CTFLoader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

CTFLoader.exe
Size

700KB
MD5

c3e756cc851a4785134ba1eaa259f837
SHA1

a3467e066ffddb48e3b90fe417dc95d37c0bf36e
SHA256

580a1ad2dff4975296dfb0d407de2ea68f0f175ab8fb669150e2451cbda3d346
SHA512

75102a45e0a91a9128e2679dc28d8a1c434ccbf06b0d799d6f4d1361d31fe73d9b2c8e461573beff497082a683efb04e3e17d3d1c38622f1741b803f0a17fd5c
SSDEEP

12288:tOlFQeTNUg8nmaTgtTnwa5lB6gmuAXHTj+EDpw:yFQ0UZnzTg1PnB6cAXHTj+EDpw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CTFLoader.exe

Files

CTFLoader.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 508KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ