ttdrecord.dll

  • File Path: C:\Windows\system32\ttdrecord.dll
  • Description: Time Travel Debugging Recording Manager

Hashes

Type Hash
MD5 AFCD3D203B00BF5D747E88449957F870
SHA1 1384286E93DD00BBD0502D8C88246381735FCDF1
SHA256 41DC52EE8599A4246AA6CF115B28A4C4A3747537828FA757AB50DACA0425D5F7
SHA384 C51A229827FDCF83EDA2004A5C886197DE9DC9941F53ADA5137E185D720311D1827EDF10FF99B6149CA17175841578F8
SHA512 640307916084B10827EFAAE0AD8EC991416C8D53761847C73F49FC7934394A382223A52FD3998E6819145317345EA0BE6DF42DF6D21115E6C42E2FA8F7629791
SSDEEP 12288:Qz4I1ZaT7W0jbZOIQq+ABqnq8ZDdeU96VSyCpP:74UT1bZOIttqnrZgUAVSyCpP
IMP 621E2BC87332925C1703AA431B903A96
PESHA1 64BD28BDD4511E503ED1C79D7477BB5AED4D4468
PE256 B131F9C0488864B2D4410F6DE3AFAC9479C0828CA32991D5CAAEC9C3767BB6AF

DLL Exports:

Function Name Ordinal Type
ExecuteTTTracerCommandLine 1 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: TTDRecord.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/41dc52ee8599a4246aa6cf115b28a4c4a3747537828fa757ab50daca0425d5f7/detection/

Possible Misuse

The following table contains possible examples of ttdrecord.dll being misused. While ttdrecord.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_tttracer_mod_load.yml - '\ttdrecord.dll' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.