RtlUpd[.]dll[.]exe

Resubmissions

24/12/2024, 06:27

241224-g7499asnhr 10

30/04/2024, 15:46

240430-s7lnpacb59 8

Sharing

Copy URL

Twitter E-mail

General

Target

RtlUpd.dll.exe
Size

62KB
MD5

c16bdc61bbc82e9668f8cee9cc5c94c5
SHA1

c2f98475c7be3064e0b294ef546f57d3c3a1e267
SHA256

6a195e6111c9a4b8c874d51937b53cd5b4b78efc32f7bb255012d05087586d8f
SHA512

9337275916970bd88fb1de18959bf587e29147cf6198e3a242679b198cca26d7ddeeda2e893145058444e494048768ac33ce36e75a44fb84b4a0c50a3814faae
SSDEEP

1536:yyMGpJvykUU0mVWUBmJyB1NjKOaSHGfuUF8u7J8NG3:nrpPUUXWXK1NoLfuQ8u7J8Nw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RtlUpd.dll.exe

Files

RtlUpd.dll.exe
.dll regsvr32 windows:4 windows x64 arch:x64

9e89b06661c393195797fb70ceba29aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

GetUserNameW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW

kernel32

CloseHandle
CopyFileW
CreateFileW
CreateMutexW
CreatePipe
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
GetCommandLineW
GetComputerNameExW
GetComputerNameW
GetCurrentDirectoryW
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemInfo
GetTempPathW
GetTickCount
GetVolumeInformationW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
PeekNamedPipe
ReadFile
SetCurrentDirectoryW
SetFilePointer
SetHandleInformation
SetLastError
Sleep
TerminateProcess
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_initterm
_lock
_unlock
_wcsnicmp
abort
calloc
fputwc
free
fwprintf
fwrite
localeconv
malloc
memcpy
memset
realloc
strcat
strcpy
strerror
strlen
strncmp
vfprintf
wcscat
wcscmp
wcscpy
wcslen

shell32

CommandLineToArgvW
SHGetFolderPathW

ws2_32

WSACleanup
WSAStartup
gethostbyname
gethostname
inet_ntoa

Exports

Exports

DllGetClassObject
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer
Start

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

9e89b06661c393195797fb70ceba29aa

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

ws2_32

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 45KB

.data Size: 1024B - Virtual size: 576B

.rdata Size: 5KB - Virtual size: 4KB

.pdata Size: 2KB - Virtual size: 1KB

.xdata Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 3KB

.edata Size: 512B - Virtual size: 184B

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 100B

.text
Size: 46KB - Virtual size: 45KB

.data
Size: 1024B - Virtual size: 576B

.rdata
Size: 5KB - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 1KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 184B

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 100B