devrtl[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

devrtl.dll
Size

55KB
MD5

aecb5b8febb075b26ff42994b97ad54d
SHA1

e3113390b8642980e50d29703d845bee9d0735bc
SHA256

98d52056ab041cbc30d6e2d9ba53d066d852d6918838496ec05274dc90c7b733
SHA512

fa78c6534e176cd27c3f610224125df9bd3f5e1196cd2b61ff85ed38061db911d87635d7966b214966159c54a0c4c628ec22e8feb6574558268524d59f901c89
SSDEEP

1536:YidIv7KvbJ9rf5wky9KtwPxl8+z7Ho5sbcbtloWnW:Yi2vWFRRSKal7I5M06WW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
devrtl.dll

Files

devrtl.dll
.dll windows:10 windows x86 arch:x86

e7bf0041311b44a682d0a2b5277cc7f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

devrtl.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__resetstkoflw
_o__seh_filter_dll
memmove
_o_toupper
_except_handler4_common
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
wcsrchr
wcschr
_o___std_type_info_destroy_list
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
TlsFree
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
TlsSetValue
TlsGetValue

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObjectEx
CreateEventW
SleepEx
SetEvent
WaitForMultipleObjectsEx
CreateMutexW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleFileNameA

ntdll

NtOpenKey
RtlInitUnicodeString
NtClose
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
NtSetInformationFile
NtQueryInformationFile
NtSetValueKey
RtlNtStatusToDosErrorNoTeb
NtQuerySystemInformation
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteN
RtlUnicodeToMultiByteSize
RtlNtStatusToDosError
RtlGetVersion
NtCreateKey
NtDeleteValueKey
NtQueryValueKey

api-ms-win-core-file-l1-1-0

SetEndOfFile
GetFullPathNameW
GetFileAttributesW
WriteFile
FindClose
FindNextFileW
SetFileAttributesW
FindFirstFileW
GetFileInformationByHandle
CreateFileW
SetFilePointer
GetFileSize
DeleteFileW
FileTimeToLocalFileTime
FlushFileBuffers
CreateDirectoryW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l2-1-0

MoveFileWithProgressW
CreateHardLinkW
MoveFileExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineA

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetThreadLocale
FormatMessageW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc

Exports

Exports

DevRtlCloseTextLogSection
DevRtlCreateTextLogSectionA
DevRtlCreateTextLogSectionW
DevRtlGetThreadLogToken
DevRtlSetThreadLogToken
DevRtlWriteTextLog
DevRtlWriteTextLogError
NdxTableAddObject
NdxTableAddObjectToList
NdxTableClose
NdxTableFirstObject
NdxTableFirstObjectInList
NdxTableGetObjectName
NdxTableGetObjectType
NdxTableGetObjectTypeCount
NdxTableGetObjectTypeName
NdxTableGetPropertyTypeClass
NdxTableGetPropertyTypeCount
NdxTableGetPropertyTypeName
NdxTableGetPropertyValue
NdxTableNextObject
NdxTableObjectFromName
NdxTableObjectFromPointer
NdxTableOpen
NdxTableRemoveObject
NdxTableRemoveObjectFromList
NdxTableSetObjectPointer
NdxTableSetPropertyValue
NdxTableSetTypeDefinition

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7bf0041311b44a682d0a2b5277cc7f5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

ntdll

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-heap-l1-1-0

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 44KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 45KB - Virtual size: 44KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB