tftpd64[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tftpd64.exe
Size

333KB
MD5

12e199b568db2fae62a1c94a9e3fe03f
SHA1

b903317faba95acdd70213452ec3e5c6223b760d
SHA256

6432554c66926d9b7fad0e0056d32491a9dd8af95aede6c39f701fb531f99330
SHA512

485ef2f49f22a66b2f948e944dc6cce6921e8116110f28675e08be23cbea890a0c9fa6bce3c1fef9e7f82c371a48207f86a5372498febda9517a05c1ff474675
SSDEEP

6144:iPZKaphtUZ9WD6xYvosA6VkpYblTjrXuFJZ1VGgnIGLm:Wkaphtw9WDCRsWKOC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tftpd64.exe

Files

tftpd64.exe
.exe windows x64

91125ea053fc85b0ad1fbc4aa62fe2af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHBrowseForFolderA
DragFinish
DragAcceptFiles
DragQueryFileA
ShellExecuteA
SHGetPathFromIDListA
Shell_NotifyIconA

ws2_32

listen
accept
select
ntohs
getsockname
WSACloseEvent
WSAEventSelect
WSACreateEvent
gethostbyname
WSAIoctl
gethostname
inet_ntoa
ntohl
htonl
setsockopt
bind
getservbyname
WSAStartup
WSACleanup
connect
recvfrom
getaddrinfo
WSAGetLastError
sendto
recv
socket
freeaddrinfo
getpeername
closesocket
WSAAsyncSelect
getnameinfo
inet_addr
htons
send
WSASetLastError

comctl32

InitCommonControlsEx

iphlpapi

DeleteIpNetEntry
GetIpNetTable
GetAdaptersAddresses
SendARP
GetIpForwardTable

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
SetCurrentDirectoryW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
MultiByteToWideChar
SetHandleCount
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
FreeLibrary
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
FatalAppExitA
LCMapStringW
GetConsoleCP
lstrlenA
lstrcatA
lstrcmpiA
GetModuleFileNameA
lstrcpyA
lstrcpynA
lstrcmpA
GetEnvironmentVariableA
GetCurrentProcess
Sleep
GetLastError
SetLastError
SetProcessWorkingSetSize
CreateMutexA
ReleaseMutex
CloseHandle
GetFullPathNameA
GetVersion
GetLocalTime
CreateProcessA
CreateFileA
GetFileSize
WaitForSingleObject
WriteFile
GetFileAttributesA
CreateSemaphoreA
ReadFile
ReleaseSemaphore
SetCurrentDirectoryA
GetCurrentDirectoryA
GetLocaleInfoW
SetEnvironmentVariableA
SetFilePointer
FlushFileBuffers
GetTickCount
GetCurrentThreadId
ResetEvent
GetSystemTime
SetEvent
GetCurrentThread
CreateEventA
SetThreadPriority
WaitForMultipleObjects
CreateThread
GlobalUnlock
GlobalLock
GlobalAlloc
OutputDebugStringA
LocalFree
FormatMessageA
GetSystemTimeAsFileTime
FindClose
FindNextFileA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
LoadLibraryW
SetConsoleCtrlHandler
ExitProcess
GetModuleHandleW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
HeapSetInformation
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
GetTimeZoneInformation
WideCharToMultiByte
DecodePointer
EncodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetCommandLineA
FindFirstFileExA
GetDriveTypeA
GetStringTypeW
HeapReAlloc
HeapAlloc
ResumeThread
ExitThread
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
HeapFree
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetDriveTypeW
SetEndOfFile
GetProcessHeap
HeapSize
CompareStringW
DeleteFileA
CreateFileW

user32

SetWindowsHookExA
DialogBoxParamA
CreateWindowExA
RegisterClassA
GetClassInfoA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetFocus
SetWindowLongA
GetWindowLongA
UnhookWindowsHookEx
SystemParametersInfoA
MessageBeep
wvsprintfA
MapDialogRect
InvalidateRect
RedrawWindow
MoveWindow
SetTimer
SendDlgItemMessageA
SetClassLongPtrA
KillTimer
SetForegroundWindow
LoadIconA
ChildWindowFromPoint
GetWindowTextA
MessageBoxA
UnregisterClassA
DefWindowProcA
GetSysColor
SetDlgItemTextA
SetWindowTextA
SetWindowLongPtrA
IsWindow
GetSystemMetrics
EnableWindow
CallWindowProcA
FindWindowA
DestroyIcon
CheckMenuItem
GetWindow
ReleaseDC
DestroyWindow
GetSystemMenu
GetWindowRect
CreateDialogParamA
GetTopWindow
GetClientRect
SetWindowPos
ShowWindow
AppendMenuA
IsWindowVisible
GetDialogBaseUnits
PostMessageA
GetDlgItemInt
SetDlgItemInt
GetDlgItemTextA
GetWindowLongPtrA
TrackPopupMenu
GetSubMenu
GetParent
LoadMenuA
wsprintfA
GetDlgItem
GetCursorPos
DestroyMenu
SendMessageA
EndDialog
GetDC

gdi32

SetTextColor
ExtTextOutA
GetTextMetricsA
LPtoDP
GetTextExtentPoint32A
SetBkColor

comdlg32

GetOpenFileNameA

advapi32

RegSetValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA

Sections

.text
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91125ea053fc85b0ad1fbc4aa62fe2af

Headers

DLL Characteristics

File Characteristics

Imports

shell32

ws2_32

comctl32

iphlpapi

kernel32

user32

gdi32

comdlg32

advapi32

Sections

.text Size: 237KB - Virtual size: 236KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 14KB - Virtual size: 113KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 237KB - Virtual size: 236KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 14KB - Virtual size: 113KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 2KB - Virtual size: 2KB