nldupdater.exe

First submission 2023-01-22 20:49:07

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 1303.0 KB (1334272 bytes)
Compile time: 1992-06-20 00:22:17
MD5: 2175488e7dc5276453357f93818e07d7
SHA1: 70a063d0e61a827a1704b9a62b2ce30897db504e
SHA256: 91f87ab3470bff9e8f2d3f74a1ab559fda3ea18a0cf908444acf32edc851a0fe
Import Hash : ad34b9ef6b1c0ee220ca4623d694de2b
Sections 8 CODE DATA BSS .idata .tls .rdata .reloc .rsrc
Directories 4 relocation tls resource import
Virus Total: 26/70 VT report date: 2023-01-22 10:25:06

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com/downloads/nldupdater.exe VirusTotal Report abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com VirusTotal Report 2023-01-22 20:49:11

PE Sections 4 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
CODE 0x1000 0xb7e78 753664 8b173343567d46f0f042f2ceda196448d708f1b2 6930a65576ffbba7b0525499ae32b3a9
DATA 0xb9000 0x19508 103936 4311bb667f49cde9faa5fd4ff7c38babde32ce50 d30b0bd0e8be804a081c604f8b5e052a
BSS 0xd3000 0x1b31 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0xd5000 0x2428 9728 2440c87f53353dbd943d2351afb364ce040c826a c25c6ebaf6833f0c2be44440c26ed8f0
.tls 0xd8000 0x10 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xd9000 0x18 512 414ab69deed4a7f80c9f5745ed92ce8a9a0523c2 bd5c942eb22a57d7893da2692cb0f12e
.reloc 0xda000 0xc694 51200 6ab303231584e08af6194637061f04f348f78e1e 8467404174ed4bd7edc7f40904acd48f
.rsrc 0xe7000 0x65200 414208 0924b58a913ab77527310042add36b44dcce5b37 1a7d7a6889ab671199a7b4c9cb270a75

PE Resources 9

Name Language Sublanguage Offset Size Data
RT_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0xe84fc 308
RT_BITMAP LANG_NEUTRAL SUBLANG_NEUTRAL 0xe9864 232
RT_ICON LANG_NEUTRAL SUBLANG_ARABIC_OMAN 0x101e54 270376
RT_DIALOG LANG_NEUTRAL SUBLANG_NEUTRAL 0x143e7c 82
RT_STRING LANG_NEUTRAL SUBLANG_NEUTRAL 0x148430 724
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x148e98 11702
RT_GROUP_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x14bcc8 20
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_ARABIC_OMAN 0x14bcdc 90
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x14bd38 848

Meta infos 11

FileDescription: NLD Auto Updater
OriginalFilename:
LegalCopyright: nolimitdronez.com
Translation: 0x0409 0x04e4
InternalName:
Comments: Kepps NLD MOD Client up to date
LegalTrademarks: nolimitdronez.com
FileVersion: 1.0.0.0
ProductName: NLD Auto Updater
ProductVersion: 1.0.0.0
CompanyName: nolimitdronez.com

Anti debug functions 6

FindWindowA
GetLastError
GetWindowThreadProcessId
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
libssl32.dll
VERSION.dll
libeay32.dll
KERNEL32.dll
OLEAUT32.dll
wship6.dll
GDI32.dll
COMCTL32.dll
ADVAPI32.dll
IMM32.dll
PSAPI.DLL
UxTheme.dll
USER32.dll
WS2_32.dll
WININET.dll
Fwpuclnt.dll
MAPI32.dll
vcltest3.dll
MSWSOCK.DLL
ssleay32.dll

Strings analysis - Possible IPs found 2

127.0.0.1
0.0.0.1

Strings analysis - Possible URLs found 7

http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/sType/ResourceRef#
http://www.indyproject.org/
https://
http://ns.adobe.com/xap/1.0/mm/
http://www.w3.org/1999/02/22-rdf-syntax-ns#
http://

Import functions