ktmutil[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ktmutil.exe
Size

18KB
MD5

c9d776b6a4bc22b5b9a0985ab9cd6101
SHA1

fc72d96df9d0e61a0458280290b27165258d735c
SHA256

81765113b2df32f13ef09fc96645c183f6064b27fcf4f3a3575088f016bbb5a5
SHA512

e5080eceeab1c3a430a93f3b42cc09a295a02f3d3efa538965aea19eae77f870a9191104d92bc373f7e806a2245b507d1d231bff71cde5684dd634ca82d75141
SSDEEP

384:Pqsz66pGvFTnOVsFkxaHtywf+DgY2+WjjW:Pc68F6hx1VUBD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ktmutil.exe

Files

ktmutil.exe
.exe windows x64

b3b2528c3a2c9cc109be296fc38f31bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid

kernel32

SetThreadUILanguage
HeapSetInformation
GetVersionExW
GetLastError
CloseHandle
RtlCompareMemory
GetStdHandle
GetFileType
GetConsoleMode
WriteConsoleW
WideCharToMultiByte
GetConsoleOutputCP
WriteFile
FormatMessageW
LocalFree
GetModuleHandleW
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess

msvcrt

_cexit
__setusermatherr
_initterm
_fmode
_commode
?terminate@@YAXXZ
__set_app_type
__wgetmainargs
_wcsicmp
setlocale
__C_specific_handler
malloc
free
wprintf
_amsg_exit
_XcptFilter
_exit
exit

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryInformationEnlistment
NtOpenEnlistment
NtOpenResourceManager
NtQueryInformationTransactionManager
NtOpenTransactionManager
NtQueryInformationTransaction
NtOpenTransaction
RtlStringFromGUID
RtlNtStatusToDosError
NtEnumerateTransactionObject
RtlFreeUnicodeString

ktmw32

OpenTransactionManagerById
OpenResourceManager
OpenEnlistment
CommitEnlistment
RollbackEnlistment
CommitComplete
RecoverEnlistment

api-ms-win-core-com-l1-1-0

IIDFromString

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3b2528c3a2c9cc109be296fc38f31bf

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

ktmw32

api-ms-win-core-com-l1-1-0

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 444B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 104B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 444B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 104B