MsCtfMonitor[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

MsCtfMonitor.dll
Size

72KB
MD5

a357f38b8423b8933947a724d58eff36
SHA1

e47c6338dc7928e038fa94518cbe44e2ad2990d5
SHA256

7c754f5838b088ab8afd095080f0fc7cfe63c6ce67cb948351a92a8882c49c0a
SHA512

09c588ac2c4b89afff3cb747ab829ed2b25ad212df5039b99059a2d15ce97eaeaa91b60c675510cc500c0bbd9f4cf0ab56ba32822ff4607af065e288c682e810
SSDEEP

1536:B8VW7qASbDk3nfFeYap0If4GlKTj5mdJnOltCvpaC:tSw8pB4Gl8mdJOzCvr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MsCtfMonitor.dll

Files

MsCtfMonitor.dll
.dll regsvr32 windows:10 windows x86 arch:x86

ed53de3f8102866dc79bd49b2a761037

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MsCtfMonitor.pdb

Imports

msvcrt

malloc
free
_amsg_exit
_XcptFilter
memmove_s
_lock
_unlock
__dllonexit
_onexit
_except_handler4_common
memcpy
memcpy_s
memcmp
_vsnwprintf
_initterm
memset

msctf

TF_CreateCicLoadWinStaMutex
TF_PostAllThreadMsg
TF_InitSystem
TF_CreateCicLoadMutex
TF_UninitSystem

msutb

GetPopupTipbar
ClosePopupTipbar

ntdll

RtlUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegEnumKeyExW
RegGetValueW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyExW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
TlsSetValue
TlsFree
TlsGetValue
TerminateThread
GetCurrentProcess
TlsAlloc
GetCurrentProcessId
CreateThread
GetCurrentThreadId
SetProcessShutdownParameters

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD
SetSecurityDescriptorDacl

kernel32

InitializeCriticalSectionEx
LocalFree
LocalAlloc
lstrlenW
LoadLibraryExW
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
ResetEvent
GetProductInfo
GetVersionExW
LoadLibraryW
WaitForMultipleObjects
DelayLoadFailureHook
ResolveDelayLoadedAPI
CreateMutexW
RaiseFailFastException
GetSystemDirectoryW
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
LeaveCriticalSection
CreateSemaphoreExW
InitOnceComplete
CreateMutexExW
InitOnceBeginInitialize
FreeLibraryAndExitThread
FreeLibrary
CreateEventW
CreateThreadpoolTimer
OpenSemaphoreW
WaitForSingleObject
EnterCriticalSection
WaitForSingleObjectEx
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
ReleaseMutex
ReleaseSemaphore
SetLastError
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OutputDebugStringW
IsDebuggerPresent
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
DeleteCriticalSection
OpenEventW
SetEvent
CloseHandle
GetLastError
FormatMessageW
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW

user32

GetKeyboardLayoutList
SetThreadDesktop
DefWindowProcW
PostQuitMessage
CreateWindowExW
UnregisterClassW
RegisterClassExW
LoadCursorW
DestroyWindow
KillTimer
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
SetWindowPos
LoadStringW
SetTimer
GetThreadDesktop
FindWindowW
PostMessageW
DispatchMessageW

imm32

ImmDisableIME

api-ms-win-core-com-l1-1-0

CoTaskMemFree
StringFromCLSID

winsta

WinStationQueryInformationW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW
StartServiceW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DoMsCtfMonitor
InitLocalMsCtfMonitor
UninitLocalMsCtfMonitor

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed53de3f8102866dc79bd49b2a761037

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

msctf

msutb

ntdll

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-security-base-l1-1-0

kernel32

user32

imm32

api-ms-win-core-com-l1-1-0

winsta

api-ms-win-service-management-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-errorhandling-l1-1-3

api-ms-win-security-sddl-l1-1-0

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB