home

drtl109.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.moddb.com and multiple other hosts.
MD5:
d2fee9f4a0e6b2512a575c69cb9af0dd

SHA-1:
989e3955a416a9b72a4e79160ef7b024889abf3b

SHA-256:
16c2814c80cd13deec72e4f1e2963201c5168732ffd4481c9b7e0610c8f380a0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/28/2024 2:21:47 AM UTC  (today)

File size:
1.6 MB (1,660,993 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\drtl109.exe

File PE Metadata
Compilation timestamp:
3/17/2000 10:23:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:QHc+xKyGF4P6nLs2nsPdVuPlDVs/PMRQ+ZnG:74P6w2sFVutDm/SrA

Entry address:
0xC0CF

Entry point:
55, 8B, EC, 6A, FF, 68, 98, 77, 41, 00, 68, D0, E2, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, AC, 60, 41, 00, 33, D2, 8A, D4, 89, 15, 64, FE, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 60, FE, 41, 00, C1, E1, 08, 03, CA, 89, 0D, 5C, FE, 41, 00, C1, E8, 10, A3, 58, FE, 41, 00, 6A, 01, E8, 4E, 20, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, F9, 1D, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
7.9464

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
84 KB (86,016 bytes)

The file drtl109.exe has been seen being distributed by the following 15 URLs.

http://www.moddb.com/downloads/mirror/38469/102/774d71a6ce421b5c99ec69cda0640a73/?referer=https://.../

http://www.gamefront.com/downloads/mirror/38469/110/636160cb8377e7d866a79989fbcc3af2/?referer=http://www.gamefront.com/games/.../downloads

http://www.moddb.com/downloads/mirror/38469/114/5607d7ee7b16650c9c7abe414575fc3b/?referer=https://.../

http://www.moddb.com/downloads/mirror/38469/.../05aa7430dd9456b0b71f865bda60ff9f

http://www.moddb.com/downloads/mirror/38469/112/7c26b325d6f69f1e52fed58fb8404d92/?referer=https://.../

http://www.moddb.com/downloads/mirror/38469/114/636160cb8377e7d866a79989fbcc3af2/?referer=https://.../

http://gamerz-bg.com/diablo1/.../drtl109.exe

http://www.moddb.com/downloads/mirror/38469/108/e951af2440ff30d24d61f86c2549ba81/?referer=https://.../

http://www.moddb.com/downloads/mirror/38469/108/7f9a0681b00087b7762f297b29dcdefd/?referer=https://.../

about:internet

http://diablo.phx.pl/download/item/.../

http://1woo.tistory.com/.../496ca94ba2948D8.exe

http://www.moddb.com/downloads/mirror/38469/.../cff9b958b6690a84a2d5eb442797d27c

http://freshmeat.1x.biz/.../drtl109.exe

http://ftp.blizzard.com/pub/diablo/patches/.../drtl109.exe

Scan drtl109.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.