sftgc.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from ahp.li.
Description:
Nettoyage des fichiers temporaires

Version:
2.2.0.0

MD5:
9a37f0ca06f087f289b2a6bdc2aae1c1

SHA-1:
15f4cab30cee52ce25aa19890dc3a96af7e5adcb

SHA-256:
799d48ca960268143084a2f9cd1aaceea3b91e4f999a16af3e1fe50d4f6f34f6

Scanner detections:
6 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/27/2024 8:07:45 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1834283
877

Bitdefender
Trojan.GenericKD.1834283
1.0.20.1270

Emsisoft Anti-Malware
Trojan.GenericKD.1834283
8.14.09.11.09

G Data
Trojan.GenericKD.1834283
14.9.24

MicroWorld eScan
Trojan.GenericKD.1834283
15.0.0.762

nProtect
Trojan.GenericKD.1834283
14.09.03.01

File size:
1.3 MB (1,348,096 bytes)

Product version:
3.3.12.0

Copyright:
Pierre13

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\sftgc.exe

File PE Metadata
Compilation timestamp:
8/31/2014 3:26:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:otb20pkaCqT5TBWgNQ7aPahTvBVSJR5iRhXAPRbDSL/6A:xVg5tQ7ait5VSL54JgSj5

Entry address:
0x25F74

Entry point:
E8, 6A, CE, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, A3, 4B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00...
 
[+]

Code size:
557.5 KB (570,880 bytes)

The file sftgc.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to archive-host.com  (188.165.46.1:80)

Scan sftgc.exe - Powered by Reason Core Security