update2.pack

First submission 2024-10-14 23:01:02

File details

File type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 86.5 KB (88576 bytes)
Compile time: 2024-06-06 19:04:07
MD5: 44bbccd626da8b8cb487e360334e1d07
SHA1: 1ee19b38c0da64b550bd6e4d79b3753db89025c9
SHA256: 2f9b60e849eaa271ee6ab551bea892ae06f4d7d7157aa9343700e14a1e897822
Import Hash : 871086c9e3b96236ff9b47703345d31e
Sections 5 .text .rdata .data .pdata .reloc
Directories 3 import export relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 41/76 VT report date: 2024-09-20 12:28:46
Malware Type 2 trojan pua
Threat Type 1 lazy

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://176.111.174.140/api/update2.pack VirusTotal Report 176.111.174.140 VirusTotal Report 2024-10-14 23:01:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xbd6f 48640 8d2aafb0f8ce1dcda06875795d7d0c085bf212d7 e0fdc4ebabab21d82cea169aefa9cb25
.rdata 0xd000 0x6277 25600 6d9cef5e88d2d25b11be90702f09ed5fb931ebfe eeb809400324da49d7b67ae662e9672c
.data 0x14000 0x3c70 6656 19e32fa4eeae6e5bbd44a8c477c577348da8150e e7e884151ff92c8ba7c403ee9104ed2c
.pdata 0x18000 0xbf4 3072 480880d6fa16543d2b5444288f6bb53a2f7f37a4 418cb7e1755c58dcd8dd7412bb849787
.reloc 0x19000 0xc9e 3584 d668488aa45692736c8befe91e4aacc12d0e4ab4 519e07d7767245d021977b034cc9fbcc

Anti debug functions 7

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
KernelBase.dll
USER32.dll
mscoree.dll
SHELL32.dll
SHLWAPI.dll
ntdll.dll
Web Page
/pols/gate.php
/pols/screen.php
order.php
/login.php

Import functions

PE Exports 1 suspicious

Function Address
?ReflectiveLoader@@YA_KXZ 0x18000b908