CDT[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

CDT.exe
Size

4.8MB
MD5

0e9c0b9e25b9edfc6192aa3d2a0af03c
SHA1

29bbfb885064b4f9563dcb6cbdbee46103a14f1d
SHA256

74003bc64a0f09a74e81e80664f4bccb73a733a2a526e110a8b893257cbee3f5
SHA512

c6d2dd9269bd979017710d7cb965cca8fe2b544425d8ed540c3caadbb6434edcfdc96d41e545bcbe928d3e5b8ff7192c31c9ddcc9b6130809ff00487470d9c03
SSDEEP

98304:wiQuE42N00DQDHO/sc5yor5Cvpau8tYVKAfz61ca9BsC9nAMS8QVjg:wRus00DQDHO/sc5yor5CvpawVVr6d1AG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CDT.exe

Files

CDT.exe
.exe windows:6 windows x86 arch:x86

c2576cbfab04831d32374265b7cfd906

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\hudson\ZeusBase\ZeusGreen\GameMaker\Runner\VC_Runner\Win32\Release-Zeus\Runner.pdb

Imports

wininet

InternetReadFile
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCanonicalizeUrlA
InternetWriteFile
InternetConnectA
InternetCrackUrlA
HttpEndRequestW
HttpQueryInfoA
InternetGetConnectedState

dxgi

CreateDXGIFactory1

d3d11

D3D11CreateDevice

dbghelp

MiniDumpWriteDump
SymInitialize
SymFromAddr

winmm

mciSendStringA
joyGetPosEx
joyGetPos
joyGetDevCapsA
mciGetErrorStringA

ws2_32

gethostname
socket
setsockopt
send
recvfrom
recv
listen
inet_ntoa
inet_addr
getsockopt
WSAStartup
connect
closesocket
bind
accept
getpeername
select
__WSAFDIsSet
ntohs
ntohl
htons
htonl
WSACleanup
WSAGetLastError
WSAAddressToStringA
getaddrinfo
ioctlsocket
freeaddrinfo
sendto

gdiplus

GdiplusStartup
GdiplusShutdown

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

rpcrt4

UuidToStringW
UuidCreate

kernel32

FindFirstFileExA
GetFullPathNameA
SetCurrentDirectoryW
HeapReAlloc
GetTimeZoneInformation
MoveFileExW
SetFilePointerEx
SetStdHandle
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
DecodePointer
GetStringTypeW
GetACP
WriteFile
GetStdHandle
GetModuleFileNameA
PeekNamedPipe
GetFileType
GetDriveTypeW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
ReadFile
SetFileAttributesW
GetFileAttributesExW
GetModuleHandleExW
HeapWalk
HeapValidate
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
EncodePointer
RtlUnwind
VirtualQuery
GetProcessHeap
HeapFree
FindNextFileA
IsValidCodePage
HeapAlloc
InitializeSListHead
GetSystemTimeAsFileTime
RaiseException
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
LoadLibraryW
WideCharToMultiByte
CloseHandle
WaitForSingleObjectEx
CreateEventExW
OutputDebugStringA
MultiByteToWideChar
GetOEMCP
GetLastError
GetCurrentDirectoryW
DeleteFileW
GetFullPathNameW
SetLastError
CreateThread
GetExitCodeThread
GetModuleHandleW
LocalFree
FormatMessageW
SetCurrentDirectoryA
GetCurrentDirectoryA
FreeLibrary
GetEnvironmentVariableW
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
Sleep
GetExitCodeProcess
CreateProcessW
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetWaitableTimer
GetTickCount
CreateWaitableTimerW
GetCurrentProcess
GetCurrentThread
SetThreadPriority
SetPriorityClass
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExW
GetLocaleInfoW
GetUserDefaultLCID
ExitProcess
lstrlenA
GetCommandLineW
ExpandEnvironmentStringsW
CreateFileW
GetFinalPathNameByHandleW
SetUnhandledExceptionFilter
SetErrorMode
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
MoveFileA
RtlCaptureStackBackTrace
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsProcessorFeaturePresent
UnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetConsoleCtrlHandler
OutputDebugStringW
WriteConsoleW
SetEndOfFile
GetConsoleWindow
HeapSize
DeleteCriticalSection

user32

SetDlgItemTextW
GetDlgItemTextW
DrawTextW
GetDC
ReleaseDC
SetWindowTextW
ScreenToClient
MoveWindow
SetCursorPos
ClientToScreen
MapWindowPoints
GetActiveWindow
GetCursorPos
wsprintfW
GetAsyncKeyState
keybd_event
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
GetFocus
SetWindowTextA
GetDlgItem
TranslateMessage
DispatchMessageW
PeekMessageW
IsDialogMessageW
CreateDialogParamW
GetForegroundWindow
UpdateWindow
SetWindowLongW
ChangeDisplaySettingsW
EnumDisplaySettingsW
MonitorFromWindow
GetMonitorInfoW
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetForegroundWindow
GetSystemMetrics
ReleaseCapture
SetCapture
GetKeyState
SetFocus
BringWindowToTop
SetWindowPos
EndDialog
SetDlgItemTextA
DialogBoxParamW
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
SendMessageW
MessageBoxW
GetRawInputDeviceList
GetRawInputDeviceInfoA
LoadImageW
LoadCursorW
SetProcessDPIAware
CallNextHookEx

gdi32

GetDeviceCaps
DeleteObject
SelectObject
CreateFontA

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoCreateFreeThreadedMarshaler

dwmapi

DwmGetCompositionTimingInfo

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1001KB - Virtual size: 1000KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 518KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

minATL
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mydata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2576cbfab04831d32374265b7cfd906

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

dxgi

d3d11

dbghelp

winmm

ws2_32

gdiplus

comctl32

version

rpcrt4

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

dwmapi

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 1001KB - Virtual size: 1000KB

.data Size: 518KB - Virtual size: 2.9MB

minATL Size: 512B - Virtual size: 12B

.mydata Size: 512B - Virtual size: 8B

.gfids Size: 512B - Virtual size: 412B

_RDATA Size: 2KB - Virtual size: 1KB

.rsrc Size: 44KB - Virtual size: 44KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1001KB - Virtual size: 1000KB

.data
Size: 518KB - Virtual size: 2.9MB

minATL
Size: 512B - Virtual size: 12B

.mydata
Size: 512B - Virtual size: 8B

.gfids
Size: 512B - Virtual size: 412B

_RDATA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 44KB - Virtual size: 44KB