tftpd64[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tftpd64.exe
Size

335KB
MD5

2b5b09a1ef785ae577cdea8f29b50a92
SHA1

efe6d46dea5a6d5a915a7c3c0db9817465fdf090
SHA256

2f5de838cf3079723f1697e5fac2f75fad4b98cd81b165f87cdfa99ded22d801
SHA512

2ab4580d7dd8859bb8f2f91bbb1c89375b8f4d3ad71186ca2b59a64b41058b4d3a5a18b1d4250735d7187e9e178924c5dc466c579dc24a172209a8a006510bb8
SSDEEP

6144:wLFnGaoI/USzZVotx0Tqg97eiKOcjtTE8wZLzTZHITd9DWmx:IAaoeUSzZVLTq/ccgZSx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tftpd64.exe

Files

tftpd64.exe
.exe windows:5 windows x64 arch:x64

a6e9738770fed23ea6fefa9d5125ee3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\tftpd32\BIN\Release\tftpd32.amd64.pdb

Imports

shell32

SHBrowseForFolderA
DragFinish
DragAcceptFiles
DragQueryFileA
ShellExecuteA
SHGetPathFromIDListA
Shell_NotifyIconA

ws2_32

listen
accept
select
ntohs
getsockname
WSACloseEvent
WSAEventSelect
WSACreateEvent
gethostbyname
WSAIoctl
gethostname
inet_ntoa
ntohl
htonl
setsockopt
bind
getservbyname
WSAStartup
WSACleanup
connect
recvfrom
getaddrinfo
WSAGetLastError
sendto
recv
socket
freeaddrinfo
getpeername
closesocket
WSAAsyncSelect
getnameinfo
inet_addr
htons
send
WSASetLastError

comctl32

InitCommonControlsEx

iphlpapi

DeleteIpNetEntry
GetIpNetTable
GetAdaptersAddresses
SendARP
GetIpForwardTable

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
SetCurrentDirectoryW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
MultiByteToWideChar
SetHandleCount
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
FreeLibrary
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
FatalAppExitA
LCMapStringW
GetConsoleCP
lstrlenA
lstrcatA
lstrcmpiA
GetModuleFileNameA
lstrcpyA
lstrcpynA
lstrcmpA
GetEnvironmentVariableA
OutputDebugStringA
GetCurrentProcess
Sleep
GetLastError
SetLastError
SetProcessWorkingSetSize
CreateMutexA
ReleaseMutex
CloseHandle
GetFullPathNameA
GetVersion
GetLocalTime
CreateProcessA
CreateFileA
GetFileSize
WaitForSingleObject
WriteFile
GetFileAttributesA
CreateSemaphoreA
ReadFile
ReleaseSemaphore
SetCurrentDirectoryA
GetLocaleInfoW
DeleteFileA
SetEnvironmentVariableA
SetFilePointer
FlushFileBuffers
GetTickCount
GetCurrentThreadId
ResetEvent
GetSystemTime
SetEvent
GetCurrentThread
CreateEventA
SetThreadPriority
WaitForMultipleObjects
CreateThread
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFree
FormatMessageA
GetSystemTimeAsFileTime
FindClose
FindNextFileA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
LoadLibraryW
SetConsoleCtrlHandler
ExitProcess
GetModuleHandleW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
HeapSetInformation
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
GetTimeZoneInformation
WideCharToMultiByte
DecodePointer
EncodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetCommandLineA
FindFirstFileExA
GetDriveTypeA
GetStringTypeW
HeapReAlloc
HeapAlloc
ResumeThread
ExitThread
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
HeapFree
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetDriveTypeW
SetEndOfFile
GetProcessHeap
HeapSize
CompareStringW
GetCurrentDirectoryA
CreateFileW

user32

SetWindowsHookExA
DialogBoxParamA
CreateWindowExA
RegisterClassA
GetClassInfoA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetFocus
SetWindowLongA
GetWindowLongA
UnhookWindowsHookEx
SystemParametersInfoA
MessageBeep
wvsprintfA
MapDialogRect
InvalidateRect
RedrawWindow
MoveWindow
SetTimer
SendDlgItemMessageA
SetClassLongPtrA
KillTimer
SetForegroundWindow
LoadIconA
ChildWindowFromPoint
GetWindowTextA
MessageBoxA
UnregisterClassA
DefWindowProcA
GetSysColor
SetDlgItemTextA
SetWindowTextA
SetWindowLongPtrA
IsWindow
GetSystemMetrics
EnableWindow
CallWindowProcA
FindWindowA
DestroyIcon
CheckMenuItem
GetWindow
ReleaseDC
DestroyWindow
GetSystemMenu
GetWindowRect
CreateDialogParamA
GetTopWindow
GetClientRect
SetWindowPos
ShowWindow
AppendMenuA
IsWindowVisible
GetDialogBaseUnits
PostMessageA
GetDlgItemInt
SetDlgItemInt
GetDlgItemTextA
GetWindowLongPtrA
TrackPopupMenu
GetSubMenu
GetParent
LoadMenuA
wsprintfA
GetDlgItem
GetCursorPos
DestroyMenu
SendMessageA
EndDialog
GetDC

gdi32

SetTextColor
ExtTextOutA
GetTextMetricsA
LPtoDP
GetTextExtentPoint32A
SetBkColor

comdlg32

GetOpenFileNameA

advapi32

RegSetValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA

Sections

.text
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6e9738770fed23ea6fefa9d5125ee3e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

ws2_32

comctl32

iphlpapi

kernel32

user32

gdi32

comdlg32

advapi32

Sections

.text Size: 238KB - Virtual size: 238KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 14KB - Virtual size: 113KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 238KB - Virtual size: 238KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 14KB - Virtual size: 113KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 2KB - Virtual size: 2KB