dtsh[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dtsh.dll
Size

37KB
MD5

db89f55600ff0af31f899a2a33689351
SHA1

f989f0b99a7037eddf987335eae197ba66123800
SHA256

b5afd14c268c1617f624e9332a50276fb337a37f8d2b2bda1a0c7d7d238ab0fc
SHA512

957c911cbd2331b214139feea0c45a1866b6ef2886a57506f33b9c1b789fc194659b3664c34003e9aec3c379f38657ba8d6e39c048498d43e8646766a6a686a7
SSDEEP

768:yAn3J96Q5NGJqquYwVusRsxadtkJ8JNw/kdsMBoO:ywWuYasJH/kaMBoO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dtsh.dll

Files

dtsh.dll
.dll windows:6 windows x64 arch:x64

42a44c2f5299132ee52a39a5bf9ce964

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dtsh.pdb

Imports

msvcrt

free
_purecall
??2@YAPEAX_K@Z
_beginthreadex
calloc
memmove_s
memset
__C_specific_handler
malloc
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
??3@YAXPEAX@Z
_onexit
__dllonexit

advapi32

RegOpenKeyExW
RegCloseKey
ChangeServiceConfigW
StartServiceW
ControlService
OpenServiceW
QueryServiceConfigW
OpenSCManagerW
CloseServiceHandle
RegQueryValueExW

kernel32

LoadLibraryExW
RtlCaptureContext
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
GetModuleHandleW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CreateActCtxW
GetProcAddress
GetModuleFileNameW
InitializeCriticalSection
LeaveCriticalSection
GetLastError
EnterCriticalSection
DeleteCriticalSection
RaiseException
Sleep
CreateEventW
CloseHandle
SetEvent
WaitForSingleObject
OpenEventW
DisableThreadLibraryCalls
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount

ole32

ObjectStublessClient4
HWND_UserUnmarshal
HWND_UserMarshal
ObjectStublessClient7
ObjectStublessClient6
HWND_UserUnmarshal64
HWND_UserFree64
ObjectStublessClient3
ObjectStublessClient5
HWND_UserMarshal64
HWND_UserFree
HWND_UserSize64
HWND_UserSize
CoSetProxyBlanket
CoGetMalloc
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

rpcrt4

NdrOleAllocate
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_AddRef
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
IUnknown_QueryInterface_Proxy
CStdStubBuffer_DebugServerRelease
NdrOleFree
NdrDllGetClassObject

oleaut32

SysFreeString
SysAllocString

firewallapi

FWChangeNotificationCreate
FWChangeNotificationDestroy

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42a44c2f5299132ee52a39a5bf9ce964

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ole32

rpcrt4

oleaut32

firewallapi

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.orpc Size: 512B - Virtual size: 57B

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 960B

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 328B

.text
Size: 21KB - Virtual size: 21KB

.orpc
Size: 512B - Virtual size: 57B

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 960B

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 328B