tFtickR[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tFtickR.exe
Size

1.1MB
MD5

c6edd06082bec49dfe19048eb13565dd
SHA1

fd2006cc32b773ab8a66202c5b72ce0652184bd2
SHA256

b54a03a4f197d82afb0ba5a5ab4da57f9a3e3aa5cf08d629b5e8128b86fba277
SHA512

d3f1e8ab50b4b59cf12cde7b97ec66977eaee9a273beffc8c644612409e112f9b0efac653d6369b4031cad21c7a75b804446fe451b3e5c79264ab8b5ffbe9228
SSDEEP

24576:6k//FTmpNbSjEDkHjfpxnVOYkFuZbjMV4+Pw3Ev:6knVgV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tFtickR.exe

Files

tFtickR.exe
.exe windows:4 windows x86

b1882fe497198079bd863c3dd4e7f4ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CreateFileA
GetFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
CompareFileTime
FileTimeToSystemTime
DuplicateHandle
GetCurrentProcess
SetStdHandle
CreatePipe
GetStdHandle
ReadFile
WriteFile
CreateProcessA
TerminateProcess
GetExitCodeProcess
SetErrorMode
FileTimeToLocalFileTime
GetTimeZoneInformation
GetTempPathA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
RemoveDirectoryA
MultiByteToWideChar
lstrcpyA
GetCurrentDirectoryA
GetCurrentProcessId
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
GetLocalTime
MoveFileA
ClearCommError
GetLastError
SetCommTimeouts
GetCommTimeouts
SetCommState
SetupComm
ClearCommBreak
BuildCommDCBA
GetCommState
CreateEventA
PurgeComm
CloseHandle
TransmitCommChar
WriteFileEx
GetCommModemStatus
EscapeCommFunction
lstrlenA
CompareStringW
CompareStringA
LoadLibraryA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetOEMCP
GetACP
GetCPInfo
WaitForSingleObject
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetLocaleInfoW
GetModuleHandleA
GetProcAddress
UnhandledExceptionFilter
WideCharToMultiByte
GetStartupInfoA
SetHandleCount
FlushFileBuffers
FatalAppExitA
HeapSize
HeapReAlloc
SetFileAttributesA
GetTickCount
SetConsoleCtrlHandler
Sleep
CreateDirectoryA
FindFirstFileA
CopyFileA
FindNextFileA
GetCommProperties
FindClose
GetCurrentThread
SetLastError
TlsFree
TlsAlloc
RtlUnwind
ExitProcess
GetFileAttributesA
DeleteFileA
GetFileType
GetSystemTime
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
SetFilePointer
SetEndOfFile
SetEnvironmentVariableA
SetCurrentDirectoryA
RaiseException
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
GetFullPathNameA
GetDriveTypeA
GetFileInformationByHandle
PeekNamedPipe

user32

GetWindowThreadProcessId
MessageBoxA
GetWindowRect
GetWindowTextLengthA
GetWindow
GetDesktopWindow
FindWindowExA
ExitWindowsEx
DispatchMessageA
TranslateMessage
PeekMessageA
IsDialogMessageA
TranslateAcceleratorA
SendMessageA
FindWindowA
GetParent

wsock32

closesocket
setsockopt
getsockopt
inet_ntoa
htons
bind
gethostbyname
WSAGetLastError
htonl
ioctlsocket
ntohl
recv
send
socket
listen
inet_addr
accept
connect
sendto
gethostname
WSACleanup
WSAStartup
ntohs
recvfrom

advapi32

RegSetValueExA
RegFlushKey
RegCloseKey
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

Sections

.text
Size: 940KB - Virtual size: 936KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b1882fe497198079bd863c3dd4e7f4ff

Headers

File Characteristics

Imports

kernel32

user32

wsock32

advapi32

ole32

Sections

.text Size: 940KB - Virtual size: 936KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 88KB - Virtual size: 96KB

.text
Size: 940KB - Virtual size: 936KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 88KB - Virtual size: 96KB