DigitalSide Threat Intel

g1LZT0BP8O.dll

First submission 2024-10-15 07:38:02

File details

File type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 448.0 KB (458752 bytes)
Compile time: 2017-11-21 16:46:29
MD5: 28c326b1a2950c4460fc88d3918190f1
SHA1: 85920286d4d8d618a9d875cc8f0c7f42a701338d
SHA256: 95bb514e3f5a84e2b064c0be7b2aa38a341548c0df2f223f0493b495ca83caf6
Import Hash : 3f8e7894c1e36fde5478398411ab694e
Sections 5 .text .rdata .data .rsrc .reloc
Directories 6 import export resource debug tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 31/78 VT report date: 2024-09-16 07:55:49
Malware Type 2 trojan pua
Threat Type 1 gamehack

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://cldup.com/g1LZT0BP8O.dll VirusTotal Report cldup.com VirusTotal Report 2024-10-15 07:38:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x49da9 302592 4019a98525fdb9ab962c6113e6d2545808683fde 99a06548e66749fc7b9e14e2fbff57cf
.rdata 0x4b000 0x2011a 131584 63a6fa7c242813f868a2e8fe74da6bcb78b119b0 63f4fa355c4fc242d411e904cfce536c
.data 0x6c000 0x82fc 6144 92747bab5f28f8c23bcea38de3d1b8a21951863e f40745a02cf92101ab8757bc6d70ab9c
.rsrc 0x75000 0x1e0 512 b87d071e1f70845ac92efb9de7ba1c7d5912140e 55e3b0561127101bdf19a504e55a40ca
.reloc 0x76000 0x4150 16896 be1fd0ac57c1f2757b38d09a968a3ace9d48c1f1 edf19bee888ec89f8d350fb4463e7e3e

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x75060 381

Packers detected 1

Borland Delphi 3.0 (???)

Anti debug functions 4

IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Text
ClassID.txt
Library
api-ms-win-core-synch-l1-2-0.dll
KERNEL32.dll
api-ms-win-crt-utility-l1-1-0.dll
vphysics.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
USER32.dll
vguimatsurface.dll
vstdlib.dll
api-ms-win-crt-runtime-l1-1-0.dll
Client.dll
vcruntime140.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-time-l1-1-0.dll
materialsystem.dll
api-ms-win-crt-convert-l1-1-0.dll
vgui2.dll
api-ms-win-crt-math-l1-1-0.dll
WINMM.dll
dragon.dll
Engine.dll
msvcp140.dll

Import functions

Function Address Souspicious Anti Debug
_unlock_file 0x1004b1d0
_lock_file 0x1004b1d4
Function Address Souspicious Anti Debug
strftime 0x1004b2c8
clock 0x1004b2cc
_time64 0x1004b2d0
_localtime64 0x1004b2d4
Function Address Souspicious Anti Debug
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z 0x1004b088
?good@ios_base@std@@QBE_NXZ 0x1004b08c
?flags@ios_base@std@@QBEHXZ 0x1004b090
?width@ios_base@std@@QBE_JXZ 0x1004b094
?width@ios_base@std@@QAE_J_J@Z 0x1004b098
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ 0x1004b09c
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ 0x1004b0a0
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z 0x1004b0a4
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z 0x1004b0a8
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ 0x1004b0ac
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ 0x1004b0b0
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ 0x1004b0b4
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ 0x1004b0b8
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z 0x1004b0bc
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ 0x1004b0c0
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ 0x1004b0c4
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ 0x1004b0c8
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ 0x1004b0cc
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ 0x1004b0d0
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z 0x1004b0d4
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ 0x1004b0d8
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z 0x1004b0dc
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ 0x1004b0e0
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ 0x1004b0e4
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ 0x1004b0e8
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z 0x1004b0ec
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ 0x1004b0f0
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z 0x1004b0f4
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ 0x1004b0f8
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ 0x1004b0fc
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z 0x1004b100
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z 0x1004b104
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ 0x1004b108
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ 0x1004b10c
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z 0x1004b110
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z 0x1004b114
?_BADOFF@std@@3_JB 0x1004b118
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A 0x1004b11c
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z 0x1004b120
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A 0x1004b124
?always_noconv@codecvt_base@std@@QBE_NXZ 0x1004b128
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z 0x1004b12c
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ 0x1004b130
??Bid@locale@std@@QAEIXZ 0x1004b134
?uncaught_exception@std@@YA_NXZ 0x1004b138
??1_Lockit@std@@QAE@XZ 0x1004b13c
??0_Lockit@std@@QAE@H@Z 0x1004b140
?_Xout_of_range@std@@YAXPBD@Z 0x1004b144
?_Xlength_error@std@@YAXPBD@Z 0x1004b148
?_Xbad_alloc@std@@YAXXZ 0x1004b14c
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z 0x1004b150
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z 0x1004b154
Function Address Souspicious Anti Debug
PlaySoundA 0x1004b1b8
Function Address Souspicious Anti Debug
malloc 0x1004b1dc
_callnewh 0x1004b1e0
free 0x1004b1e4
Function Address Souspicious Anti Debug
mbstowcs_s 0x1004b1c0
atof 0x1004b1c4
atoi 0x1004b1c8
Function Address Souspicious Anti Debug
strncmp 0x1004b2b0
isspace 0x1004b2b4
strcpy_s 0x1004b2b8
isdigit 0x1004b2bc
isalpha 0x1004b2c0
Function Address Souspicious Anti Debug
_invalid_parameter_noinfo 0x1004b21c
_configure_narrow_argv 0x1004b220
_initterm_e 0x1004b224
_initterm 0x1004b228
terminate 0x1004b22c
_cexit 0x1004b230
_crt_atexit 0x1004b234
_invalid_parameter_noinfo_noreturn 0x1004b238
_execute_onexit_table 0x1004b23c
_register_onexit_function 0x1004b240
_initialize_onexit_table 0x1004b244
_seh_filter_dll 0x1004b248
_initialize_narrow_environment 0x1004b24c
_errno 0x1004b250
Function Address Souspicious Anti Debug
Sleep 0x1004b000
CreateThread 0x1004b004
FreeLibraryAndExitThread 0x1004b008
GetTickCount64 0x1004b00c
Beep 0x1004b010
GetTickCount 0x1004b014
GetProcAddress 0x1004b018
VirtualProtect 0x1004b01c
GetCurrentProcess 0x1004b020
GetModuleHandleA 0x1004b024
K32GetModuleInformation 0x1004b028
GetStdHandle 0x1004b02c
IsBadCodePtr 0x1004b030
SetConsoleTextAttribute 0x1004b034
GetSystemTimeAsFileTime 0x1004b038
GetCurrentThreadId 0x1004b03c
GetCurrentProcessId 0x1004b040
QueryPerformanceCounter 0x1004b044
IsDebuggerPresent 0x1004b048
GetModuleHandleW 0x1004b04c
CreateEventW 0x1004b050
WaitForSingleObjectEx 0x1004b054
ResetEvent 0x1004b058
SetEvent 0x1004b05c
DeleteCriticalSection 0x1004b060
LeaveCriticalSection 0x1004b064
EnterCriticalSection 0x1004b068
CloseHandle 0x1004b06c
IsProcessorFeaturePresent 0x1004b070
TerminateProcess 0x1004b074
SetUnhandledExceptionFilter 0x1004b078
UnhandledExceptionFilter 0x1004b07c
InitializeSListHead 0x1004b080
Function Address Souspicious Anti Debug
rand 0x1004b2dc
Function Address Souspicious Anti Debug
_except_handler4_common 0x1004b178
__vcrt_InitializeCriticalSectionEx 0x1004b17c
strchr 0x1004b180
__std_type_info_destroy_list 0x1004b184
__std_exception_destroy 0x1004b188
__std_exception_copy 0x1004b18c
_CxxThrowException 0x1004b190
_purecall 0x1004b194
memcpy 0x1004b198
memcmp 0x1004b19c
__CxxFrameHandler3 0x1004b1a0
memmove 0x1004b1a4
memset 0x1004b1a8
strstr 0x1004b1ac
memchr 0x1004b1b0
Function Address Souspicious Anti Debug
ungetc 0x1004b258
setvbuf 0x1004b25c
fseek 0x1004b260
fread 0x1004b264
ferror 0x1004b268
fopen_s 0x1004b26c
ftell 0x1004b270
__stdio_common_vfprintf 0x1004b274
_fseeki64 0x1004b278
__acrt_iob_func 0x1004b27c
fwrite 0x1004b280
fsetpos 0x1004b284
__stdio_common_vsprintf_s 0x1004b288
_get_stream_buffer_pointers 0x1004b28c
fputc 0x1004b290
fgetpos 0x1004b294
fgetc 0x1004b298
fclose 0x1004b29c
fflush 0x1004b2a0
__stdio_common_vsprintf 0x1004b2a4
__stdio_common_vsnprintf_s 0x1004b2a8
Function Address Souspicious Anti Debug
_libm_sse2_atan_precise 0x1004b1ec
_except1 0x1004b1f0
_libm_sse2_sin_precise 0x1004b1f4
_libm_sse2_sqrt_precise 0x1004b1f8
_libm_sse2_pow_precise 0x1004b1fc
_CIfmod 0x1004b200
_libm_sse2_acos_precise 0x1004b204
floor 0x1004b208
fmaxf 0x1004b20c
_libm_sse2_cos_precise 0x1004b210
copysignf 0x1004b214
Function Address Souspicious Anti Debug
GetAsyncKeyState 0x1004b15c
ScreenToClient 0x1004b160
GetCursorPos 0x1004b164
MessageBoxA 0x1004b168
GetForegroundWindow 0x1004b16c
GetKeyNameTextA 0x1004b170

PE Exports 1 suspicious

Function Address
?ReflectiveLoader@@YGKXZ 0x1001ba50