home

tcpviewer.exe

Sysinternals TCPView

Microsoft Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TCPView’. The file has been seen being downloaded from superiorelectricmotors.com and multiple other hosts.
Publisher:
Sysinternals - www.sysinternals.com  (signed by Microsoft Corporation)

Product:
Sysinternals TCPView

Description:
TCP/UDP endpoint viewer

Version:
3.05

MD5:
9aa5a93712c584acdcaa7eef9d25ef4d

SHA-1:
9589b7b51791c5bb819cbee9f85d49249602768a

SHA-256:
c00d90c50a5e05d270b796645d5f12dee94a31ca94b8ddc90c91af1f9e208850

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/23/2024 7:16:21 AM UTC  (today)

File size:
293.8 KB (300,832 bytes)

Product version:
3.05

Copyright:
Copyright (C) 1998-2011 Mark Russinovich and Bryce Cogswell

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\~custom files\tcpview\tcpviewer.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
7/19/2010 11:53:10 PM

Valid to:
10/19/2011 11:53:10 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
6108775F00000000004A

File PE Metadata
Compilation timestamp:
5/18/2011 12:46:19 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:51o12lUr7EbaK1fw9mdo7DZJ/wDAUZlYm3UhM9lY:5C1ZobTw9tDZJwDrPYmOf

Entry address:
0x149D8

Entry point:
E8, D6, AC, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C...
 
[+]

Entropy:
6.6265

Code size:
232 KB (237,568 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
TCPView

Command:
"C:\Program Files\~custom files\tcpview\tcpviewer.exe"


The file tcpviewer.exe has been discovered within the following programs.

FastCopy  by H.Shirouzu
groups.google.com/forum/?hl=ja#!forum/fastcopy-bb-eng
About 3% of users remove it
PC House Keeper 2012  by DanuSoft
Publisher's description - “PC House Keeper 2012 is the most comprehensive PC maintenance software for Windows Vista and Windows 7 computers with 20 different tools (and counting) that are specifically designed to help diagnose and improve your computer’s system and network performance.”
www.danusoft.com
About 6% of users remove it
 
Powered by Should I Remove It?

The file tcpviewer.exe has been seen being distributed by the following 7 URLs.

http://superiorelectricmotors.com/wp-content/plugins/.../89h8btyfde445.exe

http://klariss.cz/87yg756f5.exe

http://live.sysinternals.com/.../Tcpview.exe

https://live.sysinternals.com/Tcpview.exe

https://rrc.neu.edu/tools/Malware and Best Practices/.../tcp_view.exe

http://tcpview.softonic.fr/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxANmFrgIixlXHsW75KghYmvjrVRoxWOFrb9/.../0D4WOJdEDyox0Mv8W4zAiXdrNkxgmM=

http://live.sysinternals.com/tcpview.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.