avrt[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

avrt.dll
Size

14KB
MD5

139d3ab6aa920c34c50cbffb9eb7d222
SHA1

abd92afad16dfa7394ecb81d80b26b645de2f759
SHA256

5a5d205e16e6afdcc965e4144fe6e104157de7541d31727520363f2670513940
SHA512

57ff5ab82b3587459d861cf7ca74d912233b0db4277fd114798d0f5a7c566a0f3d559692b2e14f66434459f151721df78174b6757d8f548d47e3884bc3b779d5
SSDEEP

192:ImOBtOvLhLiItYs7Oj0DBJnce9wHK+yh3ghbaFOnokdD3pWNB24YOWrIoWc:IZCiIvQ0FJd5+23ghbboe3izNWrIoWc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
avrt.dll

Files

avrt.dll
.dll windows:6 windows x86 arch:x86

55802cb07f8e85f9dc44fcb941466fb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

avrt.pdb

Imports

ntdll

RtlMultiByteToUnicodeN
RtlAllocateHeap
RtlMultiByteToUnicodeSize
NtAlpcSendWaitReceivePort
RtlNtStatusToDosError
RtlDeleteBoundaryDescriptor
NtOpenEvent
NtOpenPrivateNamespace
RtlAddSIDToBoundaryDescriptor
RtlCreateBoundaryDescriptor
RtlSubAuthoritySid
RtlInitializeSid
RtlCreateServiceSid
RtlLengthRequiredSid
RtlFreeHeap
NtDelayExecution
NtWaitForSingleObject
NtQueryValueKey
NtOpenKey
NtAlpcConnectPort
RtlDecodePointer
RtlEncodePointer
NtSetEvent
NtCreateEvent
AlpcGetMessageAttribute
AlpcInitializeMessageAttribute
RtlFreeSid
RtlAllocateAndInitializeSid
RtlUnwind
memset
NtClose
NtSetInformationThread
RtlUnhandledExceptionFilter
NtTerminateProcess
RtlInitUnicodeStringEx

api-ms-win-core-errorhandling-l1-1-0

GetLastError

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
StartServiceW
OpenSCManagerW

Exports

Exports

AvQuerySystemResponsiveness
AvRevertMmThreadCharacteristics
AvRtCreateThreadOrderingGroup
AvRtCreateThreadOrderingGroupExA
AvRtCreateThreadOrderingGroupExW
AvRtDeleteThreadOrderingGroup
AvRtJoinThreadOrderingGroup
AvRtLeaveThreadOrderingGroup
AvRtWaitOnThreadOrderingGroup
AvSetMmMaxThreadCharacteristicsA
AvSetMmMaxThreadCharacteristicsW
AvSetMmThreadCharacteristicsA
AvSetMmThreadCharacteristicsW
AvSetMmThreadPriority

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55802cb07f8e85f9dc44fcb941466fb7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-service-management-l1-1-0

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 828B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 376B

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 828B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 376B