home

tef_patcher.exe

TEF - Daemon Patcher

Direção Processamento de dados LTDA

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TEF_Patcher’.
Publisher:
Direção Processamento de dados LTDA

Product:
TEF - Daemon Patcher

Description:
Modulo TEF - Daemon Patcher

Version:
2.0.0.11

MD5:
9ce5ae3f64058c419ebbf341ccb8f7bf

SHA-1:
71517df1bde124ee1a8f614c38fa914ec99174a3

SHA-256:
af68e440578584e90175f2ace4ff96a6213810dd629656d2ca85722557d35519

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/17/2024 8:52:43 AM UTC  (today)

Scan engine
Detection
Engine version

Norman
Malware
11.20141124

File size:
676.4 KB (692,612 bytes)

Product version:
2.0.0.11

Copyright:
Direção Processamento de dados LTDA

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\ProgramData\direcao\tef_patcher.exe

File PE Metadata
Compilation timestamp:
12/5/2009 7:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:bLDuvMcXnJ6xKY0fnrCi2OVQFyfUubFyeb3YKNF1GJCd1zC6UBFVzHTtOF3VEQMs:bLivMcXJaUnW5eGyfUux7YKNF1GAzC6P

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
TEF_Patcher

Command:
C:\Program Files2\direcao\tef_patcher.exe


The file tef_patcher.exe has been seen being distributed by the following URL.

ftp://ftp04.direcao.com/versoes/.../TEF_Patcher.exe

Scan tef_patcher.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.