LOADER.dll

First submission 2022-08-02 07:12:07

File details

File type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
File type: 63.5 KB (65024 bytes)
Compile time: 2022-06-27 14:28:55
MD5: 2f0b24e0a8943df9671cea03bac81f8a
SHA1: 54e9f933289b139903576833d6c46855ed7b2dd9
SHA256: c5682f04ceb5fdbc3aaeaa3723f240afcd17236922a5e18e35ce9303de2c529e
Import Hash : dae02f32a21e03ce65412f6e56942daa
Sections 4 .text .sdata .rsrc .reloc
Directories 3 import resource relocation
Virus Total: 8/69 VT report date: 2022-08-02 04:34:01

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://files.ddrive.online/LOADER.dll VirusTotal Report files.ddrive.online VirusTotal Report 2022-08-02 07:12:07

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x2000 0x94a4 38400 567a25adf17e3c5ae895628c7bc0b873c813f0b5 6640f65b5e1e72d2e7b399513f696f44
.sdata 0xc000 0x5c42 24064 2b15db8adaf327a31adf8be05804fb35202959f7 0add67e4ac25ef7c9ece08438dce976a
.rsrc 0x12000 0x28c 1024 f0d34d129eeb56b9c05929c4e7d6e46d4fd534f3 ea4cbb1b104f797eec93ebf342fc8cef
.reloc 0x14000 0xc 512 c5afbd7bed5a5eda916bcb30ac058d53782b5ce4 f5dc13d4e89006ed2a44ae53cacf6959

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x12058 564

Meta infos 8

FileDescription:
LegalCopyright:
Assembly Version: 0.0.0.0
Translation: 0x0000 0x04b0
InternalName: ETW.dll
FileVersion: 0.0.0.0
OriginalFilename: ETW.dll
ProductVersion: 0.0.0.0

Packers detected 4

Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET

Strings analysis - File found

Library
etw.dll
KERNEL32.dll
mscoree.dll

Strings analysis - Possible URLs found 1

file:///

Import functions

Name Latest seen MD5
RUNPPPPPPEEE.dll 2021-10-21 15:23:02 4da90bbc3a0e45a7b12820fa0f5355b1
VGO.html 2021-11-02 07:48:02 a19c4fe9057d41d1a0cf322c84c9a7a3
VIPETSDYSYUYSDYSSIUSUDYUSDUISD.dll 2021-11-04 07:43:04 ef5e76ca032df41e9cbbf58593d91563
SMartStorageManager.dll 2021-11-17 11:25:02 10a050066b27a568bfb873d49e6154f5
2.dll 2021-11-23 10:03:02 7b5b2def82bc071ec876445d3d15de29
Runpe.dll 2021-11-23 17:30:02 99559976d148c294704253cc9d165871
cxdcly.dll 2022-01-12 10:20:02 fc5a776d7eb0278ce932cd30a07a8b0c
bjseGNfyHAAmUFC.dll 2022-03-30 14:42:02 7e684ebc26247c03923aa42b57017648
BreadPlayer.Common.dll 2022-04-06 18:07:01 8f746fadc79dbaf16ec7cbc38fa18ea3
SharpZipLib.dll 2022-04-19 11:06:02 64e33250fae2ac70ff5fe09b3ae2d4bc
sadsa.dll 2022-05-11 10:30:02 97dabee425c12565cd44b86213052c7d
InternalAssemblyBuilder.dll 2022-07-14 02:27:01 511897b302fee44273087b46e17ffa12
DebuggerStepperBoundaryAttribute.dll 2022-07-16 12:51:02 2f21a4e144856309ce5db3bcc183cf9e
InternalAssemblyBuilder.dll 2022-07-21 14:21:02 d428cbadec93f2c750e263ffa30c8958
AwWZN.exe 2022-07-24 15:56:02 d4592f9602d6476f982a46a1f2dd9a6a