mtk[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

mtk.exe
Size

3.8MB
MD5

0f9599d3ddf1e0c8f818d384ee8d0d19
SHA1

2ca17aef38df0c00efa49b4b448c5f8343725c2f
SHA256

a98aec4a39f5f5ee41280cb17d9b4b5e9bc1eea2fb2ff0d7a962e2b74464d67c
SHA512

7c41c8bf3cadf94f14c25b1e85f3d56a4d39918b1b3718d3f8a284164dc02eb2643ebc28069c1bb7e84adaac41211c52f5e47fa10b86e797c64a6d4cfa0efbf7
SSDEEP

49152:F0BKpXaVwQ5isgxUX+E5ZQcK2mqyxlb+oYLTL2QZnDNR0t62zm33Nar:Z7UwuyJYXL2QZDCzK3Nar

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

mtk.exe

resource
mtk.exe

Files

mtk.exe
.exe windows:6 windows x64

9f6e7992b0ff9dc2b6802a6ad06edd76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtCreateFile
RtlCaptureContext
RtlNtStatusToDosError
RtlLookupFunctionEntry
NtReadFile
RtlVirtualUnwind
NtWriteFile
NtDeviceIoControlFile
NtCancelIoFileEx

kernel32

GetCurrentProcessId
SetHandleInformation
TryAcquireSRWLockExclusive
GetCurrentProcess
DuplicateHandle
GetSystemInfo
AcquireSRWLockExclusive
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
ReleaseSRWLockExclusive
GetConsoleWindow
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetProcAddress
GetFileInformationByHandle
GetConsoleMode
TerminateProcess
SuspendThread
ReleaseSRWLockShared
AcquireSRWLockShared
DebugBreakProcess
OpenProcess
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
QueryPerformanceCounter
GetCurrentThread
ReleaseMutex
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
Process32NextW
Process32FirstW
FlushFileBuffers
SetFilePointerEx
CreateToolhelp32Snapshot
GetStdHandle
WriteFileEx
SleepEx
WaitForSingleObject
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
UnhandledExceptionFilter
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
GetFullPathNameW
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
ReadConsoleW
CreateThread
GetSystemTimeAsFileTime
GetTempPathW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetLastError

user32

GetWindowLongPtrW
RemoveMenu
FindWindowA
ShowWindow
SetForegroundWindow
GetForegroundWindow
GetSystemMenu
SetWindowLongPtrW

advapi32

SystemFunction036
GetUserNameW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

ws2_32

bind
WSASocketW
WSACleanup
send
WSAGetLastError
WSASend
connect
WSAIoctl
closesocket
WSAStartup
getsockname
getpeername
getsockopt
shutdown
recv
freeaddrinfo
getaddrinfo
setsockopt
ioctlsocket

secur32

DeleteSecurityContext
ApplyControlToken
FreeContextBuffer
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
EncryptMessage
AcquireCredentialsHandleA
FreeCredentialsHandle
QueryContextAttributesW

crypt32

CertOpenStore
CertCloseStore
CertDuplicateStore
CertAddCertificateContextToStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertEnumCertificatesInStore
CertFreeCertificateChain
CertDuplicateCertificateChain

bcrypt

BCryptGenRandom

vcruntime140

_CxxThrowException
__current_exception
__CxxFrameHandler3
memcmp
memcpy
memmove
__C_specific_handler
__current_exception_context
memset

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_configure_narrow_argv
_crt_atexit
terminate
_set_app_type
_initialize_onexit_table
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
_get_initial_narrow_environment
_seh_filter_exe
_initterm
_initterm_e
exit
_cexit
_exit
__p___argv
__p___argc

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f6e7992b0ff9dc2b6802a6ad06edd76

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

ws2_32

secur32

crypt32

bcrypt

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 15KB - Virtual size: 18KB

.pdata Size: 119KB - Virtual size: 119KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 15KB - Virtual size: 18KB

.pdata
Size: 119KB - Virtual size: 119KB

.reloc
Size: 21KB - Virtual size: 20KB