MTF[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MTF.dll
Size

196KB
MD5

6865f0e57d1d80f99d4f6333fa5b5f79
SHA1

0af5dfd455f651aa314063b2776cdeffd782dcd7
SHA256

6c58ae7237fd53b42ecec85858e088a91aff4f87552b1df413467c0db3f383ce
SHA512

946b94fe766a916aa0cee9adac6e085d87fc8434a442d1d5b476ecc97ffd6d69fe78ab27c1ef54946102d342308a9b4fdf64bbe7c5df1960b047925e3d1335c3
SSDEEP

6144:YT3khtMGmhMlRsxON1taGui/ktIpw6b30x:Q3khGJ6sC1tFui/ktI3wx

Score

1^/10

Malware Config

Signatures

Files

MTF.dll
.dll windows:10 windows x86 arch:x86

4227c4bf8d6aff1c7ad05c89de375cc4

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fa:e5:40:a6:ef:8c:46:7e:a4:e4:45:b8:c3:67:6b:4f:61:ca:79:63:d9:38:18:4d:cc:e8:c5:f4:f3:ce:56:d4
Signer

Actual PE Digest

fa:e5:40:a6:ef:8c:46:7e:a4:e4:45:b8:c3:67:6b:4f:61:ca:79:63:d9:38:18:4d:cc:e8:c5:f4:f3:ce:56:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MTF.pdb

Imports

msvcrt

??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
?what@exception@@UBEPBDXZ
_purecall
_CxxThrowException
memcpy_s
memcpy
_vsnwprintf
??0exception@@QAE@XZ
??1type_info@@UAE@XZ
??3@YAXPAX@Z
malloc
realloc
wcsncmp
toupper
_except_handler4_common
memmove
_XcptFilter
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
_amsg_exit
free
memcmp
??_V@YAXPAX@Z
_onexit
_initterm
_lock
_vsnprintf_s
memmove_s
_unlock
__dllonexit
__CxxFrameHandler3
_callnewh
memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal
CoCreateInstance
CoEnableCallCancellation
StringFromGUID2
CoCancelCall
CoDisableCallCancellation
CoGetClassObject

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
CreateMutexExW
InitializeCriticalSectionEx
CreateSemaphoreExW
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseMutex
OpenSemaphoreW
LeaveCriticalSection
ReleaseSRWLockExclusive
InitializeSRWLock
WaitForSingleObjectEx
EnterCriticalSection
AcquireSRWLockExclusive
SetEvent
CreateEventW
ReleaseSemaphore
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
EventProviderEnabled
EventActivityIdControl

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

oleaut32

SysFreeString
SysAllocString
SysStringLen
SysAllocStringLen

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

coremessaging

CoreUICreate

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

api-ms-win-rtcore-ntuser-window-l1-1-0

DispatchMessageW
PeekMessageW
TranslateMessage

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalAlloc
LocalFree

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

coreuicomponents

CoreUIClientCreate

Exports

Exports

CreateInputTypeAttributes
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4227c4bf8d6aff1c7ad05c89de375cc4

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

fa:e5:40:a6:ef:8c:46:7e:a4:e4:45:b8:c3:67:6b:4f:61:ca:79:63:d9:38:18:4d:cc:e8:c5:f4:f3:ce:56:d4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-registry-l1-1-0

oleaut32

api-ms-win-core-threadpool-legacy-l1-1-0

coremessaging

api-ms-win-rtcore-ntuser-synch-l1-1-0

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-security-sddl-l1-1-0

coreuicomponents

Exports

Exports

Sections

.text Size: 166KB - Virtual size: 165KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 11KB - Virtual size: 10KB

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

fa:e5:40:a6:ef:8c:46:7e:a4:e4:45:b8:c3:67:6b:4f:61:ca:79:63:d9:38:18:4d:cc:e8:c5:f4:f3:ce:56:d4
Signer

.text
Size: 166KB - Virtual size: 165KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 11KB - Virtual size: 10KB