OnlineFix64.dll?ex=670c2d65&is=670adbe5&hm=dc7f593d8c2ccceac8a1a7909f282191a89ab7b09b7809d64ad37ab376a16995&

First submission 2024-10-13 19:30:02

File details

File type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Mime type:	application/x-dosexec
File size:	4679.5 KB (4791808 bytes)
Compile time:	2022-03-28 14:45:09
MD5:	05fdda04525c97630c95e5095164cde3
SHA1:	c77ee48196d6f0b59b92b2e8bd2d16b6a0a22884
SHA256:	d80efa7ffc44b018e51f5528cf5b701e6c05c47108f2be98611f08591477b4ed
Import Hash :	4b8e5391ed1e2ba024790d409b61ce13
Sections 10	.text .rdata .data .pdata _RDATA .of0 .of1 .of2 .reloc .rsrc
Directories 5	import export resource tls relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	31/77 VT report date: 2024-10-12 23:56:44
Malware Type 3	hacktool trojan pua
Threat Type 2	crack usblc924

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXps://cdn.discordapp.com/attachments/1277328137901834301/1294758582201352312/OnlineFix64.dll?ex=670c2d65&is=670adbe5&hm=dc7f593d8c2ccceac8a1a7909f282191a89ab7b09b7809d64ad37ab376a16995&	cdn.discordapp.com	2024-10-13 19:30:02

PE Sections 8 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x19a290	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.rdata	0x19c000	0x8192e	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.data	0x21e000	0x4cc00	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.pdata	0x26b000	0x13380	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
_RDATA	0x27f000	0xf4	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.of0	0x280000	0x1a15b4	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.of1	0x422000	0x9a0	2560	da3b9912a4acfb8465807217510f569857994619	c10fda99ea4a5919b85004d8e1220529
.of2	0x423000	0x49090c	4786688	32baa93cc2134c5219b611ef9baaf14502216f49	b312245a909604dc399f9abe426feb8c
.reloc	0x8b4000	0xdc	512	f15a1a718d69d2f4ae1c3312056785a303a9c49c	5e6451a6039aa49c355a0d8231822485
.rsrc	0x8b5000	0x294	1024	675496e521f48d946c4a0199232cd3f7ee6f5a82	fc4969baf3c8feebca725168e0f3f75d

PE Resources 1

Name	Language	Sublanguage	Offset	Size	Data
RT_VERSION	LANG_RUSSIAN	SUBLANG_RUSSIAN	0x8b5058	572

Name

Language

Sublanguage

Offset

Size

Data

RT_VERSION

LANG_RUSSIAN

SUBLANG_RUSSIAN

0x8b5058

572

Meta infos 6

LegalCopyright:	Copyright (C) 2021-2022, 0xdeadc0de
FileVersion:	1.1.2.7
CompanyName:	Online-Fix
Translation:	0x0007 0x04b0
FileDescription:	Online-Fix Steamclient
ProductVersion:	1.1.2.7

Strings analysis - File found

Adobe Flash
r.swF
Library
ADVAPI32.dll
USER32.dll
B<SHELL32.dll
KERNEL32.dll
WLDAP32.dll
OnlineFix64.dll
WS2_32.dll

Strings analysis - Possible IPs found 1

1.1.2.7

Import functions

WLDAP32.dll 1 ADVAPI32.dll 1 KERNEL32.dll 8 SHELL32.dll 1 WS2_32.dll 1 USER32.dll 1

Function	Address	Souspicious	Anti Debug
None	0x180422040

Function	Address	Souspicious	Anti Debug
RegisterEventSourceW	0x180422050

Function	Address	Souspicious	Anti Debug
LoadLibraryA	0x180422000
LocalAlloc	0x180422060
LocalFree	0x180422068
GetModuleFileNameW	0x180422070
ExitProcess	0x180422078
LoadLibraryA	0x180422080
GetModuleHandleA	0x180422088
GetProcAddress	0x180422090

Function	Address	Souspicious	Anti Debug
SHGetSpecialFolderPathA	0x180422020

Function	Address	Souspicious	Anti Debug
ioctlsocket	0x180422030

Function	Address	Souspicious	Anti Debug
GetUserObjectInformationW	0x180422010

PE Exports 60 suspicious

Function	Address
Breakpad_SteamMiniDumpInit	0x180054650
Breakpad_SteamSetAppID	0x180054660
Breakpad_SteamSetSteamID	0x180054670
Breakpad_SteamWriteMiniDumpSetComment	0x180054680
Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId	0x180054690
CreateInterface	0x180054520
OnlineFix	0x180054360
ShellExecuteA	0x180054370
ShellExecuteW	0x1800543d0
Steam_BConnected	0x1800547d0
Steam_BGetCallback	0x180054430
Steam_BLoggedOn	0x1800547e0
Steam_BReleaseSteamPipe	0x1800547f0
Steam_ConnectToGlobalUser	0x180054800
Steam_CreateGlobalUser	0x180054810
Steam_CreateLocalUser	0x180054820
Steam_CreateSteamPipe	0x180054830
Steam_FreeLastCallback	0x180054840
Steam_GSBLoggedOn	0x180054860
Steam_GSBSecure	0x180054870
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient	0x180054880
Steam_GSGetSteamID	0x180054890
Steam_GSLogOff	0x1800548a0
Steam_GSLogOn	0x1800548b0
Steam_GSRemoveUserConnect	0x1800548c0
Steam_GSSendSteam2UserConnect	0x1800548d0
Steam_GSSendSteam3UserConnect	0x1800548e0
Steam_GSSendUserDisconnect	0x1800548f0
Steam_GSSendUserStatusResponse	0x180054900
Steam_GSSetServerType	0x180054910
Steam_GSSetSpawnCount	0x180054920
Steam_GSUpdateStatus	0x180054930
Steam_GetAPICallResult	0x180054480
Steam_GetGSHandle	0x180054850
Steam_InitiateGameConnection	0x180054940
Steam_LogOff	0x180054950
Steam_LogOn	0x180054960
Steam_ReleaseThreadLocalMemory	0x180054970
Steam_ReleaseUser	0x180054980
Steam_SetLocalIPBinding	0x180054990
Steam_TerminateGameConnection	0x1800549a0
hid_close	0x1800546a0
hid_enumerate	0x1800546b0
hid_error	0x1800546c0
hid_exit	0x1800546d0
hid_free_enumeration	0x1800546e0
hid_get_feature_report	0x1800546f0
hid_get_indexed_string	0x180054700
hid_get_manufacturer_string	0x180054710
hid_get_product_string	0x180054720
hid_get_serial_number_string	0x180054730
hid_init	0x180054740
hid_open	0x180054750
hid_open_path	0x180054760
hid_read	0x180054770
hid_read_timeout	0x180054780
hid_send_feature_report	0x180054790
hid_set_nonblocking	0x1800547a0
hid_write	0x1800547b0
hid_write_output_report	0x1800547c0