DigitalSide Threat Intel

datdll.rar

First submission 2024-10-15 19:35:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 40.0 KB (40960 bytes)
Compile time: 2022-03-05 16:11:54
MD5: 21082f24acc2835ca29295729bff4d1c
SHA1: 7c3b45fce8effe3029f2a76adc14ad0389dea8b6
SHA256: 6aae60a32e444fdd0eaad750865fde8b604cb995776b07dddb3865d1e3ac3a2d
Import Hash : 399c4e86af8c1db069a69fbe120be19f
Sections 3 .text .data .rsrc
Directories 2 import resource

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 13/75 VT report date: 2023-06-03 11:11:50

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://dow.andylab.cn/datdll.rar VirusTotal Report dow.andylab.cn VirusTotal Report 2024-10-15 19:35:03

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x67a0 28672 39dabd25ef9ab5c74c9362e647a58f23c161a72d d355f3c381b013e2fc382314495b5489
.data 0x8000 0xaa0 4096 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x9000 0xb8c 4096 713d2a063224fa753ae7a1ddd21a3a4759c0625c 171cba7c22f29757d8aeb1de7b483283

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x92e4 2216
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x92d0 20
RT_VERSION LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x90f0 480

Meta infos 6

InternalName: dat
ProductVersion: 2022.03.0005
Translation: 0x0804 0x04b0
ProductName: dat
OriginalFilename: dat.exe
FileVersion: 2022.03.0005

Packers detected 2

Microsoft Visual Basic v5.0 - v6.0
Microsoft Visual Basic v5.0

Strings analysis - File found

Autogen
C:\Program Files (x86)\VB6Mini\bin\VB6.OLB
Data
taskkill /f /im NewTcp.Dat
Text
C\MirOfGame.txt
Library
taskkill /f /im MirYk360.dll
VBA6.DLL
VB5!6&vb6chs.dll
MSVBVM60.DLL
PSAPI.DLL

Import functions

Function Address Souspicious Anti Debug
__vbaVarSub 0x401000
_CIcos 0x401004
_adj_fptan 0x401008
__vbaVarMove 0x40100c
__vbaStrI4 0x401010
__vbaFreeVar 0x401014
__vbaStrVarMove 0x401018
__vbaFreeVarList 0x40101c
__vbaEnd 0x401020
_adj_fdiv_m64 0x401024
None 0x401028
__vbaFreeObjList 0x40102c
_adj_fprem1 0x401030
None 0x401034
__vbaRecAnsiToUni 0x401038
__vbaStrCat 0x40103c
__vbaLsetFixstr 0x401040
__vbaSetSystemError 0x401044
__vbaHresultCheckObj 0x401048
_adj_fdiv_m32 0x40104c
__vbaOnError 0x401050
__vbaObjSet 0x401054
_adj_fdiv_m16i 0x401058
_adj_fdivr_m16i 0x40105c
__vbaVarIndexLoad 0x401060
__vbaStrFixstr 0x401064
None 0x401068
__vbaBoolVarNull 0x40106c
_CIsin 0x401070
__vbaVarCmpGt 0x401074
__vbaChkstk 0x401078
__vbaFileClose 0x40107c
None 0x401080
EVENT_SINK_AddRef 0x401084
None 0x401088
__vbaStrCmp 0x40108c
__vbaVarTstEq 0x401090
DllFunctionCall 0x401094
_adj_fpatan 0x401098
__vbaRecUniToAnsi 0x40109c
EVENT_SINK_Release 0x4010a0
__vbaNew 0x4010a4
None 0x4010a8
_CIsqrt 0x4010ac
__vbaVarAnd 0x4010b0
EVENT_SINK_QueryInterface 0x4010b4
__vbaExceptHandler 0x4010b8
None 0x4010bc
__vbaPrintFile 0x4010c0
__vbaStrToUnicode 0x4010c4
_adj_fprem 0x4010c8
_adj_fdivr_m64 0x4010cc
None 0x4010d0
__vbaFPException 0x4010d4
__vbaInStrVar 0x4010d8
__vbaStrVarVal 0x4010dc
None 0x4010e0
_CIlog 0x4010e4
__vbaFileOpen 0x4010e8
__vbaNew2 0x4010ec
None 0x4010f0
__vbaInStr 0x4010f4
_adj_fdiv_m32i 0x4010f8
_adj_fdivr_m32i 0x4010fc
__vbaI4Str 0x401100
__vbaFreeStrList 0x401104
_adj_fdivr_m32 0x401108
_adj_fdiv_r 0x40110c
None 0x401110
__vbaI4Var 0x401114
__vbaVarCmpEq 0x401118
__vbaVarDup 0x40111c
__vbaStrToAnsi 0x401120
None 0x401124
_CIatan 0x401128
__vbaStrMove 0x40112c
_allmul 0x401130
_CItan 0x401134
_CIexp 0x401138
__vbaFreeObj 0x40113c
__vbaFreeStr 0x401140