ttd[.]exe[.]virus

Sharing

Copy URL Twitter E-mail

General

Target

ttd.exe.virus
Size

756KB
MD5

5b893ca214aa548b5e7d38c770fec5f3
SHA1

1992b37d0111a98e212e403e3c37606250efdd28
SHA256

1e188a7f7fc82bec76d1afaf640544a4d8b62bc0405eb3c9ee7f5972284c369e
SHA512

926dbad6171287494e6d36c2ff817df9018fbd125fbea3e3b5cc545020d6e9274613fa2bc0cf3331ddd3132b2deb223d5d8e8f89290f279f4f2316fab795f10b
SSDEEP

12288:gAkhigHE/TIWVe9Lv3vpS5rJ1NDFB6gDWib87Opr5Rpmi7dKi:NkYgHE/TIUe9Lv3vpS5rJ1NDFB6gDWih

Score

1^/10

Malware Config

Signatures

Files

ttd.exe.virus
.exe windows:4 windows x64 arch:x64

cd8ef81f2d3a4fee5540594a615e4342

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

05/01/2022, 09:58

Not After

06/01/2024, 09:58

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c7:85:63:36:9d:1a:89:86:f6:a9:c6:f5:45:46:a5:d9:4c:86:2c:b7:ff:8d:a8:78:0b:12:84:63:78:82:ba:cd
Signer

Actual PE Digest

c7:85:63:36:9d:1a:89:86:f6:a9:c6:f5:45:46:a5:d9:4c:86:2c:b7:ff:8d:a8:78:0b:12:84:63:78:82:ba:cd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libmlt-6

mlt_consumer_close
mlt_consumer_connect
mlt_consumer_is_stopped
mlt_consumer_position
mlt_consumer_purge
mlt_consumer_start
mlt_consumer_stop
mlt_environment_set
mlt_events_fire
mlt_events_listen
mlt_factory_close
mlt_factory_consumer
mlt_factory_filter
mlt_factory_init
mlt_factory_producer
mlt_filter_close
mlt_log_set_level
mlt_multitrack_clip
mlt_producer_close
mlt_producer_get_fps
mlt_producer_get_length
mlt_producer_get_speed
mlt_producer_position
mlt_producer_seek
mlt_producer_set_speed
mlt_profile_clone
mlt_profile_close
mlt_profile_from_producer
mlt_profile_init
mlt_profile_list
mlt_properties_close
mlt_properties_count
mlt_properties_get
mlt_properties_get_data
mlt_properties_get_int
mlt_properties_get_name
mlt_properties_get_value
mlt_properties_inc_ref
mlt_properties_inherit
mlt_properties_new
mlt_properties_parse
mlt_properties_serialise_yaml
mlt_properties_set
mlt_properties_set_data
mlt_properties_set_int
mlt_repository_consumers
mlt_repository_filters
mlt_repository_metadata
mlt_repository_presets
mlt_repository_producers
mlt_repository_transitions
mlt_service_attach
mlt_service_consumer

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetStdHandle
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReadConsoleA
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleMode
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__mb_cur_max
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_fmode
_initterm
_isatty
_lock
_onexit
_setjmp
_strdup
_ultoa
_unlock
abort
atoi
calloc
exit
fclose
fflush
fgets
fopen
fprintf
fputc
free
fwrite
getc
getenv
isspace
localeconv
longjmp
malloc
mbstowcs
memcpy
memmove
memset
printf
raise
realloc
setlocale
signal
strchr
strcmp
strcpy
strerror
strlen
strncmp
strrchr
strstr
vfprintf
wcslen
wcstombs

shlwapi

PathRemoveFileSpecA

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 441KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd8ef81f2d3a4fee5540594a615e4342

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0bCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

c7:85:63:36:9d:1a:89:86:f6:a9:c6:f5:45:46:a5:d9:4c:86:2c:b7:ff:8d:a8:78:0b:12:84:63:78:82:ba:cdSigner

Headers

File Characteristics

Imports

libmlt-6

kernel32

msvcrt

shlwapi

Sections

.text Size: 57KB - Virtual size: 57KB

.data Size: 512B - Virtual size: 328B

.rdata Size: 11KB - Virtual size: 10KB

.pdata Size: 3KB - Virtual size: 3KB

.xdata Size: 3KB - Virtual size: 2KB

.bss Size: - Virtual size: 5KB

.idata Size: 7KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 1KB - Virtual size: 1KB

/4 Size: 2KB - Virtual size: 1KB

/19 Size: 441KB - Virtual size: 441KB

/31 Size: 18KB - Virtual size: 17KB

/45 Size: 24KB - Virtual size: 24KB

/57 Size: 8KB - Virtual size: 8KB

/70 Size: 4KB - Virtual size: 4KB

/81 Size: 76KB - Virtual size: 76KB

/92 Size: 5KB - Virtual size: 5KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0b
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

c7:85:63:36:9d:1a:89:86:f6:a9:c6:f5:45:46:a5:d9:4c:86:2c:b7:ff:8d:a8:78:0b:12:84:63:78:82:ba:cd
Signer

.text
Size: 57KB - Virtual size: 57KB

.data
Size: 512B - Virtual size: 328B

.rdata
Size: 11KB - Virtual size: 10KB

.pdata
Size: 3KB - Virtual size: 3KB

.xdata
Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 7KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1KB - Virtual size: 1KB

/4
Size: 2KB - Virtual size: 1KB

/19
Size: 441KB - Virtual size: 441KB

/31
Size: 18KB - Virtual size: 17KB

/45
Size: 24KB - Virtual size: 24KB

/57
Size: 8KB - Virtual size: 8KB

/70
Size: 4KB - Virtual size: 4KB

/81
Size: 76KB - Virtual size: 76KB

/92
Size: 5KB - Virtual size: 5KB