Does the MSDTC backdoor work on 64-bit systems with a 32-bit DLL?

Question

Does the MSDTC backdoor work on 64-bit systems with a 32-bit DLL?

Accepted Answer

No. On 64-bit systems, the MSDTC service launches the 64-bit version of `msdtc.exe` and therefore only loads 64-bit DLLs. The 32-bit `oci.dll` placed in `SysWOW64` will not be loaded. Attackers must use a 64-bit DLL for persistence on 64-bit systems.

Does the MSDTC backdoor work on 64-bit systems with a 32-bit DLL?

Explore More Q&A