Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Tofsee.EA

Trojan.Tofsee.EA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 4,216
Threat Level: 80 % (High)
Infected Computers: 2,573
First Seen: October 29, 2021
Last Seen: April 23, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Tofsee.EA
Signature status: No Signature

Known Samples

MD5: f6fc494b65c8e09504ebde71d0f5b292
SHA1: e48785d8b09b0e2335a5c855ebe29f9ea5ad4d1b
SHA256: A26A3F90CE98CD0068927B2F1EDEFC24D0ABF742FD92D6A96B36007E91609C35
File Size: 41.47 KB, 41472 bytes
MD5: 02c64fca85b9392fdfa197f0b20e5590
SHA1: 0cb4e80500bdc606c6afc511f4102ae79d5f5d75
SHA256: 82D2DBABF87CD0D88D65A5E318360C974E6BF1623381C7A40FBFF59AE74A84F5
File Size: 950.27 KB, 950272 bytes
MD5: 00d90725ac44b57d749c9ceaa149c53d
SHA1: d179f8fd03a7415c87f6f1ad7b5f9923a640ba91
SHA256: 4EC7C844807F373F121D750DE4F14B4A195117B3FEAC0E97115D0A96D7950543
File Size: 683.01 KB, 683008 bytes
MD5: 0e50fdff84c13fbaee261db7085772c8
SHA1: 8868b0f1f446cd164624749b4498213c4faaaf61
SHA256: A0C142C8D2D19756FBD547E4F8C7CA42111AD0E378708081C8A57759067DE077
File Size: 187.36 KB, 187360 bytes
MD5: f8150d8dd897ca29611d3c5d437ff6cf
SHA1: 24b59fd062a66f6ba948452f509a4afa60ac5149
SHA256: 4948D8A1C077EED875C28E3B3F697A60F030EA9D79CC2EA7BC1E4188D0E4F0F5
File Size: 318.56 KB, 318560 bytes
Show More
MD5: dff817e1f0ce8373eb8417e1a4c2ce3e
SHA1: d7c3c863d61d60b4b790de2725a9b1c1b0935344
SHA256: EFBFE6249E515D036A6AB488AAD15347E7A50DEA7C02E3D629C481EBC238152F
File Size: 254.40 KB, 254400 bytes
MD5: c56a3bec987d8d14d16590a4ff08cb87
SHA1: 8ca8abc843f9b436f28ab712f68adbc31c557371
SHA256: 58F4B90BD52E4DD043DE16FFB9EC8D65B34F3BD114E9E42D1EE4425258BE0DFE
File Size: 119.62 KB, 119624 bytes
MD5: df8ea6f79caedb4f3de55a078d3903bb
SHA1: 2dc942a4faf79f7154d180595a162269a1690436
SHA256: D1BB29CFEA400D850048BC74031AF33E42B7733BE359DF674B7D3F533439B024
File Size: 503.42 KB, 503416 bytes
MD5: 587a1bde059b8800fb26da5682553d9a
SHA1: 1e184e0f49b248d2c75a6dbdeb99faa41abe22ec
SHA256: 77915DAE6C7ADF2BE242294D701D8C2F5A19EFBE5216612424774DFBDCA8F1C5
File Size: 94.72 KB, 94720 bytes
MD5: 17af7a22b7a3e3f05cd7b0833251a0a6
SHA1: d649c11a3f462b3bb94c1ecc4ddc3fa5e6db64b6
SHA256: F7DB3391BB3880D66397FF07918D8D1C6D90984F1E7DB20429741CFFE3CF491B
File Size: 1.92 MB, 1922200 bytes
MD5: 03d3152bb9c97af158af17ee1fc6e7d9
SHA1: 09575005b2f35585ee4780a9fe0b45bbdbf7f787
SHA256: 6FB1EBA77C16544F513446BAFD4204BC08368DB9FDFDE60B52DD30B87B5F51BD
File Size: 240.16 KB, 240160 bytes
MD5: b0afeb6b4fb98aaaf3e5579b63473a07
SHA1: aa179286b292d5b8035dfd80d5d9658e07274851
SHA256: 696C856E9A089AB4E24DFBFA47031A7A5EADBEEDC29B412400AC846AD3869B56
File Size: 1.13 MB, 1126904 bytes
MD5: a11361a3d01a3113202f57e7c4ba3660
SHA1: 1f4fc999063165d2699ec723990959afcc66a07d
SHA256: FE34DBF179A37CCAAF16B33594B910987814BE903EA89F0EEE19FB6C3F36C4C8
File Size: 879.87 KB, 879872 bytes
MD5: 3dc94188b9f4c60fd4748680227bc855
SHA1: e3434a89425a2b4d32c12448e6a6812f0e31acd9
SHA256: 678461A4279A55480ED15D12000EBB3D4B9D6769DE8BF9D395F0DFFCFABF33C6
File Size: 1.57 MB, 1572432 bytes
MD5: 6ca5e3efe4493d96dfb08c04bed1f96b
SHA1: 5387286c9bbf5a08d6b8486fa953b6968d390510
SHA256: 9083EA073CE38B15ECC2D709CA23792C1D927EC939C5E148B1505B61B0BC088C
File Size: 993.64 KB, 993640 bytes
MD5: 312f7b60c5bc26304088ddee4c8ac4b9
SHA1: 2308ec13f3234b79abb46f9ce26a22b6b7622587
SHA256: 681F9C34FB624BBFA960AD1A75B64CE3327DB1ADCC4B0E6FABF0118967648EAC
File Size: 88.46 KB, 88464 bytes
MD5: d01f3b75945fd13833928b5de204b235
SHA1: 3224133d58c4a7eb50b3ae04a7d2970b782250b8
SHA256: 0F6D2043B973A1ECD07BE99C09F136D081D0048021A3E7DCD6514F65E26020BE
File Size: 575.49 KB, 575488 bytes
MD5: d621160c140277fd5eeec2e3e45d24d9
SHA1: 6ff2f9628744a89aa84140c08614243afb7f75e4
SHA256: 2B8F69F920BCFD8B943AF60DFB28D7008A6D42A66B8097CED533C7F067BCEF7F
File Size: 683.50 KB, 683504 bytes
MD5: 3457a2c7adae4233fdef96bc22c063fb
SHA1: e384f938b3e6edf668719eec84f3b37761e8c78e
SHA256: 060A03CC6682FA9708FA28C93BB53FDCEF1A4F018432311592B10C46496C0D7C
File Size: 254.36 KB, 254360 bytes
MD5: a234bef587659e7df722d55197e48e96
SHA1: 905b3bfdac2424ba7511c1dbd16f01cb24e803d9
SHA256: 4FF9CB9950A6816D39E140E95DA05A33369071DF554B26D48778CE9BE7707F7A
File Size: 1.02 MB, 1019752 bytes
MD5: ca2d39e1a2c7b2d942187973744e9a9e
SHA1: 582db1797cf01d92d13782123b8f6f372059e3d5
SHA256: 589A286A7CCD8253DA4E0F565A3153D308F67422E24C4E4079774FE548CDD281
File Size: 1.65 MB, 1654272 bytes
MD5: 31e56ceb208c42c7d26daddfdb3eeb27
SHA1: 36bbc3628721b45b70d4f357256cb455a71dd958
SHA256: 6A9907ACE72E2E9FC7A4A8AC9F2FF0632B2C968E959E7E12A43DF058624D8EA3
File Size: 170.36 KB, 170360 bytes
MD5: a4ad22025f22a52b60c99a729c079a4c
SHA1: 77a5696aa5a0e2ad25c886ee6f5a8f6b6c584e18
SHA256: 8D4DCD5F2A224CE6534B176E75F5A300E083B71C0FD64A196C9FF0E714BB93ED
File Size: 597.51 KB, 597512 bytes
MD5: 6ee0badc0b3a7f48c3fa356369025171
SHA1: c20a1e6a73040bf89a2150946393e088d8fbda18
SHA256: F40FB86FCF5B9B92E50B4AC2BBED48E97A9D83A61200AF0A52F39C93E41EF370
File Size: 132.89 KB, 132888 bytes
MD5: ebc9264ff01291b42a88e49eef144ca0
SHA1: 3b2c32567a008ab4b41fa80af5f06001780ff8f0
SHA256: D1E66100EA91DB6E7D173D8E76D4C7BE12912062739725D32BE24FB146E37868
File Size: 1.63 MB, 1634896 bytes
MD5: 6c5d8f9e3c61a83f4cd517e91720d2a4
SHA1: e20b349daa9a28b3b3337c8d2c813f3b44d9df20
SHA256: AF980C79E9717D72F1155ADB358C4FF3D2DAB3A9D53613356DB12DC5F83FDAA3
File Size: 102.42 KB, 102416 bytes
MD5: 623a5be95eaf078209d3bc6b4954a313
SHA1: daf81cf29cd3fae18b1b811e01fd6d8ca6d7a5e1
SHA256: E98FF567F1847D8ABA5066264B662B678E2693099A198236E7144365F7CF81B5
File Size: 520.66 KB, 520664 bytes
MD5: 0f15fdd3286a904f5e66fb67faac3a23
SHA1: b36a753a53a29d887b5f07ff4880a4a60df93e73
SHA256: AF65A82AE61DE652C23492F84E5D8F120C97CFDA65F5D7CE4D96A056A66BC372
File Size: 317.50 KB, 317504 bytes
MD5: d4812db5a9b17f7595df9d1b5d046689
SHA1: 72c555f5be9cc3f799c17f08763e31e986981933
SHA256: 7489BBC5D938228EE8EAAE6E419504B988009C54EE0093F48E6FFA302BEC1236
File Size: 912.89 KB, 912888 bytes
MD5: f5611ab9279d6de19c4ed36d4496713c
SHA1: 9349938d39ac3d4707cd1d2106a350c26316ee08
SHA256: 12541A772CA6850D4A87D3FADD28D66A7C88B1FE366963A44ABA04B17FFE38D9
File Size: 3.71 MB, 3709269 bytes
MD5: 8db7070904aebf1bde0c191bcdd177f4
SHA1: ce426477c576226817e171bf31a901857d934fc4
SHA256: E7CF58047333144507780E539A0D98F3B0B4CA8682B63B1E9B608CFE6A0D35E8
File Size: 95.94 KB, 95936 bytes
MD5: 275db5481a18a0a84684055148ee3abe
SHA1: 4c108ef75bec3a929dd8da0f4e5551cf77edf939
SHA256: 57A175F2AF54EF4B4461D87948A82249F0B38C6D5A471553BB0CC8AB6B65AFEF
File Size: 41.47 KB, 41472 bytes
MD5: 6921e3637594e205d81d81c8b3763c6d
SHA1: 9c461ba64106995afd53efbe67ab9723f94269b6
SHA256: 8634746D825804A67B4997D24DB5ED33805CA94718589FB76AC75046E6AE8A3E
File Size: 1.71 MB, 1707520 bytes
MD5: afc504723bee7ee94b704ac5a031bef7
SHA1: a71e6e36495f166b5808408a0be112158368b6dc
SHA256: F7BB0EE3B60D1B8B53E29119FA7D3A82F9FE966ACF2D0C6E041C5DDBC90BD4F7
File Size: 291.33 KB, 291328 bytes
MD5: 140e2144f9329af017109bc0631ac394
SHA1: 0b8561111e791f9722d5864fe7d8f80563c7ce16
SHA256: B951E983D8354AE09BA753A30186D496DC7AACEA6AD1B77DC0D4BCF7FDE35A90
File Size: 263.08 KB, 263080 bytes
MD5: 5312a2c946451b0056f0e5811a374b65
SHA1: ae5447893df68c352005cfee1d0d95ab078cfc26
SHA256: B7D2C9D340EA595342618691FF5CEF86E90D4B05185F13AC4AA425EA34D4F198
File Size: 401.41 KB, 401408 bytes
MD5: 928159c6626fc8c0e0f99c836860913c
SHA1: 1b3a81a18d396b4304368f0111a2498f6c2f7b4d
SHA256: 961BCDC9E28381E824CB85FFD078B0EBEB1D1145957217B96442346CACEAB31A
File Size: 159.31 KB, 159312 bytes
MD5: d85d4719054dc32ce2b7ebf1a0f6fd99
SHA1: e51b24dba2d44582f9b51d8d4cfd781a971a345a
SHA256: CF8EBB4EA7464E67DDB5C248F50B7B8E1DEE5ED64106527F1CB44B37D5E1BA45
File Size: 656.60 KB, 656597 bytes
MD5: bce35018eb09e90dd2b96b1b8c779c88
SHA1: b49af0eab8ff7218eb467008bc0ff8bd5851d1ab
SHA256: 9E9431E4ECBDDBD1400424565077A5D140A3B93A6616307074D34CB29AD94D24
File Size: 112.13 KB, 112128 bytes
MD5: e5072e31273b97a776aa5064bb78e8ec
SHA1: c7a9d24b6e6fd5e2494bc3d05aa04e12bbd119ae
SHA256: C5CA488554D3E4AD7ADAE47E9B58A24F40F8F89C262463D7A3CF37B805163310
File Size: 1.24 MB, 1243640 bytes
MD5: d91e04628baa28c2e4c2b05381c8022a
SHA1: 625ce9a24be5f765b39cac89c9766e9dee50aa19
SHA256: C5F5C49AA881434E651C5EC4A0423380D76534EB79F9C57C93DE2C2872C7348E
File Size: 152.06 KB, 152064 bytes
MD5: ec287a6fcd7f436b738aa6f93e66d0b3
SHA1: 997eeed1fe23db17adecffffb8d50de62d7a0d8d
SHA256: B98604EA40552BF1C20BE982938870760861E0762CA158EF76244A11A3F09844
File Size: 101.18 KB, 101176 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
File Version 1.00
Internal Name TJprojMain
Original Filename TJprojMain.exe
Product Name Project1
Product Version 1.00

File Traits

  • 2+ executable sections
  • big overlay
  • No Version Info
  • x86

Block Information

Total Blocks: 275
Potentially Malicious Blocks: 38
Whitelisted Blocks: 237
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x x x 0 x x x x x x x x x 0 x x 0 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$re0lso7.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\common files\microsoft shared\msinfo\msinfo32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{042d2~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{33d1f~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{47109~1\vc_red~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{5af95~1\vc_red~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{9dff3~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{ca675~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbo~1\__sand~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbo~1\sandbo~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\sandbo~1\sandbo~2.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbo~1\shsand~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\3582-490\24b59fd062a66f6ba948452f509a4afa60ac5149_0000318560 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\2dc942a4faf79f7154d180595a162269a1690436_0000503416 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\5387286c9bbf5a08d6b8486fa953b6968d390510_0000993640 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\997eeed1fe23db17adecffffb8d50de62d7a0d8d_0000101176 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\a71e6e36495f166b5808408a0be112158368b6dc_0000291328 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\ae5447893df68c352005cfee1d0d95ab078cfc26_0000401408 Generic Write,Read Attributes
c:\windows\svchost.com Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\classes\exefile\shell\open\command:: C:\WINDOWS\svchost.com "%1" %* RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • ShellExecute
Other Suspicious
  • SetWindowsHookEx

Shell Command Execution

open C:\Users\Rdlryvch\AppData\Local\Temp\3582-490\24b59fd062a66f6ba948452f509a4afa60ac5149_0000318560
open C:\Users\Yrlgrwrn\AppData\Local\Temp\3582-490\2dc942a4faf79f7154d180595a162269a1690436_0000503416
open C:\Users\Ttavdhjm\AppData\Local\Temp\3582-490\5387286c9bbf5a08d6b8486fa953b6968d390510_0000993640
open C:\Users\Wwjriplx\AppData\Local\Temp\3582-490\a71e6e36495f166b5808408a0be112158368b6dc_0000291328
open C:\Users\Wrnqcxxu\AppData\Local\Temp\3582-490\ae5447893df68c352005cfee1d0d95ab078cfc26_0000401408
Show More
open C:\Users\Tkoawzae\AppData\Local\Temp\3582-490\997eeed1fe23db17adecffffb8d50de62d7a0d8d_0000101176

Trending

Most Viewed

Loading...