d3d10.dll?ex=670cdff9&is=670b8e79&hm=feb51fdb6e7bd3fb1e220204e1d339d7714ce0be0ebd613a7932b8c077ef68c1&

First submission 2024-10-13 18:36:02

File details

File type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Mime type:	application/x-dosexec
File size:	1078.5 KB (1104384 bytes)
Compile time:	2022-11-28 16:39:59
MD5:	15c9072909a72490eb1092bcc7c037e7
SHA1:	da41f3fd32d982dfcad32b818baaf41eb7003330
SHA256:	ef6f600e68f76e9526edb785f37d9f7d53edc717830ec40ff8cc2a8e84319b49
Import Hash :	4f28e9d9ce05cb2af62079ae3e34c7ad
Sections 6	.text .rdata .data .pdata .rsrc .reloc
Directories 5	import resource debug tls relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	15/78 VT report date: 2024-10-13 17:01:37
Malware Type 1	trojan
Threat Type 1	gamehack

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXps://cdn.discordapp.com/attachments/1128590012196323418/1130426239103021116/d3d10.dll?ex=670cdff9&is=670b8e79&hm=feb51fdb6e7bd3fb1e220204e1d339d7714ce0be0ebd613a7932b8c077ef68c1&	cdn.discordapp.com	2024-10-13 18:36:02

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x51d5b	335360	5cbc415d8e8dd033cbd1663d0c9aec652e11fbe8	4fe92c4f196ebad5e6351cb86f94e66e
.rdata	0x53000	0xb85c6	755200	4c9430c95c0bf239e83a58cb9eef3016672a9325	740fe5ea92022280a4c9a448347623e6
.data	0x10c000	0x16e8	3584	6d328cfd6bd4a8c8d89551b24d25bd1aade2c838	1933138ccd354083d618a65e214d32e2
.pdata	0x10e000	0x1dc4	7680	671f246ebcfdb4c82a1705a94266451da8ff160e	a82eef863c1e479e483438f2850cff02
.rsrc	0x110000	0xf8	512	e79f720ed2af3d00835040830730667e18c2c33e	a284a44633c038deae3a3f41f4f0dc91
.reloc	0x111000	0x378	1024	b337863ed21f714c7d1b5ddcfa74972e2e62ee84	714ffbd50af10f32466ac06566e45c6d

PE Resources 1

Name	Language	Sublanguage	Offset	Size	Data
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x110060	145

Anti debug functions 5

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Text
imgui_log.txt
Library
api-ms-win-core-synch-l1-2-0.dll
KERNEL32.dll
api-ms-win-crt-utility-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
SHELL32.dll
msvcp140.dll
ntdll.dll
api-ms-win-crt-string-l1-1-0.dll
D3DCompiler_43.dll
xinput9_1_0.dll
VCRUNTIME140_1.dll
IMM32.dll
api-ms-win-crt-filesystem-l1-1-0.dll
USER32.dll
api-ms-win-crt-runtime-l1-1-0.dll
xinput1_3.dll
xinput1_1.dll
api-ms-win-crt-heap-l1-1-0.dll
xinput1_4.dll
api-ms-win-crt-stdio-l1-1-0.dll
vcruntime140.dll
xinput1_2.dll
api-ms-win-crt-math-l1-1-0.dll

Strings analysis - Possible IPs found 1

127.0.0.1

Strings analysis - Possible URLs found 3

http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
https://fontawesome.com
http://www.google.com/fontshttp://www.hubertfischer.comThis

Import functions

api-ms-win-crt-filesystem-l1-1-0.dll 3 D3DCOMPILER_43.dll 1 api-ms-win-crt-heap-l1-1-0.dll 4 api-ms-win-crt-convert-l1-1-0.dll 2 api-ms-win-crt-string-l1-1-0.dll 3 VCRUNTIME140_1.dll 1 api-ms-win-crt-runtime-l1-1-0.dll 13 KERNEL32.dll 57 api-ms-win-crt-math-l1-1-0.dll 9 api-ms-win-crt-utility-l1-1-0.dll 1 VCRUNTIME140.dll 14 SHELL32.dll 1 api-ms-win-crt-stdio-l1-1-0.dll 17 MSVCP140.dll 60 USER32.dll 24 IMM32.dll 3

Function	Address	Souspicious	Anti Debug
remove	0x180053560
_lock_file	0x180053568
_unlock_file	0x180053570

Function	Address	Souspicious	Anti Debug
D3DCompile	0x180053000

Function	Address	Souspicious	Anti Debug
free	0x180053580
malloc	0x180053588
_callnewh	0x180053590
calloc	0x180053598

Function	Address	Souspicious	Anti Debug
atof	0x180053548
strtoul	0x180053550

Function	Address	Souspicious	Anti Debug
strcmp	0x1800536f8
strncpy	0x180053700
strcpy_s	0x180053708

Function	Address	Souspicious	Anti Debug
__CxxFrameHandler4	0x180053538

Function	Address	Souspicious	Anti Debug
terminate	0x1800535f8
_initterm	0x180053600
_initterm_e	0x180053608
_invalid_parameter_noinfo_noreturn	0x180053610
_cexit	0x180053618
_crt_atexit	0x180053620
_wassert	0x180053628
_seh_filter_dll	0x180053630
_configure_narrow_argv	0x180053638
_execute_onexit_table	0x180053640
_register_onexit_function	0x180053648
_initialize_onexit_table	0x180053650
_initialize_narrow_environment	0x180053658

Function	Address	Souspicious	Anti Debug
WideCharToMultiByte	0x180053030
GlobalUnlock	0x180053038
LoadLibraryA	0x180053040
QueryPerformanceFrequency	0x180053048
QueryPerformanceCounter	0x180053050
VirtualFree	0x180053058
VirtualAlloc	0x180053060
GetSystemInfo	0x180053068
VirtualQuery	0x180053070
HeapCreate	0x180053078
VirtualProtect	0x180053080
HeapFree	0x180053088
GetCurrentProcess	0x180053090
Thread32Next	0x180053098
Thread32First	0x1800530a0
GetCurrentThreadId	0x1800530a8
SuspendThread	0x1800530b0
ResumeThread	0x1800530b8
CreateToolhelp32Snapshot	0x1800530c0
GetLastError	0x1800530c8
HeapReAlloc	0x1800530d0
CloseHandle	0x1800530d8
HeapAlloc	0x1800530e0
GetProcAddress	0x1800530e8
GlobalFree	0x1800530f0
GetCurrentProcessId	0x1800530f8
GetModuleHandleW	0x180053100
FlushInstructionCache	0x180053108
SetThreadContext	0x180053110
OpenThread	0x180053118
DisableThreadLibraryCalls	0x180053120
InitializeSListHead	0x180053128
GetSystemTimeAsFileTime	0x180053130
IsDebuggerPresent	0x180053138
IsProcessorFeaturePresent	0x180053140
TerminateProcess	0x180053148
SetUnhandledExceptionFilter	0x180053150
UnhandledExceptionFilter	0x180053158
RtlVirtualUnwind	0x180053160
RtlLookupFunctionEntry	0x180053168
RtlCaptureContext	0x180053170
CreateEventW	0x180053178
WaitForSingleObjectEx	0x180053180
ResetEvent	0x180053188
SetEvent	0x180053190
DeleteCriticalSection	0x180053198
InitializeCriticalSectionAndSpinCount	0x1800531a0
LeaveCriticalSection	0x1800531a8
EnterCriticalSection	0x1800531b0
IsBadReadPtr	0x1800531b8
GetTickCount64	0x1800531c0
GlobalLock	0x1800531c8
GlobalAlloc	0x1800531d0
GetThreadContext	0x1800531d8
MultiByteToWideChar	0x1800531e0
Sleep	0x1800531e8
GetModuleHandleA	0x1800531f0

Function	Address	Souspicious	Anti Debug
acosf	0x1800535a8
atan2f	0x1800535b0
ceilf	0x1800535b8
fmodf	0x1800535c0
cosf	0x1800535c8
pow	0x1800535d0
powf	0x1800535d8
sinf	0x1800535e0
sqrtf	0x1800535e8

Function	Address	Souspicious	Anti Debug
qsort	0x180053718

Function	Address	Souspicious	Anti Debug
memchr	0x1800534c0
__C_specific_handler	0x1800534c8
__std_type_info_destroy_list	0x1800534d0
__std_exception_destroy	0x1800534d8
__std_exception_copy	0x1800534e0
__std_terminate	0x1800534e8
strstr	0x1800534f0
_CxxThrowException	0x1800534f8
__current_exception	0x180053500
__current_exception_context	0x180053508
memmove	0x180053510
memcpy	0x180053518
memcmp	0x180053520
memset	0x180053528

Function	Address	Souspicious	Anti Debug
SHGetSpecialFolderPathA	0x1800533e8

Function	Address	Souspicious	Anti Debug
fputc	0x180053668
fflush	0x180053670
__stdio_common_vsscanf	0x180053678
__stdio_common_vsprintf	0x180053680
_wfopen	0x180053688
fclose	0x180053690
fgetc	0x180053698
fwrite	0x1800536a0
fread	0x1800536a8
fgetpos	0x1800536b0
ftell	0x1800536b8
_get_stream_buffer_pointers	0x1800536c0
setvbuf	0x1800536c8
_fseeki64	0x1800536d0
fseek	0x1800536d8
fsetpos	0x1800536e0
ungetc	0x1800536e8

Function	Address	Souspicious	Anti Debug
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z	0x180053200
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z	0x180053208
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z	0x180053210
_Query_perf_frequency	0x180053218
??1_Lockit@std@@QEAA@XZ	0x180053220
??0_Lockit@std@@QEAA@H@Z	0x180053228
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ	0x180053230
?_Xbad_alloc@std@@YAXXZ	0x180053238
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A	0x180053240
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z	0x180053248
?id@?$ctype@D@std@@2V0locale@2@A	0x180053250
?_Xlength_error@std@@YAXPEBD@Z	0x180053258
_Thrd_sleep	0x180053260
_Query_perf_counter	0x180053268
_Xtime_get_ticks	0x180053270
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z	0x180053278
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z	0x180053280
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ	0x180053288
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ	0x180053290
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ	0x180053298
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ	0x1800532a0
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z	0x1800532a8
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z	0x1800532b0
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ	0x1800532b8
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ	0x1800532c0
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z	0x1800532c8
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z	0x1800532d0
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z	0x1800532d8
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z	0x1800532e0
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ	0x1800532e8
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z	0x1800532f0
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ	0x1800532f8
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z	0x180053300
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ	0x180053308
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z	0x180053310
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z	0x180053318
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x180053320
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ	0x180053328
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ	0x180053330
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ	0x180053338
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ	0x180053340
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z	0x180053348
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z	0x180053350
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z	0x180053358
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ	0x180053360
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z	0x180053368
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x180053370
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x180053378
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x180053380
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ	0x180053388
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z	0x180053390
?always_noconv@codecvt_base@std@@QEBA_NXZ	0x180053398
??Bid@locale@std@@QEAA_KXZ	0x1800533a0
?uncaught_exceptions@std@@YAHXZ	0x1800533a8
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A	0x1800533b0
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z	0x1800533b8
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z	0x1800533c0
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z	0x1800533c8
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ	0x1800533d0
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ	0x1800533d8

Function	Address	Souspicious	Anti Debug
LoadCursorA	0x1800533f8
ScreenToClient	0x180053400
GetCapture	0x180053408
ClientToScreen	0x180053410
IsChild	0x180053418
TrackMouseEvent	0x180053420
GetForegroundWindow	0x180053428
GetCursorPos	0x180053430
OpenClipboard	0x180053438
SetCapture	0x180053440
SetCursor	0x180053448
CloseClipboard	0x180053450
EmptyClipboard	0x180053458
GetClipboardData	0x180053460
SetClipboardData	0x180053468
DefWindowProcA	0x180053470
CreateWindowExA	0x180053478
GetWindowRect	0x180053480
GetSystemMetrics	0x180053488
CallWindowProcA	0x180053490
mouse_event	0x180053498
SetCursorPos	0x1800534a0
ReleaseCapture	0x1800534a8
GetClientRect	0x1800534b0

Function	Address	Souspicious	Anti Debug
ImmSetCompositionWindow	0x180053010
ImmGetContext	0x180053018
ImmReleaseContext	0x180053020