ModSkin_Eng.exe

First submission 2024-09-02 19:36:02 Last sumbission 2024-09-03 03:21:02

File details

File type: PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Mime type: application/x-dosexec
File size: 894.0 KB (915456 bytes)
Compile time: 2024-04-17 00:33:50
MD5: 251506af767bc121f5e65970488030c1
SHA1: 14d507780c9750b22006bc27f3968b48d324ad56
SHA256: 24f9581c4c049a77f803fd49bd07186960d913063bd24f735d6a8c8aefd3b037
Import Hash : 3170940b28704bc5d652dfd321762d42
Sections 10 yJq1' .text .rsrc
Directories 3 import resource relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 53/78 VT report date: 2024-09-02 19:09:28
Malware Type 2 trojan miner
Threat Type 3 jalapeno msil dllinject

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://downloadsparrow.com/cl/ModSkin_Eng.exe VirusTotal Report downloadsparrow.com VirusTotal Report 2024-09-03 03:21:04
hXXps://downloadsparrow.com/cl/ModSkin_Eng.exe VirusTotal Report downloadsparrow.com VirusTotal Report 2024-09-02 19:36:02

PE Sections 4 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
0x1000 0x878f 34816 17edc450a17d2d1ee938af0ef83492ab6473061b b2b603ef4aaecf84010a92ce27caf6c4
0xa000 0x190 512 085c18100f154e0981ac9700e32c29a9c4f21569 482a3eb5a4c71494911e70ca5820f877
0xb000 0x3837e 230400 4a49cc14ece8a806cbf58261c9036eed9ce0d011 c0dcd1467eb1887cb863a28e41af9222
0x44000 0x1270 1536 f4c20834e4a720809f5117078a65c72af2b56043 a7b8d1713a4da383663149a0860f309f
0x46000 0x78 512 8ca5d8489b4fde07a1c60ce250f8306d8ad67291 9368c02453d7988d949e01379ef598ca
0x47000 0x26900 158208 f5cdcc9aacaa953318d7974027d5baff801123ef 0580c61b8e5c4130110dcd579e138486
0x6e000 0x90 512 4259624430103cd3b43ad55875c932b21d93fb81 d0d56df6054bb41e381aa9fe546fc904
yJq1' 0x6f000 0x3cfe4 249856 e11ea5975a59ebbf0070b1835207e4025ccde062 e4211ac9a37b0d19de54defea0223b97
.text 0xac000 0x1365c 79872 007bb220bc436ce751de1bd5adfce7bab9a1f463 efc63c779bab47651859f67b5d35da31
.rsrc 0xc0000 0x268f4 158208 b5a79f2b68f29e82e15ec22331bf07d5d16df861 8230cfd3534c29d58cdf95ed5560ac01

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_TURKISH SUBLANG_DEFAULT 0xc4630 138698
RT_GROUP_ICON LANG_TURKISH SUBLANG_DEFAULT 0xe63fc 76
RT_VERSION LANG_TURKISH SUBLANG_DEFAULT 0xe6448 804
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0xe676c 392

Meta infos 9

LegalCopyright: Copyright (c) 2021-2023 Erdem Y\x131lmaz
InternalName: TOOLGAMEPC.exe
FileVersion: 1.0.0.0
CompanyName: R3nzSoftware Inc.
ProductVersion: 1.0.0.0
FileDescription: TOOLGAMEPC DLL Injector
Translation: 0x041f 0x04b0
OriginalFilename: TOOLGAMEPC.exe
ProductName: TOOLGAMEPC DLL Injector

Strings analysis - File found

XML
System.Xml
Library
gToolGamePC-LOL.dll
KERNEL32.dll
\ToolGamePC-LOL.dll
api-ms-win-crt-utility-l1-1-0.dll
ADVAPI32.dll
api-ms-win-crt-time-l1-1-0.dll
mscoree.dll
api-ms-win-crt-runtime-l1-1-0.dll
msvcp140.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
vcruntime140.dll
api-ms-win-crt-filesystem-l1-1-0.dll

Strings analysis - Possible URLs found 3

https://toolgamepc.com
https://toolgamepc.blogspot.com/p/tgp.html
https://toolgamepc.com/

Import functions