drt[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

drt.dll
Size

216KB
MD5

a177f025aead96dc3df2c6f20d864658
SHA1

6be11f22a9529d268f30f149a9793e4917810de9
SHA256

30c11eb631099f9816b7de1389501b41450491f985c48ad4c75db9593dfe01fc
SHA512

6cdb9a221385055cf4259dfe83abb7b52e873a01101f854a48bfe45be9aa7cc052210237a730184cb26e78114329e95bb4430526e254b8c4d742a36fa2ec9ed9
SSDEEP

6144:NRB3FG4NYoT9sd7UfYz9MFfJ18dlt1PT3U:NRB1G4NYoTY4fYafJUt1PT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
drt.dll

Files

drt.dll
.dll windows:10 windows x86 arch:x86

9274cc4dc8bf203601bf331c946904b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

drt.pdb

Imports

msvcrt

malloc
free
memmove
_initterm
__CxxFrameHandler3
_purecall
memcpy
?terminate@@YAXXZ
_except_handler4_common
_XcptFilter
memcmp
_ftol2
_amsg_exit
memset

ntdll

wcspbrk
RtlHashUnicodeString
EtwEventWriteTransfer
_i64tow_s
_vsnwprintf
EtwTraceMessage
RtlInitUnicodeString
EtwEventActivityIdControl
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

kernel32

DuplicateHandle
DebugBreak
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
CreateTimerQueue
DeleteTimerQueueEx
ChangeTimerQueueTimer
CompareFileTime
WaitForSingleObject
CreateTimerQueueTimer
DeleteTimerQueueTimer
RegisterWaitForSingleObject
UnregisterWaitEx
SetEvent
CloseHandle
CreateEventW
GetLastError
ResetEvent
DisableThreadLibraryCalls
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-perfcounters-l1-1-0

PerfSetCounterSetInfo
PerfSetULongCounterValue
PerfIncrementULongCounterValue
PerfStartProviderEx
PerfStopProvider
PerfDeleteInstance
PerfCreateInstance
PerfDecrementULongCounterValue

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DrtClose
DrtContinueSearch
DrtEndSearch
DrtFlushCache
DrtGetCacheStatsEx
DrtGetEventData
DrtGetEventDataSize
DrtGetInstanceName
DrtGetInstanceNameSize
DrtGetSearchPath
DrtGetSearchPathSize
DrtGetSearchResult
DrtGetSearchResultSize
DrtHandlePowerEvent
DrtOpen
DrtPingPeer
DrtRegisterKey
DrtStartPartitionDetection
DrtStartSearch
DrtUnregisterKey
DrtUpdateKey

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9274cc4dc8bf203601bf331c946904b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-processthreads-l1-1-0

kernel32

api-ms-win-core-perfcounters-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 198KB - Virtual size: 198KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 52B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 198KB - Virtual size: 198KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 52B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 10KB