CT[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

CT.exe
Size

272KB
MD5

925e6533a93a618e4b8ab70c51a59381
SHA1

8cb8e50a47085568aeb146e119a7c22a67bf7485
SHA256

a63f0f72733d9cfd88eb642ebc67cab4b11bbe0ba90cd140f676211adf79f1e3
SHA512

775336b26e0c17299c7b66fcc8ed5fbbf9259a88d4e7a9cc2ded7c8dbbdd6293d229804124140899f841652fd43f5dc65f133dfe9ffc9250c9bf3bb019f2faa4
SSDEEP

3072:76SKSYUaaYNUzbT1Xmk4/b1UHO57cO52DIIy/2EY0kiPDTaQKkqQb:76SICzseHOtcOh4iPD6h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CT.exe

Files

CT.exe
.exe windows:4 windows x86

ca134c78b75a2c311478115e043983ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetModuleHandleA
GetStartupInfoA
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
SetConsoleTitleA
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
GetLastError
GetSystemTimeAsFileTime

user32

SetFocus
PeekMessageA
TranslateMessage
MessageBoxA
DispatchMessageA

core

?appBaseDir@@YIPBDXZ
?GIsServer@@3HA
?GIsScriptable@@3HA
?GLazyLoad@@3HA
?GUseFrontEnd@@3HA
?GExec@@3PAVFExec@@A
?appGetDllHandle@@YIPAXPBD@Z
?appGetDllExport@@YIPAXPAXPBD@Z
?appPreExit@@YIXXZ
?appExit@@YIXXZ
?GIsStarted@@3HA
?SetProgressRange@FFeedbackContext@@UAEXMM@Z
?Flush@FOutputDevice@@UAEXXZ
?GCRCTable@@3PAKA
?GMalloc@@3PAVFMalloc@@A
??1FString@@QAE@XZ
??DFString@@QBEPBDXZ
?Logf@FOutputDevice@@QAAXW4EName@@PBDZZ
?appTimestamp@@YIPBD_N0@Z
?appRequestExit@@YIXH@Z
?LocalizeError@@YIPBDPBD00@Z
?GIsGuarded@@3HA
?appStrlen@@YIHPBD@Z
?appStrncat@@YIPADPADPBDH@Z
?appStrncpy@@YIPADPADPBDH@Z
?GErrorHist@@3PADA
?StaticShutdownAfterError@UObject@@SIXXZ
?appGetSystemErrorMessage@@YIPBDH@Z
?GLog@@3PAVFOutputDevice@@A
?GIsCriticalError@@3HA
?GIsEditor@@3HA
?GIsClient@@3HA
?Log@FOutputDevice@@QAEXW4EName@@PBD@Z
?GWarn@@3PAVFFeedbackContext@@A
?GLogHook@@3PAVFOutputDevice@@A
?GIsRunning@@3HA
?appUnwindf@@YAXPBDZZ
?ParseParam@@YIHPBD0@Z
?appCmdLine@@YIPBDXZ
?appGetVarArgs@@YIHPADHAAPBD@Z
?GIsSlowTask@@3HA
?appFailAssert@@YAXPBD0H@Z
?NotifyExec@FNotifyHook@@UAEXPAXPBD@Z
?NotifyPostChange@FNotifyHook@@UAEXPAX@Z
?NotifyPreChange@FNotifyHook@@UAEXPAX@Z
??_7FNotifyHook@@6B@
??_7FExec@@6B@
?GWindowManager@@3PAVUSubsystem@@A
?GIsRequestingExit@@3HA
?appSeconds@@YINXZ
?ParseObject@@YIHPBD0PAVUClass@@AAPAVUObject@@PAV2@@Z
?PrivateStaticClass@UClass@@0V1@A
?PrivateStaticClass@UObject@@0VUClass@@A
?StaticLoadClass@UObject@@SIPAVUClass@@PAV2@PAV1@PBD2KPAVUPackageMap@@@Z
?StaticConstructObject@UObject@@SIPAV1@PAVUClass@@PAV1@VFName@@K1PAVFOutputDevice@@1@Z
?GError@@3PAVFOutputDeviceError@@A
?GetTransientPackage@UObject@@SIPAVUPackage@@XZ
?IsChildOf@UStruct@@QBE_NPBV1@@Z
?GObjObjects@UObject@@0V?$TArray@PAVUObject@@@@A
?appStrcpy@@YIPADPADPBD@Z
?Names@FName@@0V?$TArray@PAUFNameEntry@@@@A
?GNull@@3PAVFOutputDevice@@A
?GFileManager@@3PAVFFileManager@@A
?appStrcat@@YIPADPADPBD@Z
?appPackage@@YIPBDXZ
?Parse@@YIHPBD0PADH@Z
?Serialize@FCompactIndex@@QAEXAAVFArchive@@@Z
?Initialized@FName@@0_NA
?appSprintf@@YAHPADPBDZZ
?appStricmp@@YIHPBD0@Z
?LocalizeGeneral@@YIPBDPBD00@Z
?Logf@FOutputDevice@@QAAXPBDZZ
??4FString@@QAEAAV0@PBD@Z
??8FString@@QBE_NPBD@Z
?Parse@@YIHPBD0AAVFString@@@Z
??0FString@@QAE@XZ
?ENGINE_VERSION@@3HA
?GConfig@@3PAVFConfigCache@@A
?FindStat@FStatRecord@@QAEPAU1@PBD_N@Z
?Main@FStatRecord@@SIAAU1@XZ
??0FString@@QAE@PBD_N@Z
?GetPathName@UObject@@QBEPBDPAV1@PAD@Z
?Log@FOutputDevice@@QAEXPBD@Z
?ParseUBOOL@@YIHPBD0AAH@Z
??0FName@@QAE@PBDW4EFindName@@@Z
?Parse@@YIHPBD0AAVFName@@@Z
?ParseCommand@@YAHPAPBDPBD@Z
?appAtoi@@YAHPBD@Z
?appAtof@@YIMPBD@Z
?GetLanguage@UObject@@SIPBDXZ
??1FStringTemp@@QAE@XZ
??DFString@@QBE?AVFStringTemp@@ABV0@@Z
?GGlobalSettingsPath@@3VFString@@A
?Len@FString@@QBEHXZ
?GCurrProfilePath@@3VFString@@A
??0FStringTemp@@QAE@ABVFString@@@Z
?Mid@FString@@QBE?AVFStringTemp@@HH@Z
?InStr@FString@@QBEHPBD_N@Z
?appSaveStringToFile@@YIHABVFString@@PBDPAVFFileManager@@@Z
??HFString@@QBE?AVFStringTemp@@PBD@Z
??YFString@@QAEAAV0@PBD@Z
??YFString@@QAEAAV0@ABV0@@Z
?Printf@FString@@SA?AVFStringTemp@@PBDZZ
??9FString@@QBE_NPBD@Z
??0FString@@QAE@ABV0@@Z
??0FString@@QAE@ABVFStringTemp@@@Z
??4FString@@QAEAAV0@ABV0@@Z
??0FStringTemp@@QAE@PBD_N@Z
?appStrstr@@YIPADPBD0@Z
?appLoadFileToString@@YIHAAVFString@@PBDPAVFFileManager@@@Z
?Serialize@FString@@QAEXAAVFArchive@@@Z
?appInit@@YIXPBD0PAVFOutputDevice@@PAVFOutputDeviceError@@PAVFFeedbackContext@@P6IPAVFConfigCache@@XZH@Z

engine

?GEngine@@3PAVUEngine@@A
?PrivateStaticClass@AActor@@0VUClass@@A
?PrivateStaticClass@UGameEngine@@0VUClass@@A
?PrivateStaticClass@URenderDevice@@0VUClass@@A
?PrivateStaticClass@UEngine@@0VUClass@@A
?PrivateStaticClass@UCanvas@@0VUClass@@A

window

?OnUndo@WWindow@@UAEXXZ
?OnShowWindow@WWindow@@UAEXH@Z
?OnPaste@WWindow@@UAEXXZ
?OnCopy@WWindow@@UAEXXZ
?OnCut@WWindow@@UAEXXZ
?OnKeyDown@WWindow@@UAEXD@Z
?OnChar@WWindow@@UAEXD@Z
?OnActivate@WProperties@@UAEXH@Z
?OnSysCommand@WWindow@@UAEHH@Z
?OnCommand@WWindow@@UAEXH@Z
?OnMove@WWindow@@UAEXHH@Z
?OnWindowPosChanging@WWindow@@UAEXPAH000@Z
?OnSize@WProperties@@UAEXKHH@Z
?OnKillFocus@WWindow@@UAEXPAUHWND__@@@Z
?OnSetFocus@WWindow@@UAEXPAUHWND__@@@Z
?OnCopyData@WWindow@@UAEXPAUHWND__@@PAUtagCOPYDATASTRUCT@@@Z
?GetLength@WWindow@@UAEHXZ
?SetText@WWindow@@UAEXPBD@Z
?GetText@WWindow@@UAE?AVFString@@XZ
?InterceptControlCommand@WWindow@@UAEHIIJ@Z
?CallDefaultProc@WWindow@@UAEHIIJ@Z
?WndProc@WWindow@@UAEJIIJ@Z
?GetWindowClassName@WObjectProperties@@UAEXPAD@Z
?DoDestroy@WProperties@@UAEXXZ
?GetPackageName@WObjectProperties@@UAEPBDXZ
?Serialize@WProperties@@UAEXAAVFArchive@@@Z
?Show@WObjectProperties@@UAEXH@Z
?Unused@FCommandTarget@@UAEXXZ
??0WConfigProperties@@QAE@VFName@@PBD@Z
?OpenWindow@WProperties@@QAEXPAUHWND__@@@Z
??0WObjectProperties@@QAE@VFName@@KPBDPAVWWindow@@H@Z
?OnEraseBkgnd@WWindow@@UAEHXZ
?ScrollCaret@WEdit@@QAEXXZ
??1WObjectProperties@@UAE@XZ
??1WConfigProperties@@UAE@XZ
?Paste@WTerminal@@UAEXXZ
?TypeChar@WTerminal@@UAEXD@Z
?OnDestroy@WLog@@UAEXXZ
?OnClose@WLog@@UAEHXZ
?OnSetCursor@WWindow@@UAEHXZ
?OnFinishSplitterDrag@WWindow@@UAEXPAVWDragInterceptor@@H@Z
?OnCreate@WLog@@UAEXXZ
?OnPaint@WWindow@@UAEXXZ
?OnShowWindow@WLog@@UAEXH@Z
?OnActivate@WWindow@@UAEXH@Z
?OnCommand@WLog@@UAEXH@Z
?OnSize@WTerminal@@UAEXKHH@Z
?OnSetFocus@WTerminal@@UAEXPAUHWND__@@@Z
?OnCopyData@WLog@@UAEXPAUHWND__@@PAUtagCOPYDATASTRUCT@@@Z
?SetText@WLog@@UAEXPBD@Z
?WndProc@WLog@@UAEJIIJ@Z
?GetWindowClassName@WLog@@UAEXPAD@Z
?DoDestroy@WWindow@@UAEXXZ
?GetPackageName@WLog@@UAEPBDXZ
?Serialize@WWindow@@UAEXAAVFArchive@@@Z
?OpenWindow@WLog@@QAEXHH@Z
??0WLog@@QAE@PBDAAPAVFArchive@@VFName@@PAVWWindow@@@Z
?InitWindowing@@YIXXZ
??1WLog@@UAE@XZ
?RemoveActor@WProperties@@UAEXPAVAActor@@@Z
?GLogWindow@@3PAVWLog@@A
?SetExec@WTerminal@@QAEXPAVFExec@@@Z
?OnVScroll@WWindow@@UAEXIJ@Z
?OnKeyUp@WWindow@@UAEXIJ@Z
?OnHScroll@WWindow@@UAEXIJ@Z
?OnPaint@WProperties@@UAEXXZ
?OnCreate@WWindow@@UAEXXZ
?OnDrawItem@WWindow@@UAEXPAUtagDRAWITEMSTRUCT@@@Z
?OnMeasureItem@WWindow@@UAEXPAUtagMEASUREITEMSTRUCT@@@Z
?OnInitDialog@WWindow@@UAEXXZ
?OnEnterIdle@WWindow@@UAEXXZ
?OnMouseEnter@WWindow@@UAEXXZ
?OnMouseLeave@WWindow@@UAEXXZ
?OnMouseHover@WWindow@@UAEXXZ
?OnTimer@WWindow@@UAEXXZ
?OnReleaseCapture@WWindow@@UAEXXZ
?OnMdiActivate@WWindow@@UAEXH@Z
?OnMouseMove@WWindow@@UAEXKUFPoint@@@Z
?OnLeftButtonDown@WWindow@@UAEXXZ
?OnLeftButtonDoubleClick@WWindow@@UAEXXZ
?OnMiddleButtonDoubleClick@WWindow@@UAEXXZ
?OnRightButtonDoubleClick@WWindow@@UAEXXZ
?OnRightButtonDown@WWindow@@UAEXXZ
?OnLeftButtonUp@WWindow@@UAEXXZ
?OnRightButtonUp@WWindow@@UAEXXZ
?OnFinishSplitterDrag@WProperties@@UAEXPAVWDragInterceptor@@H@Z
?OnSetCursor@WProperties@@UAEHXZ
?OnClose@WPropertiesBase@@UAEHXZ
?OnDestroy@WProperties@@UAEXXZ
?MyDrawEdge@WWindow@@UAEXPAUHDC__@@PAUtagRECT@@H@Z
?GetRoot@WObjectProperties@@UAEPAVFTreeItem@@XZ
?GetDividerWidth@WProperties@@UAEHXZ
?ResizeList@WProperties@@UAEXXZ
?SetItemFocus@WProperties@@UAEXH@Z
?ForceRefresh@WProperties@@UAEXXZ
?BeginSplitterDrag@WProperties@@UAEXXZ
?GetRoot@WConfigProperties@@UAEPAVFTreeItem@@XZ
?ExpandAll@WProperties@@UAEXXZ
?RemoveActor@WObjectProperties@@UAEXPAVAActor@@@Z
?Show@WWindow@@UAEXH@Z
?GetPackageName@WConfigProperties@@UAEPBDXZ
?SetNotifyHook@WWindow@@QAEXPAVFNotifyHook@@@Z
?GetWindowClassName@WConfigProperties@@UAEXPAD@Z
?SetValue@WProperties@@UAEXPBD@Z

gamespymgr

??0GameSpyCDKeyResponseInterface@@QAE@XZ
??1GameSpyCDKeyResponseInterface@@QAE@XZ

winmm

timeEndPeriod
timeBeginPeriod

msvcr71

_acmdln
__CxxFrameHandler
_CxxThrowException
fflush
_iob
_controlfp
_onexit
__dllonexit
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_purecall
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_except_handler3
__security_error_handler
??1type_info@@UAE@XZ
memmove
puts
printf
getchar

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca134c78b75a2c311478115e043983ac

Headers

File Characteristics

Imports

kernel32

user32

core

engine

window

gamespymgr

winmm

msvcr71

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 172B

.rsrc Size: 204KB - Virtual size: 200KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 172B

.rsrc
Size: 204KB - Virtual size: 200KB