sqlite3.dll

First submission 2023-02-06 10:44:03 Last sumbission 2024-10-18 08:14:02

File details

File type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
File size:	1081.05 KB (1106998 bytes)
Compile time:	2022-09-05 13:30:31
MD5:	1f44d4d3087c2b202cf9c90ee9d04b0f
SHA1:	106a3ebc9e39ab6ddb3ff987efb6527c956f192d
SHA256:	4841020c8bd06b08fde6e44cbe2e2ab33439e1c8368e936ec5b00dc0584f7260
Import Hash :	e727d00364cd87d72f56e7ba919d1d40
Sections 18	.text .data .rdata .bss .edata .idata .CRT .tls .rsrc .reloc /4 /19 /31 /45 /57 /70 /81 /92
Directories 5	relocation tls resource export import

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	0/68 VT report date: 2023-02-03 23:51:08

URLs, FQDN and IP indicators 12

URL	Host (FQDN/IP)	Date Added
hXXp://91.211.248.209/c3fc6c66bf3bccb0/sqlite3.dll	91.211.248.209	2024-10-18 08:14:10
hXXp://147.45.41.134/b65e93b2e3fe9102/sqlite3.dll	147.45.41.134	2024-10-17 08:34:09
hXXp://147.45.47.86/12182f9d6e8b5491/sqlite3.dll	147.45.47.86	2024-10-16 21:50:06
hXXp://91.214.78.178/094d58d3b8547ded/sqlite3.dll	91.214.78.178	2024-10-16 21:39:08
hXXp://91.211.248.13/7e94ecaaae676f92/sqlite3.dll	91.211.248.13	2024-10-16 08:46:08
hXXp://178.63.148.7/09f5d6b1c37d35fd/sqlite3.dll	178.63.148.7	2024-10-15 09:20:05
hXXp://185.244.219.195/ac45f2162b48380d/sqlite3.dll	185.244.219.195	2024-10-15 09:04:05
hXXp://154.216.17.107/6629bc44dc2f00ef/sqlite3.dll	154.216.17.107	2024-10-14 23:21:06
hXXp://178.159.43.166/0028a0f3432ee7b2/sqlite3.dll	178.159.43.166	2024-10-13 20:29:06
hXXp://95.217.125.57/557b2ce3c387a13c/sqlite3.dll	95.217.125.57	2024-10-13 15:40:06
hXXp://178.63.215.77/a43eb2d9880da9a6/sqlite3.dll	178.63.215.77	2024-10-12 18:35:05
hXXp://45.91.200.43/b112953a9d0b6fc2/sqlite3.dll	45.91.200.43	2024-10-12 02:11:05

PE Sections 3 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0xb2584	730624	3b7a4f4b858a349697243ce91db2fc512735ff5f	89d6f610af1de26d89cae60c5c124719
.data	0xb4000	0x277c	10240	6db5f5f41ddded4713e36523aea7d82d38218835	4501d1fe23bbd866a3c2c73a2ec32e1d
.rdata	0xb7000	0x14470	83456	de6f4e8bf13d90ee6a0dacae216b397ef69d73fc	a99bb0563ed0522b5bb0bfe968959c0b
.bss	0xcc000	0x828	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.edata	0xcd000	0x2a88	11264	0404a59ec74df184232540804ca179818b801c05	67abbc4618242a08389c62d3a0c71934
.idata	0xd0000	0xcd0	3584	5797f99c1e6350fd41d9a961b533283437011764	babe1772ea552a620c9f422179d8118d
.CRT	0xd1000	0x2c	512	6bc90b043830bd07cd71d09b6efa2e3b6a4770f1	dbb3501dc7d479f2883aa1c853359a4e
.tls	0xd2000	0x20	512	9950987b9446aae9654755b6d6fd0fe97ed4a27e	c96e597f35f28ef79f86b2b585e50d3f
.rsrc	0xd3000	0x4a8	1536	f4cd965395bdca4962326f8cb2e85c68fba24879	b6ef939ec6981e8b10a257e873e2af71
.reloc	0xd4000	0x3c18	15872	f8f1b1e43a822a9ab6d6695cbf89f7ed17024165	d9751c33ee78fb3258e48a4ebafb8716
/4	0xd8000	0x538	1536	2fcf12b94072dcda33a7683dd4061eeea7ed7cc2	8ffb94093bfd9306022d64ed1cb62222
/19	0xd9000	0xc852	51712	7ab09ec33b8802c5c8d6da3ad042dbe68f7c615f	2ab86208130890d7d5de3b96ae522cbd
/31	0xe6000	0x275d	10240	98f7715c89a0fe456fbf641bcc6a308eba9ea474	2acd32ceee2eabb1b41b2156475cf2bf
/45	0xe9000	0x2d9a	11776	b9695ff9bce1f0a3bcf0c9d29a1f243ed125b9fd	a4637db5bf16e80fa7296c4b918b59fe
/57	0xec000	0xb5c	3072	055c64c23d2214506caef63e8099f560139c24b0	64b9808ff1e60919af9f44f50e99d1e4
/70	0xed000	0x323	1024	125f0a4686f4ab36a2e70b3eeedc1ee28b38945a	2030959f875392ef618b84f7bea8535a
/81	0xee000	0x3a73	15360	47b036f0f87fc4fd3c2422e993c4b5cb0d0953c7	51642d84ad89c5891f7418af580540c7
/92	0xf2000	0x350	1024	015d30ce044b653cbb6c72868a9c10ab95539c85	12f4aae57e6ac90fc06369b130799fcf

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Library
SQLite3.dll
KERNEL32.dll
MSVCRT.dll
libgcj-16.dll

Strings analysis - Possible URLs found 1

http://www.sqlite.org/copyright.html

PE Exports 340 suspicious

Function	Address
sqlite3session_table_filter	0x61eadb72
sqlite3session_patchset_strm	0x61eae215
sqlite3session_patchset	0x61eae248
sqlite3session_object_config	0x61eae346
sqlite3session_memory_used	0x61eae338
sqlite3session_isempty	0x61eae2ed
sqlite3session_indirect	0x61eae2b2
sqlite3session_enable	0x61eae277
sqlite3session_diff	0x61eadce1
sqlite3session_delete	0x61eadadf
sqlite3session_create	0x61eada13
sqlite3session_config	0x61eaf69f
sqlite3session_changeset_strm	0x61eae1e5
sqlite3session_changeset_size	0x61eae382
sqlite3session_changeset	0x61eae1b9
sqlite3session_attach	0x61eadb8d
sqlite3rebaser_rebase_strm	0x61eaf611
sqlite3rebaser_rebase	0x61eaf5aa
sqlite3rebaser_delete	0x61eaf67a
sqlite3rebaser_create	0x61eaf427
sqlite3rebaser_configure	0x61eaf55a
sqlite3changeset_start_v2_strm	0x61eae424
sqlite3changeset_start_v2	0x61eae3c1
sqlite3changeset_start_strm	0x61eae3ef
sqlite3changeset_start	0x61eae390
sqlite3changeset_pk	0x61eae49f
sqlite3changeset_op	0x61eae46f
sqlite3changeset_old	0x61e0f460
sqlite3changeset_next	0x61eae458
sqlite3changeset_new	0x61e0f49a
sqlite3changeset_invert_strm	0x61eaf16a
sqlite3changeset_invert	0x61eaf12b
sqlite3changeset_fk_conflicts	0x61eae4ff
sqlite3changeset_finalize	0x61eae522
sqlite3changeset_conflict	0x61eae4bf
sqlite3changeset_concat_strm	0x61eaf45b
sqlite3changeset_concat	0x61eaf4d6
sqlite3changeset_apply_v2_strm	0x61eaf27b
sqlite3changeset_apply_v2	0x61eaf1c0
sqlite3changeset_apply_strm	0x61eaf2ec
sqlite3changeset_apply	0x61eaf22d
sqlite3changegroup_output_strm	0x61eaf3e2
sqlite3changegroup_output	0x61eaf380
sqlite3changegroup_new	0x61eaf551
sqlite3changegroup_delete	0x61eaf402
sqlite3changegroup_add_strm	0x61eaf39c
sqlite3changegroup_add	0x61eaf33a
sqlite3_win32_write_debug	0x61e33442
sqlite3_win32_utf8_to_unicode	0x61eaced8
sqlite3_win32_utf8_to_mbcs_v2	0x61eacf92
sqlite3_win32_utf8_to_mbcs	0x61eacf69
sqlite3_win32_unicode_to_utf8	0x61eacef9
sqlite3_win32_sleep	0x61e334a4
sqlite3_win32_set_directory8	0x61eacfb8
sqlite3_win32_set_directory16	0x61ead052
sqlite3_win32_set_directory	0x61ead09e
sqlite3_win32_mbcs_to_utf8_v2	0x61eacf43
sqlite3_win32_mbcs_to_utf8	0x61eacf1a
sqlite3_win32_is_nt	0x61e335bf
sqlite3_wal_hook	0x61e05e49
sqlite3_wal_checkpoint_v2	0x61e8d5ef
sqlite3_wal_checkpoint	0x61e8d633
sqlite3_wal_autocheckpoint	0x61e0e763
sqlite3_vtab_rhs_value	0x61e2ef89
sqlite3_vtab_on_conflict	0x61e04ad3
sqlite3_vtab_nochange	0x61e03836
sqlite3_vtab_in_next	0x61e51269
sqlite3_vtab_in_first	0x61e51258
sqlite3_vtab_in	0x61e04f02
sqlite3_vtab_distinct	0x61e04f40
sqlite3_vtab_config	0x61e2c884
sqlite3_vtab_collation	0x61e28a5e
sqlite3_vsnprintf	0x61e2a162
sqlite3_vmprintf	0x61e42bdb
sqlite3_vfs_unregister	0x61e35558
sqlite3_vfs_register	0x61e3546e
sqlite3_vfs_find	0x61e353d4
sqlite3_version	0x61eca8a0
sqlite3_value_type	0x61e037c5
sqlite3_value_text16le	0x61e1fde1
sqlite3_value_text16be	0x61e1fdd0
sqlite3_value_text16	0x61e1ffa4
sqlite3_value_text	0x61e1f87f
sqlite3_value_subtype	0x61e037b1
sqlite3_value_pointer	0x61e11df1
sqlite3_value_numeric_type	0x61e32d74
sqlite3_value_nochange	0x61e037da
sqlite3_value_int64	0x61e0c9a6
sqlite3_value_int	0x61e0c999
sqlite3_value_frombind	0x61e037f3
sqlite3_value_free	0x61e0b4d0
sqlite3_value_dup	0x61e35bfa
sqlite3_value_double	0x61e191fc
sqlite3_value_bytes16	0x61e1f808
sqlite3_value_bytes	0x61e1f7ce
sqlite3_value_blob	0x61e1f8b8
sqlite3_user_data	0x61e0381b
sqlite3_uri_parameter	0x61e09ada
sqlite3_uri_key	0x61e09b68
sqlite3_uri_int64	0x61e11fa7
sqlite3_uri_boolean	0x61e09b35
sqlite3_update_hook	0x61e05d6d
sqlite3_txn_state	0x61e05a4a
sqlite3_transfer_bindings	0x61e1307a
sqlite3_trace_v2	0x61e05c7f
sqlite3_trace	0x61e05c2e
sqlite3_total_changes64	0x61e05a31
sqlite3_total_changes	0x61e05a3f
sqlite3_threadsafe	0x61e05987
sqlite3_thread_cleanup	0x61e05f75
sqlite3_test_control	0x61eaca78
sqlite3_temp_directory	0x61ecc024
sqlite3_table_column_metadata	0x61e8d0b6
sqlite3_system_errno	0x61e05e8b
sqlite3_strnicmp	0x61e019be
sqlite3_strlike	0x61e0a9fa
sqlite3_stricmp	0x61e01998
sqlite3_strglob	0x61e0a9df
sqlite3_str_vappendf	0x61e19208
sqlite3_str_value	0x61e01819
sqlite3_str_reset	0x61e0aef2
sqlite3_str_new	0x61e36a05
sqlite3_str_length	0x61e01808
sqlite3_str_finish	0x61e1aa6f
sqlite3_str_errcode	0x61e017f3
sqlite3_str_appendf	0x61e1a734
sqlite3_str_appendchar	0x61e1d54e
sqlite3_str_appendall	0x61e1d3dd
sqlite3_str_append	0x61e1d3a8
sqlite3_stmt_status	0x61e11748
sqlite3_stmt_readonly	0x61e03909
sqlite3_stmt_isexplain	0x61e03926
sqlite3_stmt_busy	0x61e03940
sqlite3_step	0x61e7485a
sqlite3_status64	0x61e2c73d
sqlite3_status	0x61e2c7cd
sqlite3_sql	0x61e03993
sqlite3_sourceid	0x61e0890e
sqlite3_soft_heap_limit64	0x61e3579a
sqlite3_soft_heap_limit	0x61e3586f
sqlite3_snprintf	0x61e2a1be
sqlite3_sleep	0x61e35437
sqlite3_shutdown	0x61ead189
sqlite3_set_last_insert_rowid	0x61e059e3
sqlite3_set_auxdata	0x61e1acc9
sqlite3_set_authorizer	0x61e040ac
sqlite3_serialize	0x61e8dc63
sqlite3_rtree_query_callback	0x61ead981
sqlite3_rtree_geometry_callback	0x61ead903
sqlite3_rollback_hook	0x61e05daf
sqlite3_result_zeroblob64	0x61e1ee15
sqlite3_result_zeroblob	0x61e1ee7c
sqlite3_result_value	0x61e1ec66
sqlite3_result_text64	0x61e2175a
sqlite3_result_text16le	0x61e21475
sqlite3_result_text16be	0x61e21456
sqlite3_result_text16	0x61e21494
sqlite3_result_text	0x61e20dee
sqlite3_result_subtype	0x61e03805
sqlite3_result_pointer	0x61e13a5e
sqlite3_result_null	0x61e0b3be
sqlite3_result_int64	0x61e0b35f
sqlite3_result_int	0x61e0b32d
sqlite3_result_error_toobig	0x61e1ec29
sqlite3_result_error_nomem	0x61e20cbe
sqlite3_result_error_code	0x61e2149a
sqlite3_result_error16	0x61e1ebf0
sqlite3_result_error	0x61e1e8c1
sqlite3_result_double	0x61e138f6
sqlite3_result_blob64	0x61e21706
sqlite3_result_blob	0x61e20dcf
sqlite3_reset_auto_extension	0x61ead136
sqlite3_reset	0x61e59035
sqlite3_release_memory	0x61e0179e
sqlite3_realloc64	0x61e3b57b
sqlite3_realloc	0x61e3a0ff
sqlite3_randomness	0x61e48a85
sqlite3_progress_handler	0x61e05bc0
sqlite3_profile	0x61e05cd7
sqlite3_preupdate_old	0x61e504d9
sqlite3_preupdate_new	0x61e34c77
sqlite3_preupdate_hook	0x61ead8ba
sqlite3_preupdate_depth	0x61e34c3d
sqlite3_preupdate_count	0x61e34c1f
sqlite3_preupdate_blobwrite	0x61e34c5f
sqlite3_prepare_v3	0x61e87e29
sqlite3_prepare_v2	0x61e878f8
sqlite3_prepare16_v3	0x61e8859d
sqlite3_prepare16_v2	0x61e88576
sqlite3_prepare16	0x61e8854f
sqlite3_prepare	0x61e84e6a
sqlite3_overload_function	0x61e4681d
sqlite3_os_init	0x61e354d1
sqlite3_os_end	0x61e34c0e
sqlite3_open_v2	0x61ead802
sqlite3_open16	0x61ead81a
sqlite3_open	0x61ead7e7
sqlite3_next_stmt	0x61e0395a
sqlite3_mutex_try	0x61e0176c
sqlite3_mutex_leave	0x61e01781
sqlite3_mutex_free	0x61e01746
sqlite3_mutex_enter	0x61e01759
sqlite3_mutex_alloc	0x61e35598
sqlite3_msize	0x61e017b6
sqlite3_mprintf	0x61e42ea8
sqlite3_memory_used	0x61e2c825
sqlite3_memory_highwater	0x61e2c855
sqlite3_memory_alarm	0x61e3343b
sqlite3_malloc64	0x61e369df
sqlite3_malloc	0x61e35921
sqlite3_log	0x61e2a4ce
sqlite3_load_extension	0x61e44dbd
sqlite3_limit	0x61e05e9c
sqlite3_libversion_number	0x61e0597d
sqlite3_libversion	0x61e05973
sqlite3_last_insert_rowid	0x61e059d5
sqlite3_keyword_name	0x61e051b3
sqlite3_keyword_count	0x61e051e8
sqlite3_keyword_check	0x61e13473
sqlite3_interrupt	0x61e08918
sqlite3_initialize	0x61e3502f
sqlite3_hard_heap_limit64	0x61e35893
sqlite3_global_recover	0x61ead8fc
sqlite3_get_table	0x61e8d680
sqlite3_get_auxdata	0x61e03851
sqlite3_get_autocommit	0x61e05f69
sqlite3_free_table	0x61e0b77e
sqlite3_free_filename	0x61e0b7cb
sqlite3_free	0x61e0ae03
sqlite3_finalize	0x61e5655a
sqlite3_filename_wal	0x61e09bfa
sqlite3_filename_journal	0x61e09bc1
sqlite3_filename_database	0x61e05fd1
sqlite3_file_control	0x61e16076
sqlite3_extended_result_codes	0x61e05f7a
sqlite3_extended_errcode	0x61e2d326
sqlite3_expired	0x61e03794
sqlite3_expanded_sql	0x61e1f629
sqlite3_exec	0x61e75015
sqlite3_errstr	0x61e0e70b
sqlite3_error_offset	0x61e2d2a4
sqlite3_errmsg16	0x61e2d3e1
sqlite3_errmsg	0x61e2d35e
sqlite3_errcode	0x61e2d2eb
sqlite3_enable_shared_cache	0x61e02ce4
sqlite3_enable_load_extension	0x61e34de8
sqlite3_drop_modules	0x61e23e54
sqlite3_deserialize	0x61e8de6c
sqlite3_declare_vtab	0x61e8b02b
sqlite3_db_status	0x61e17032
sqlite3_db_release_memory	0x61e154d5
sqlite3_db_readonly	0x61e06027
sqlite3_db_name	0x61e06009
sqlite3_db_mutex	0x61e05991
sqlite3_db_handle	0x61e038f9
sqlite3_db_filename	0x61e13884
sqlite3_db_config	0x61e14651
sqlite3_db_cacheflush	0x61e5291b
sqlite3_database_file_object	0x61e02a47
sqlite3_data_directory	0x61ecc020
sqlite3_data_count	0x61e038af
sqlite3_create_window_function	0x61e2cee0
sqlite3_create_module_v2	0x61e23e36
sqlite3_create_module	0x61e23d2a
sqlite3_create_function_v2	0x61e2ce9a
sqlite3_create_function16	0x61e2cf25
sqlite3_create_function	0x61e2cc50
sqlite3_create_filename	0x61e39e09
sqlite3_create_collation_v2	0x61e2d10b
sqlite3_create_collation16	0x61e2d199
sqlite3_create_collation	0x61e2d162
sqlite3_context_db_handle	0x61e03829
sqlite3_config	0x61e34e2e
sqlite3_complete16	0x61ead24a
sqlite3_complete	0x61e056f2
sqlite3_compileoption_used	0x61e09c1c
sqlite3_compileoption_get	0x61e06049
sqlite3_commit_hook	0x61e05d2b
sqlite3_column_value	0x61e118d9
sqlite3_column_type	0x61e11954
sqlite3_column_text16	0x61e1ff78
sqlite3_column_text	0x61e1f9e1
sqlite3_column_table_name16	0x61e1ff2a
sqlite3_column_table_name	0x61e1ff12
sqlite3_column_origin_name16	0x61e1ff5d
sqlite3_column_origin_name	0x61e1ff45
sqlite3_column_name16	0x61e1fe91
sqlite3_column_name	0x61e1fe79
sqlite3_column_int64	0x61e118b0
sqlite3_column_int	0x61e11884
sqlite3_column_double	0x61e2e46f
sqlite3_column_decltype16	0x61e1fec4
sqlite3_column_decltype	0x61e1feac
sqlite3_column_database_name16	0x61e1fef7
sqlite3_column_database_name	0x61e1fedf
sqlite3_column_count	0x61e0389a
sqlite3_column_bytes16	0x61e1f819
sqlite3_column_bytes	0x61e1f7dc
sqlite3_column_blob	0x61e1f9b5
sqlite3_collation_needed16	0x61e05f25
sqlite3_collation_needed	0x61e05ee1
sqlite3_close_v2	0x61e557d5
sqlite3_close	0x61e557c7
sqlite3_clear_bindings	0x61e0b431
sqlite3_changes64	0x61e05a18
sqlite3_changes	0x61e05a26
sqlite3_cancel_auto_extension	0x61e0468c
sqlite3_busy_timeout	0x61e0e714
sqlite3_busy_handler	0x61e05b72
sqlite3_blob_write	0x61e58f9a
sqlite3_blob_reopen	0x61e9875b
sqlite3_blob_read	0x61e58238
sqlite3_blob_open	0x61e97fc1
sqlite3_blob_close	0x61e5664b
sqlite3_blob_bytes	0x61e039a7
sqlite3_bind_zeroblob64	0x61e2d781
sqlite3_bind_zeroblob	0x61e2d714
sqlite3_bind_value	0x61e2d9b0
sqlite3_bind_text64	0x61e2d945
sqlite3_bind_text16	0x61e2d981
sqlite3_bind_text	0x61e2d916
sqlite3_bind_pointer	0x61e2d68c
sqlite3_bind_parameter_name	0x61e038dc
sqlite3_bind_parameter_index	0x61e158ca
sqlite3_bind_parameter_count	0x61e038ca
sqlite3_bind_null	0x61e2d65b
sqlite3_bind_int64	0x61e2d5e6
sqlite3_bind_int	0x61e2d635
sqlite3_bind_double	0x61e2d595
sqlite3_bind_blob64	0x61e2d8e7
sqlite3_bind_blob	0x61e2d8b8
sqlite3_backup_step	0x61e52f80
sqlite3_backup_remaining	0x61e03446
sqlite3_backup_pagecount	0x61e03451
sqlite3_backup_init	0x61e5501e
sqlite3_backup_finish	0x61e555d0
sqlite3_autovacuum_pages	0x61e05df1
sqlite3_auto_extension	0x61ead0a4
sqlite3_aggregate_count	0x61e0388c
sqlite3_aggregate_context	0x61e1d756