dllhost.exe
First submission 2024-09-30 12:07:03
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
Mime type: | application/x-dosexec |
File size: | 967.55 KB (990768 bytes) |
Compile time: | 2017-07-24 08:35:19 |
MD5: | 450228d72f9f726b645c55bbbc6db905 |
SHA1: | b26075c51a4681f2ff7407188f5e9480545a7aca |
SHA256: | 9124d7696d2b94e7959933c3f7a8f68e61a5ce29cd5934a4d0379c2193b126be |
Import Hash : | b34f154ec913d2d2c435cbd644e91687 |
Sections 5 | .text .rdata .data .ndata .rsrc |
Directories 3 | import resource security |
File features detected
Anti VM
XOR
OSINT Enrichments
Virus Total: | 16/77 VT report date: 2024-09-30 08:12:12 |
Malware Type 1 | trojan |
Threat Type 1 | tedy |
URLs, FQDN and IP indicators 1
PE Sections 1 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x626d | 25600 | dca5cbb0cc1595681bdd02f759c2717a25e2e71c | b2dd5d917f94d75528a11411abe5681c | |
.rdata | 0x8000 | 0x138e | 5120 | 613e9f1f18c58313b0e05bb3681015060648e0f2 | 2914bac53cd4485c9822093463e4eea6 | |
.data | 0xa000 | 0x20318 | 1536 | e0f49b481b8c596bd7c1903db7aa6cb58f7e9315 | c46c24ddc9bf88a6774bd207204164b9 | |
.ndata | 0x2b000 | 0x31000 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.rsrc | 0x5c000 | 0x6c2d0 | 443392 | 8965fb0869276077289784a35d220c020e3e7e5e | 4f3d39c7e86d8cf2186d2c5dc01043a3 |
PE Resources 5
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0xc78e0 | 296 | |
RT_DIALOG | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0xc7cf0 | 96 | |
RT_GROUP_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0xc7d50 | 202 | |
RT_VERSION | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0xc7e20 | 364 | |
RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0xc7f90 | 830 |
Meta infos 3
InternalName: | atloidoaxoid.exe |
Translation: | 0x0409 0x04e4 |
Comments: | National Fuel Gas Company |
Anti debug functions 2
FindWindowExW |
GetLastError |
File signature
MD5 | SHA1 | Block size | Virtual Address |
---|---|---|---|
6b9c8dfff9433b4503953f8f8a0db82b | 2577addaf85fef8994af94e0b3a94cf360fc294c | 2456 | 988312 |
Strings analysis - File found
Library |
%s%s.dll |
ADVAPI32.dll |
SHELL32.dll |
COMCTL32.dll |
USER32.dll |
GDI32.dll |
ole32.dll |
KERNEL32.dll |
Strings analysis - Possible URLs found 1
http://nsis.sf.net/NSIS_Error |
Import functions
Name | Latest seen | MD5 |
---|---|---|
vbc.exe | 2022-09-02 08:02:02 | 619477a50eb1e8fedf93c113944763d0 |
cyyyzx.exe | 2022-12-18 07:06:02 | ffa7d9fdf7e81851ea4f2bcb490eb18a |
Damned-Setup.exe | 2023-04-16 12:19:10 | f5913abf02f4ed5946813fa3a43ebd67 |
delta-1683891759612-873837843.exe | 2023-05-12 15:37:32 | 26b177dd363e28b6ddb2d71a251e2030 |
delta-1683879590321-388561736.exe | 2023-05-12 22:37:31 | f55742b3d3713138dc24bb27a21b33dc |
delta-1683842322418-807128412.exe | 2023-05-12 22:52:32 | 63a15f2d142db04a5dba8bd39cc0db79 |
delta-1683843393380-489237934.exe | 2023-05-12 22:53:32 | 62df374103c96fd851bd2e62c056dc2f |
HBZ.exe | 2023-06-15 06:59:01 | cc0a1c96c14263e48f82965ff47e0521 |
LUK.exe | 2023-06-15 07:41:02 | 8f488bf3643183b3e0eddfb0ee888083 |
EYG.exe | 2023-06-19 15:43:02 | 3d4b36f562038a18fc835188470973c7 |
updater.exe?ex=665dec8e&is=665c9b0e&hm=e91c7c32352f1ef8db9da88575df7aa54cf0242635e24e888ef0761661d06029& | 2024-06-03 08:46:06 | dc1985ae4045df7f305918407c5efd08 |
Snake_IT_Project.exe?ex=66683fa0&is=6666ee20&hm=2cbb91973564d24c1f031ff6fbbd40303b1e76689fa19b4ed1af4f19f3fa4b45& | 2024-06-11 08:29:07 | 252e02142cb04a8f1ed6ff81af37b863 |
node.js.exe | 2024-07-07 18:48:21 | e4c1f362fc21b6536cd3948f43a765fe |
node.js.exe | 2024-07-11 11:35:14 | 9e6ba754b50c865d54a69075a65620ae |
audiodg.exe | 2024-09-25 09:23:04 | c5aceb5a91bf991604daec67bde90bc7 |