cttune[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cttune.exe
Size

318KB
MD5

7573e129035aa191b752fab5bed546af
SHA1

aa00d7055e80d942b6b801021830a4ec105dd1dd
SHA256

232783f87c7da0f6fa9bae2fdbdc94095130baaf2125aff974baefd8ee16c69b
SHA512

8babe22d0dfd05aded11f9abf5ef53123ee19a19636bb2bf655a70cbcda2cedd4279d6aaa7f12d9cd7420272f214336ebc5d5b57427fc221f604bf1d04106cac
SSDEEP

3072:zm4yGRFz+l/tZGacUk8bfkTWVnwqZkvJqxEm4x1ESuQG+3SeyRS6CSfKVu1xgCAo:zNF6dt6U/kiJwqZkvoxEvTEPp/F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cttune.exe

Files

cttune.exe
.exe windows x64

35651cdc802429deb29a7c2312b9569f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
EventWriteTransfer
EventRegister
EventUnregister
OpenProcessToken
GetTokenInformation
CreateWellKnownSid
CheckTokenMembership
RegCreateKeyExW
RegSetValueExW

kernel32

HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
GetCurrentProcess
GetLastError
CreateMutexW
VerifyVersionInfoW
MulDiv
VerSetConditionMask
GetTickCount64

gdi32

SetBkColor
Polyline
CreatePen
GetTextMetricsW
SetBkMode
StretchBlt
DeleteObject
GetDeviceCaps
CreateFontIndirectW
GetObjectW
CreateCompatibleDC
SelectObject
GdiAlphaBlend
BitBlt
DeleteDC
GetStockObject
GdiSetBatchLimit
SetTextColor
CreateSolidBrush
PatBlt
CreateCompatibleBitmap
SetStretchBltMode

user32

GetSysColorBrush
EndPaint
SendMessageW
TrackMouseEvent
DefWindowProcW
LoadCursorW
RegisterClassExW
FindWindowW
SetForegroundWindow
EndDialog
SetTimer
KillTimer
DialogBoxParamW
ShowWindow
EnableWindow
CheckDlgButton
BeginPaint
CheckRadioButton
EnumDisplaySettingsW
EnumDisplayDevicesW
ChangeDisplaySettingsExW
GetSysColor
CopyImage
LoadImageW
DestroyWindow
CreateWindowExW
LoadBitmapW
DrawTextW
GetFocus
MapWindowPoints
FillRect
RedrawWindow
IsCharAlphaNumericW
GetWindowLongPtrW
FrameRect
DrawFocusRect
GetWindowLongW
InvalidateRect
SetWindowTextW
IsDlgButtonChecked
SetFocus
SetWindowLongW
GetParent
PostMessageW
SetWindowLongPtrW
SetDlgItemTextW
GetDlgItem
GetClientRect
MapDialogRect
SendDlgItemMessageW
SystemParametersInfoW
SendMessageTimeoutW
SetWindowPos
PtInRect
GetWindowRect
GetSystemMetrics
GetProcessDefaultLayout
ReleaseDC
LoadStringW
GetDC
MessageBoxW

msvcrt

__C_specific_handler
_unlock
__set_app_type
_initterm
__setusermatherr
_acmdln
_ismbblead
_cexit
exit
__getmainargs
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
_fmode
_commode
_lock
memcmp
?terminate@@YAXXZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
wcschr
realloc
free
_purecall
_vsnwprintf
_wtoi
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_exit
memset

oleaut32

VariantClear
VariantInit
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SysAllocString

api-ms-win-core-com-l1-1-0

CoUninitialize
StringFromGUID2
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetStartupInfoW
GetCurrentThreadId

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

comctl32

ord381
PropertySheetW
InitCommonControlsEx

dwrite

DWriteCreateFactory

ntdll

WinSqmIncrementDWORD
WinSqmAddToStream

ole32

CoGetObject

oleacc

CreateStdAccessibleObject
LresultFromObject

setupapi

SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

uxtheme

GetThemeColor
GetThemeFont
OpenThemeData
IsThemeActive
GetThemeSysColor
GetThemeSysFont
CloseThemeData
DrawThemeParentBackground

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35651cdc802429deb29a7c2312b9569f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

oleaut32

api-ms-win-core-com-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

comctl32

dwrite

ntdll

ole32

oleacc

setupapi

uxtheme

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 236KB - Virtual size: 236KB

.reloc Size: 512B - Virtual size: 248B

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 236KB - Virtual size: 236KB

.reloc
Size: 512B - Virtual size: 248B