home

sftgc.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from ahp.li.
Description:
Nettoyage des fichiers temporaires

Version:
2.2.0.0

MD5:
9a37f0ca06f087f289b2a6bdc2aae1c1

SHA-1:
15f4cab30cee52ce25aa19890dc3a96af7e5adcb

SHA-256:
799d48ca960268143084a2f9cd1aaceea3b91e4f999a16af3e1fe50d4f6f34f6

Scanner detections:
6 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/16/2024 8:38:48 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1834283
877

Bitdefender
Trojan.GenericKD.1834283
1.0.20.1270

Emsisoft Anti-Malware
Trojan.GenericKD.1834283
8.14.09.11.09

G Data
Trojan.GenericKD.1834283
14.9.24

MicroWorld eScan
Trojan.GenericKD.1834283
15.0.0.762

nProtect
Trojan.GenericKD.1834283
14.09.03.01

File size:
1.3 MB (1,348,096 bytes)

Product version:
3.3.12.0

Copyright:
Pierre13

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\sftgc.exe

File PE Metadata
Compilation timestamp:
8/31/2014 3:26:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:otb20pkaCqT5TBWgNQ7aPahTvBVSJR5iRhXAPRbDSL/6A:xVg5tQ7ait5VSL54JgSj5

Entry address:
0x25F74

Entry point:
E8, 6A, CE, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, A3, 4B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00...
 
[+]

Code size:
557.5 KB (570,880 bytes)

The file sftgc.exe has been seen being distributed by the following URL.

http://ahp.li/646ee87189ae1799b4161baf55b5a59560933f83.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to archive-host.com  (188.165.46.1:80)

Scan sftgc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.