update2.pack
First submission 2024-10-14 23:01:02
File type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
Mime type: |
application/x-dosexec |
File size: |
86.5 KB (88576 bytes) |
Compile time: |
2024-06-06 19:04:07 |
MD5: |
44bbccd626da8b8cb487e360334e1d07 |
SHA1: |
1ee19b38c0da64b550bd6e4d79b3753db89025c9 |
SHA256: |
2f9b60e849eaa271ee6ab551bea892ae06f4d7d7157aa9343700e14a1e897822 |
Import Hash : |
871086c9e3b96236ff9b47703345d31e |
Sections 5 |
.text
.rdata
.data
.pdata
.reloc
|
Directories 3 |
import
export
relocation
|
URLs, FQDN and IP indicators 1
URL |
Host (FQDN/IP) |
Date Added |
hXXp://176.111.174.140/api/update2.pack |
176.111.174.140 |
2024-10-14 23:01:02 |
Name |
VAddress |
VSize |
Size |
SHA1 |
MD5 |
Suspicious |
.text |
0x1000 |
0xbd6f |
48640 |
8d2aafb0f8ce1dcda06875795d7d0c085bf212d7 |
e0fdc4ebabab21d82cea169aefa9cb25 |
|
.rdata |
0xd000 |
0x6277 |
25600 |
6d9cef5e88d2d25b11be90702f09ed5fb931ebfe |
eeb809400324da49d7b67ae662e9672c |
|
.data |
0x14000 |
0x3c70 |
6656 |
19e32fa4eeae6e5bbd44a8c477c577348da8150e |
e7e884151ff92c8ba7c403ee9104ed2c |
|
.pdata |
0x18000 |
0xbf4 |
3072 |
480880d6fa16543d2b5444288f6bb53a2f7f37a4 |
418cb7e1755c58dcd8dd7412bb849787 |
|
.reloc |
0x19000 |
0xc9e |
3584 |
d668488aa45692736c8befe91e4aacc12d0e4ab4 |
519e07d7767245d021977b034cc9fbcc |
|
GetLastError |
IsDebuggerPresent |
IsProcessorFeaturePresent |
OutputDebugStringW |
RaiseException |
TerminateProcess |
UnhandledExceptionFilter |
Strings analysis - File found
Library |
KERNEL32.dll |
KernelBase.dll |
USER32.dll |
mscoree.dll |
SHELL32.dll |
SHLWAPI.dll |
ntdll.dll |
Web Page |
/pols/gate.php |
/pols/screen.php |
order.php |
/login.php |
Function |
Address |
Souspicious |
Anti Debug |
wsprintfA |
0x18000d300 |
|
|
Function |
Address |
?ReflectiveLoader@@YA_KXZ |
0x18000b908 |