ss29

First submission 2023-09-15 15:13:02

File details

File type: PE32+ executable (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 334.0 KB (342016 bytes)
Compile time: 2009-07-14 01:42:05
MD5: 15fa4fe448348d98873a2f4f358ac192
SHA1: 3107270a4b9343a973011e81d1d4d78e80677c91
SHA256: d756fc20143f79f3661e6c01acca255e60b8e645c3e6e8fea1e3bce8e34d1045
Import Hash : ce0c54abf9cb1706cf3f091f1f306b7f
Sections 5 .text .data .pdata .rsrc .reloc
Directories 4 import resource debug relocation
Virus Total: 25/71 VT report date: 2023-09-15 13:13:16

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://ji.alie3ksgbb.com/m/ss29 VirusTotal Report ji.alie3ksgbb.com VirusTotal Report 2023-09-15 15:13:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x47fb0 294912 b47b635dd5a1beb157d85a9fdb1a4d52c8117238 25f57ece98261f3e9f91ddf671ce0cf6
.data 0x49000 0x41f8 7680 6676d0dd3b45cfd95a6e456620244a440779f033 fcf20075cf5c59fa4771a5b869fd1ab4
.pdata 0x4e000 0x1d70 7680 6b10d9414ac1518a046471c0a6c4161e171a0830 fbbb48837422f336e3564f410feae2b8
.rsrc 0x50000 0x7000 28672 73308354a2c5ca076c7509e30646dcadb07095dd a49fca038c48761260e4ed41bc753194
.reloc 0x57000 0x6fa 2048 d4aa9cf4e1b965252984094c4c5b1a9a91b9a181 ea39b693efcb7ac03c1f7d787769fc83

PE Resources 4

Name Language Sublanguage Offset Size Data
MUI LANG_ENGLISH SUBLANG_ENGLISH_US 0x50378 224
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x56a50 176
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x56b84 48
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x56bb4 972

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 5

GetLastError
OutputDebugStringA
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

XML
dxdiag.xml
Text
dxdiag.txt
Library
mscoree.dll
\..\..\dll\debugu\dxdiagn.dll
USER32.dll
KERNEL32.dll
msftedit.dll
\dxdiagn.dll
SHELL32.dll
OLEAUT32.dll
ntdll.dll
ADVAPI32.dll
COMCTL32.dll
COMDLG32.dll
ole32.dll

Strings analysis - Possible URLs found 1

http://schemas.microsoft.com/SMI/2005/WindowsSettings

Import functions

Name Latest seen MD5
esgla2i5.exe 2023-09-15 08:51:03 2273152b5565d0d47b6c59cb5099dc76
etty27.exe 2023-09-15 10:53:03 670add147fa800c55dae647a90f9e4c1