General

Malware Config

Signatures

Files

• mtk.exe

  .exe windows:6 windows x64

  9f6e7992b0ff9dc2b6802a6ad06edd76

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  ntdll

  NtCreateFile

  RtlCaptureContext

  RtlNtStatusToDosError

  RtlLookupFunctionEntry

  NtReadFile

  RtlVirtualUnwind

  NtWriteFile

  NtDeviceIoControlFile

  NtCancelIoFileEx

  kernel32

  GetCurrentProcessId

  SetHandleInformation

  TryAcquireSRWLockExclusive

  GetCurrentProcess

  DuplicateHandle

  GetSystemInfo

  AcquireSRWLockExclusive

  CreateIoCompletionPort

  GetQueuedCompletionStatusEx

  PostQueuedCompletionStatus

  ReleaseSRWLockExclusive

  GetConsoleWindow

  SetFileCompletionNotificationModes

  Sleep

  GetModuleHandleA

  GetProcAddress

  GetFileInformationByHandle

  GetConsoleMode

  TerminateProcess

  SuspendThread

  ReleaseSRWLockShared

  AcquireSRWLockShared

  DebugBreakProcess

  OpenProcess

  FreeEnvironmentStringsW

  DeleteProcThreadAttributeList

  CompareStringOrdinal

  AddVectoredExceptionHandler

  SetThreadStackGuarantee

  SwitchToThread

  QueryPerformanceCounter

  GetCurrentThread

  ReleaseMutex

  SetLastError

  GetCurrentDirectoryW

  GetEnvironmentStringsW

  GetEnvironmentVariableW

  Process32NextW

  Process32FirstW

  FlushFileBuffers

  SetFilePointerEx

  CreateToolhelp32Snapshot

  GetStdHandle

  WriteFileEx

  SleepEx

  WaitForSingleObject

  QueryPerformanceFrequency

  HeapAlloc

  GetProcessHeap

  HeapFree

  CloseHandle

  HeapReAlloc

  WaitForSingleObjectEx

  LoadLibraryA

  CreateMutexA

  FindNextFileW

  FindClose

  CreateFileW

  GetFileInformationByHandleEx

  CreateDirectoryW

  FindFirstFileW

  GetFinalPathNameByHandleW

  UnhandledExceptionFilter

  GetModuleHandleW

  FormatMessageW

  GetModuleFileNameW

  GetFullPathNameW

  CreateNamedPipeW

  ReadFileEx

  GetSystemDirectoryW

  GetWindowsDirectoryW

  CreateProcessW

  GetFileAttributesW

  InitializeProcThreadAttributeList

  UpdateProcThreadAttribute

  MultiByteToWideChar

  WriteConsoleW

  WideCharToMultiByte

  ReadConsoleW

  CreateThread

  GetSystemTimeAsFileTime

  GetTempPathW

  SetUnhandledExceptionFilter

  IsProcessorFeaturePresent

  GetCurrentThreadId

  InitializeSListHead

  IsDebuggerPresent

  GetLastError

  user32

  GetWindowLongPtrW

  RemoveMenu

  FindWindowA

  ShowWindow

  SetForegroundWindow

  GetForegroundWindow

  GetSystemMenu

  SetWindowLongPtrW

  advapi32

  SystemFunction036

  GetUserNameW

  RegOpenKeyExW

  RegCloseKey

  RegQueryValueExW

  ws2_32

  bind

  WSASocketW

  WSACleanup

  send

  WSAGetLastError

  WSASend

  connect

  WSAIoctl

  closesocket

  WSAStartup

  getsockname

  getpeername

  getsockopt

  shutdown

  recv

  freeaddrinfo

  getaddrinfo

  setsockopt

  ioctlsocket

  secur32

  DeleteSecurityContext

  ApplyControlToken

  FreeContextBuffer

  AcceptSecurityContext

  InitializeSecurityContextW

  DecryptMessage

  EncryptMessage

  AcquireCredentialsHandleA

  FreeCredentialsHandle

  QueryContextAttributesW

  crypt32

  CertOpenStore

  CertCloseStore

  CertDuplicateStore

  CertAddCertificateContextToStore

  CertDuplicateCertificateContext

  CertFreeCertificateContext

  CertVerifyCertificateChainPolicy

  CertGetCertificateChain

  CertEnumCertificatesInStore

  CertFreeCertificateChain

  CertDuplicateCertificateChain

  bcrypt

  BCryptGenRandom

  vcruntime140

  _CxxThrowException

  __current_exception

  __CxxFrameHandler3

  memcmp

  memcpy

  memmove

  __C_specific_handler

  __current_exception_context

  memset

  api-ms-win-crt-string-l1-1-0

  strlen

  api-ms-win-crt-math-l1-1-0

  pow

  __setusermatherr

  api-ms-win-crt-heap-l1-1-0

  _set_new_mode

  malloc

  free

  api-ms-win-crt-stdio-l1-1-0

  _set_fmode

  __p__commode

  api-ms-win-crt-runtime-l1-1-0

  _register_onexit_function

  _configure_narrow_argv

  _crt_atexit

  terminate

  _set_app_type

  _initialize_onexit_table

  _c_exit

  _register_thread_local_exe_atexit_callback

  _initialize_narrow_environment

  _get_initial_narrow_environment

  _seh_filter_exe

  _initterm

  _initterm_e

  exit

  _cexit

  _exit

  __p___argv

  __p___argc

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  Sections

  .text

  Size: 2.4MB - Virtual size: 2.4MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.2MB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 15KB - Virtual size: 18KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 119KB - Virtual size: 119KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 21KB - Virtual size: 20KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ