ctfmon[.]exe | Triage

General

Target

ctfmon.exe
Size

11KB
MD5

b625c18e177d5beb5a6f6432ccf46fb3
SHA1

abb864e1911c59f785b0e1822701b9a5ab31ba1e
SHA256

484fed5f039f429ed933931ba607b7efda7d1a343d79cfab60910e1843147012
SHA512

d908bbdc26504b7bf6527c6f436d1ba0edfd9d2d09981ece411551bb3c5e1cfd046675a09a98438c5c59a2a4d9ba689fb0f1dd017190df6705ea088f11cc0c7f
SSDEEP

96:09AOfIKFb3nPWsv+5g3U2QD6S1EswBm5R00hTTpTq6mmyJfLODJVpRKLsLEWhgWq:AX3DPWsD7DS1EswEnp5q6mmy1CMWhgW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ctfmon.exe

Files

ctfmon.exe
.exe windows:10 windows x64 arch:x64

6fd43544fb51c12382cad7c88f550240

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapSetInformation
GetStartupInfoW
WerSetFlags
GetCommandLineW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep

msvcrt

_fmode
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
?terminate@@YAXXZ
_commode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

msctfmonitor

DoMsCtfMonitor

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fd43544fb51c12382cad7c88f550240

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

msctfmonitor

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 204B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 32B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 204B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 32B