rtscom[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

rtscom.dll
Size

132KB
MD5

ba99cd319ff4ef3b08295f029ba74514
SHA1

4ef7d0cbcab2d21a1e72a6c24d59c32ebb26a51b
SHA256

b5271fee55e4e4b7acf0d0604312cdd90e85cc2fa0699b31f214b0b4b2b9219d
SHA512

7a1702544d640701bd28ebd3d5b116734c7397c297afa6d9b839138251d2c32ed050e5d6b9388db1867556f0cc60d249e2c67a1b6995e8c09282b77f927421e3
SSDEEP

1536:3Aybdc+/5RR2aqdGjMbfrhHXmZsM7ILXQMzlQOk1pYT2A8HVgDOAbN94qNqXCTZf:Nc+hRoQ7ZOkzwa1gf5GXO8E9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rtscom.dll

Files

rtscom.dll
.dll regsvr32 windows:10 windows x86 arch:x86

8258380528a2740e88d156d8c38214c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

rtscom.pdb

Imports

msvcrt

_XcptFilter
_initterm
?terminate@@YAXXZ
_except_handler4_common
_purecall
_lock
_unlock
__dllonexit
memcpy
memcmp
_ftol2_sse
_CxxThrowException
_CIsqrt
_CIpow
_CIlog
_CIatan2
realloc
wcscat_s
malloc
__CxxFrameHandler3
_onexit
??1type_info@@UAE@XZ
memmove
_isnan
_finite
free
_amsg_exit
memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW
FindResourceExW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
LoadResource
FreeLibrary
SizeofResource

api-ms-win-core-string-l2-1-0

CharNextW
CharPrevW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegEnumValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapCreate
HeapDestroy
HeapReAlloc
HeapFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-errorhandling-l1-1-1

AddVectoredExceptionHandler
RemoveVectoredExceptionHandler

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

ntdll

EtwTraceMessage
RtlReportException
EtwEventUnregister
EtwEventRegister
EtwEventWriteTransfer
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwUnregisterTraceGuids

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcpynW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8258380528a2740e88d156d8c38214c5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-2-0

ntdll

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.data Size: 5KB - Virtual size: 7KB

.idata Size: 4KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 52B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 108KB - Virtual size: 107KB

.data
Size: 5KB - Virtual size: 7KB

.idata
Size: 4KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 52B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB