MsCtfMonitor[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

MsCtfMonitor.dll
Size

19KB
MD5

b43687c534a49700bf4b3c9898763752
SHA1

06a90f687a27a0aad07cec86e6e0a23270c5b0bc
SHA256

b4c371cb2c0eac1803e6c845f629814b2ce4c568022eb6a1c9ac1f293bf74f40
SHA512

f4372435b11218f93cd1a8501a4214ad79648f2ca9a41a96303116ca2c9d057b087982385561e4baa71ec0bdaf52abee4aa301cfa38546114153c0e69f3cd852
SSDEEP

384:rjYvPmG46JT3MeKcgqVDCHKAPQJXUMomjBk1Z8lWVsqWkt:+P4SDMKHV+HKqQJXUMDjBk1QW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MsCtfMonitor.dll

Files

MsCtfMonitor.dll
.dll regsvr32 windows:6 windows x86 arch:x86

9ad8f703a4d10d7566c4d4475cdcfc53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MsCtfMonitor.pdb

Imports

msvcrt

_initterm
_amsg_exit
_except_handler4_common
free
malloc
_XcptFilter
memset
_vsnwprintf

msctf

TF_UninitSystem
TF_InitSystem
TF_CreateCicLoadMutex
TF_CreateCicLoadWinStaMutex
TF_PostAllThreadMsg

msutb

GetPopupTipbar
ClosePopupTipbar

ntdll

RtlUnhandledExceptionFilter

api-ms-win-core-localregistry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegCloseKey

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
TlsGetValue
TlsSetValue
GetCurrentProcess
TlsFree
TlsAlloc
CreateThread
SetProcessShutdownParameters
GetCurrentThreadId

kernel32

GetVersionExW
ResetEvent
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcAddress
lstrlenW
LocalFree
LocalAlloc
LoadLibraryW
GetModuleFileNameW
CloseHandle
InterlockedIncrement
WaitForSingleObject
SetEvent
InterlockedDecrement
FreeLibraryAndExitThread
FreeLibrary
CreateEventW
GetModuleHandleExW
GetProductInfo
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedExchange

user32

KillTimer
SetTimer
FindWindowW
PostMessageW
CreateWindowExW
GetKeyboardLayoutList
GetThreadDesktop
SetThreadDesktop
LoadCursorW
RegisterClassExW
DefWindowProcW
PostQuitMessage
DestroyWindow
LoadStringW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
SetWindowPos
UnregisterClassW

ole32

CoTaskMemFree
StringFromCLSID

winsta

WinStationQueryInformationW

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DoMsCtfMonitor
InitLocalMsCtfMonitor
UninitLocalMsCtfMonitor

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ad8f703a4d10d7566c4d4475cdcfc53

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

msctf

msutb

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-processthreads-l1-1-0

kernel32

user32

ole32

winsta

wtsapi32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 920B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 760B

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 920B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 760B