Tcpvcon[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Tcpvcon.exe
Size

194KB
MD5

0d9540f8ed3ec25cf65b21454bd72123
SHA1

4532822ae9cc083115c32e6aa9c4e08c3d673575
SHA256

c9c3f0c4e7519d3a1f4ca427635f994a06613e94cb049f48c10151fab8888183
SHA512

654c482ce96473e4000be8b7dd2a8240b958a34f8d11053bd99716abe4269d75e0902d768f635c68fd0f9fa0bc8d2fecd965ee465d783ea88f270acbcdd8ef2b
SSDEEP

3072:eqMPhwQ+ro7Gv6+36G9yawQj/Fx8g+bImcBFDI9lw95J:eqM2Q+rayL6G9ykUdKBpolQ3

Score

1^/10

Malware Config

Signatures

Files

Tcpvcon.exe
.exe windows:5 windows x86

c510dea76f6096f5cfe2c672a3e799c1

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

77:31:21:69:14:9d:38:20:cf:41:d8:27:44:1c:7d:97:d4:58:32:b4
Signer

Actual PE Digest

77:31:21:69:14:9d:38:20:cf:41:d8:27:44:1c:7d:97:d4:58:32:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ws2_32

socket
closesocket
gethostbyname
send
gethostname
recv
ntohl
htonl
htons
ntohs
getservbyport
gethostbyaddr
WSAGetLastError
connect
WSAStartup

iphlpapi

GetTcpTable
GetUdpTable
SetTcpEntry

comctl32

CreateToolbarEx
ord17
ImageList_ReplaceIcon
ImageList_Create
ord6

psapi

GetModuleFileNameExA

kernel32

CreateEventA
GetSystemDirectoryA
DeviceIoControl
GetModuleFileNameA
DuplicateHandle
GetVersion
GetCurrentProcessId
DeleteFileA
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
HeapFree
GlobalLock
WaitForSingleObject
SetEvent
GetTickCount
GetProcessHeap
GetNumberFormatA
FormatMessageA
GetUserDefaultLangID
InitializeCriticalSection
GlobalAlloc
LeaveCriticalSection
TerminateProcess
GlobalUnlock
EnterCriticalSection
GlobalReAlloc
ExpandEnvironmentStringsA
GetStringTypeW
GetStringTypeA
SetStdHandle
WriteConsoleW
WriteConsoleA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
ReadProcessMemory
FlushFileBuffers
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
ExitProcess
Sleep
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
WriteFile
RtlUnwind
GetCommandLineA
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateThread
ResumeThread
ExitThread
HeapAlloc
SetEndOfFile
ReadFile
OpenProcess
LocalFree
LocalAlloc
LoadLibraryA
GetCommandLineW
CloseHandle
GetModuleHandleA
LockResource
GetProcAddress
SetLastError
GetLastError
SizeofResource
GetCurrentProcess
LoadResource
FindResourceA
CreateFileA
HeapSize
lstrlenA
GetConsoleOutputCP

user32

ScreenToClient
SetTimer
CloseClipboard
DestroyWindow
GetWindowRect
PostQuitMessage
TrackPopupMenu
IsIconic
FillRect
SetCapture
KillTimer
IsZoomed
DrawTextA
GetSubMenu
DrawIconEx
LoadStringA
GetFocus
LoadMenuA
LoadIconA
InvalidateRgn
GetClientRect
CreateMenu
SetFocus
GetDC
ChildWindowFromPoint
GetMenu
SetWindowLongA
InvalidateRect
GetWindowLongA
ClientToScreen
ReleaseDC
EnableMenuItem
EmptyClipboard
DefWindowProcA
GetSysColor
SetWindowPos
GetCursorPos
ShowWindow
DrawMenuBar
PostMessageA
OpenClipboard
ReleaseCapture
GetSystemMetrics
InsertMenuA
SetClipboardData
CallWindowProcA
SetMenuItemInfoA
DialogBoxParamA
DestroyIcon
SetDlgItemTextA
CheckMenuItem
MoveWindow
MessageBoxA
SetCursor
SendMessageA
InflateRect
GetDlgItem
EndDialog
GetSysColorBrush
SetWindowTextA
DialogBoxIndirectParamA
LoadCursorA
CreateWindowExA
GetParent

gdi32

StartDocA
SetMapMode
GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkColor
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
GetBkColor
GetTextMetricsA
GetObjectA
GetStockObject
CreateSolidBrush
EndPage
StartPage
EndDoc

comdlg32

ChooseFontA
PrintDlgA
GetSaveFileNameA

advapi32

GetTokenInformation
RegQueryValueExA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCreateKeyA
RegDeleteKeyA
RegSetValueExA
OpenProcessToken
EqualSid
AllocateAndInitializeSid
FreeSid
RegOpenKeyA
RegOpenKeyExA

shell32

ShellExecuteExA
SHGetFileInfoA
ShellExecuteA

oleaut32

VariantClear
SysAllocString
SysFreeString

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c510dea76f6096f5cfe2c672a3e799c1

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

77:31:21:69:14:9d:38:20:cf:41:d8:27:44:1c:7d:97:d4:58:32:b4Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

ws2_32

iphlpapi

comctl32

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

oleaut32

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 15KB - Virtual size: 26KB

.rsrc Size: 22KB - Virtual size: 22KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

77:31:21:69:14:9d:38:20:cf:41:d8:27:44:1c:7d:97:d4:58:32:b4
Signer

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 15KB - Virtual size: 26KB

.rsrc
Size: 22KB - Virtual size: 22KB