home

tftp.exe

It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from www.winagents.ru and multiple other hosts.
MD5:
c81455680c50cc4adb555f3330958725

SHA-1:
aa037e985677a05cdb7fa946045fa38ce6de689a

SHA-256:
3cb14873a67730f65ff7c0715da593445ad5cdfa990532fd15cf9bea65b23fdc

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/16/2024 6:59:08 AM UTC  (today)

File size:
176.5 KB (180,736 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\tftp.exe

File PE Metadata
Compilation timestamp:
8/8/2012 4:46:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
3072:323upVaBgQivItGon8pyJI6liFnrOpM1PhqaF6jCOm6bh:G+pVaBgQoIGpyflMnSpQqXjd9

Entry address:
0xDEF1

Entry point:
E8, 42, 62, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, E0, B4, 42, 00, 00, 75, 18, E8, 25, 5A, 00, 00, 6A, 1E, E8, 6F, 58, 00, 00, 68, FF, 00, 00, 00, E8, 2F, 55, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, E0, B4, 42, 00, FF, 15, 64, 20, 42, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, E4, B4, 42, 00, 74, 0D, 53, E8, 71, 43, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 90, 1B, 00, 00, 89, 30, E8, 89, 1B, 00, 00, 89...
 
[+]

Entropy:
6.4869

Code size:
132 KB (135,168 bytes)

Scheduled Task
Task name:
{584199DF-098F-4E55-9CDE-0DCEDB4D0BC0}

Trigger:
Registration (Runs on registration)


The file tftp.exe has been discovered within the following program.

WinAgents TFTP Server  by Tandem Systems, Ltd.
www.winagents.com
About 1% of users remove it
 
Powered by Should I Remove It?

The file tftp.exe has been seen being distributed by the following 5 URLs.

http://www.winagents.ru/.../tftp.exe

http://www.brothersoft.com/d.php?soft_id=174278&url=http://www.winagents.com/.../tftp.exe&name=WinAgents TFTP Client

http://lod.com/.../tftp.exe

http://www.winagents.com/downloads/.../tftp.exe

http://www.winagents.com/.../tftp.exe

Scan tftp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.