tftpd32[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tftpd32.exe
Size

182KB
MD5

0b9d7bf4f7d4512cd29c66023105b5e8
SHA1

04f40421f1bf0941c983e2adbcd1ab37d02cbedd
SHA256

754402b8eb299cc2227a8b26b43aaf0948bf2074b8a50d40d30d869a02a4f01b
SHA512

a96f1fbf591f139a365c73f368a188e4a30099732c63cc8a7512985d004214ce555dfbfd667f62c59bb4555921c3c32e67dfb2062e45bb2083774e83d27e54e0
SSDEEP

3072:+g2Rrd1iiYlwwF+JBotQjJFKY9kttkVQYG25S31:gRrdAiYlwWyot2JFKY9k3jF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tftpd32.exe

Files

tftpd32.exe
.exe windows:5 windows x86 arch:x86

620eef86a70e9bca1b1414800726645d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadMenuA
GetParent
GetSubMenu
TrackPopupMenu
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
PostMessageA
GetDialogBaseUnits
SetWindowTextA
SystemParametersInfoA
UnhookWindowsHookEx
SetWindowsHookExA
DialogBoxParamA
CreateWindowExA
RegisterClassA
GetClassInfoA
CloseClipboard
GetWindowLongA
EmptyClipboard
OpenClipboard
GetFocus
GetDlgItem
IsWindowVisible
AppendMenuA
ShowWindow
SetWindowPos
GetClientRect
GetTopWindow
CreateDialogParamA
GetWindowRect
GetSystemMenu
DestroyWindow
ReleaseDC
GetDC
GetWindow
CheckMenuItem
DestroyIcon
LoadCursorA
GetCursorPos
DestroyMenu
SendMessageA
wsprintfA
EndDialog
SetClipboardData
MessageBeep
SetDlgItemTextA
wvsprintfA
CallWindowProcA
GetWindowTextA
MapDialogRect
InvalidateRect
MoveWindow
SetCursor
SetTimer
SendDlgItemMessageA
KillTimer
SetForegroundWindow
LoadIconA
SetWindowLongA
MessageBoxA
UnregisterClassA
SetClassLongA
DefWindowProcA
IsWindow
GetSystemMetrics
EnableWindow
FindWindowA

shell32

SHBrowseForFolderA
ShellExecuteA
DragQueryFileA
DragAcceptFiles
DragFinish
Shell_NotifyIconA
SHGetPathFromIDListA

gdi32

LPtoDP
GetTextExtentPoint32A

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA

ws2_32

closesocket
getservbyname
socket
sendto
setsockopt
htons
htonl
inet_addr
ntohl
recvfrom
inet_ntoa
listen
WSASetLastError
gethostname
send
gethostbyname
WSAAsyncSelect
ntohs
WSACleanup
WSAStartup
bind
recv
WSAGetLastError
connect
WSACreateEvent
WSAEventSelect
WSACloseEvent
getsockname
select
accept

comctl32

InitCommonControlsEx

iphlpapi

SendARP

kernel32

GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
MultiByteToWideChar
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
LoadLibraryW
GetTimeZoneInformation
WideCharToMultiByte
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
ExitProcess
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
GetCommandLineA
GetDriveTypeA
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
HeapReAlloc
HeapAlloc
HeapFree
ResumeThread
ExitThread
HeapSize
SetEndOfFile
GetSystemTimeAsFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
FindNextFileA
FindClose
WritePrivateProfileStringA
GetPrivateProfileStringA
OutputDebugStringA
FormatMessageA
LocalFree
SetLastError
SetThreadPriority
GetProcessHeap
CompareStringA
TlsAlloc
CreateMutexA
CreateFileA
SetFilePointer
lstrlenA
WriteFile
Sleep
FlushFileBuffers
GetLocalTime
CloseHandle
GetFileSize
lstrcmpA
GetTickCount
GetLastError
GetCurrentThreadId
lstrcpyA
lstrcpynA
lstrcatA
SetEnvironmentVariableA
GetEnvironmentVariableA
GetCurrentProcess
SetProcessWorkingSetSize
CompareStringW
ReleaseMutex
GetFullPathNameA
CreateProcessA
WaitForSingleObject
lstrcmpiA
ResetEvent
GetModuleFileNameA
GetCurrentDirectoryA
GetSystemTime
SetEvent
CreateEventA
WaitForMultipleObjects
GetFileAttributesA
CreateSemaphoreA
ReadFile
ReleaseSemaphore
SetCurrentDirectoryA
DeleteFileA
CreateThread

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

620eef86a70e9bca1b1414800726645d

Headers

DLL Characteristics

File Characteristics

Imports

user32

shell32

gdi32

comdlg32

advapi32

ws2_32

comctl32

iphlpapi

kernel32

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 10KB - Virtual size: 99KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 10KB - Virtual size: 99KB

.rsrc
Size: 13KB - Virtual size: 13KB