList_Destroy
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Create
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_DrawIndirect
CreateStatusWindowW
InitCommonControlsEx
ImageList_Draw

uxtheme

IsThemeActive
IsAppThemed
SetWindowTheme

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

dwmapi

DwmSetWindowAttribute
DwmDefWindowProc

iphlpapi

GetOwnerModuleFromTcpEntry
GetExtendedUdpTable
GetOwnerModuleFromUdpEntry
GetOwnerModuleFromTcp6Entry
GetOwnerModuleFromUdp6Entry
SetTcpEntry
GetExtendedTcpTable

ws2_32

getservbyport
gethostname
socket
send
WSAGetLastError
htons
connect
closesocket
ntohs
getaddrinfo
freeaddrinfo
WSAStartup
GetNameInfoW
recv

tdh

TdhGetEventInformation
TdhGetPropertySize

Sections

.text
Size: 932KB - Virtual size: 931KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66ae11d7536b16a1f01462617f63dcc2

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

3c:5f:4d:cc:85:e8:c0:d0:27:40:27:a5:9d:8a:70:17:57:6b:12:8a:6b:29:92:e9:7b:6a:9f:a4:c9:fa:7e:f0Signer

Signature Validations

Verification

23/03/2023, 16:06 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

uxtheme

version

dwmapi

iphlpapi

ws2_32

tdh

Sections

.text Size: 932KB - Virtual size: 931KB

.rdata Size: 238KB - Virtual size: 237KB

.data Size: 21KB - Virtual size: 32KB

.pdata Size: 52KB - Virtual size: 51KB

.detourc Size: 26KB - Virtual size: 26KB

.detourd Size: 512B - Virtual size: 72B

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 423KB - Virtual size: 423KB

.reloc Size: 8KB - Virtual size: 7KB

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

3c:5f:4d:cc:85:e8:c0:d0:27:40:27:a5:9d:8a:70:17:57:6b:12:8a:6b:29:92:e9:7b:6a:9f:a4:c9:fa:7e:f0
Signer

23/03/2023, 16:06
Valid: false

.text
Size: 932KB - Virtual size: 931KB

.rdata
Size: 238KB - Virtual size: 237KB

.data
Size: 21KB - Virtual size: 32KB

.pdata
Size: 52KB - Virtual size: 51KB

.detourc
Size: 26KB - Virtual size: 26KB

.detourd
Size: 512B - Virtual size: 72B

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 423KB - Virtual size: 423KB

.reloc
Size: 8KB - Virtual size: 7KB