TCP traffic to 67.135.105.137 on port 80 is sent without HTTP header TCP traffic to 205.185.216.10 on port 80 is sent without HTTP header TCP traffic to 173.222.40.209 on port 80 is sent without HTTP header
Was just about to FORMAT entire PC until I saw this thread...
This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
TCPSVCS.EXE - Trojan.PasswordStealer
in File Detections
Posted
8B3380241C9C4B6D6460217A678AB178 TCPSVCS.EXE MD5
F02449938E0E2197152ECB1AF8AA158AE50214DC TCPSVCS.EXE SHA1
081DC131643A56706574B620388332AAA4D368EE48A147C15B173FEC27B1E732 TCPSVCS.EXE SHA256
https://www.virustotal.com/en/file/081dc131643a56706574b620388332aaa4d368ee48a147c15b173fec27b1e732/analysis/1538990878/
or (two different crc's)
https://www.virustotal.com/en/file/63a56dcf9e9a717411d3b98519114987875171f9d3d76400f886751c0cd4d182/analysis/1538991149/
but then I found this...
https://www.hybrid-analysis.com/sample/081dc131643a56706574b620388332aaa4d368ee48a147c15b173fec27b1e732/5bbb29f97ca3e16a18749a63
Also it appears to make connection to:
TCP traffic to 67.135.105.137 on port 80 is sent without HTTP header
TCP traffic to 205.185.216.10 on port 80 is sent without HTTP header
TCP traffic to 173.222.40.209 on port 80 is sent without HTTP header
Was just about to FORMAT entire PC until I saw this thread...
Glad its just a false positive! Very scary stuff!
tcpsvcs-info.txt