dllhost.exe

First submission 2024-09-30 12:07:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Mime type: application/x-dosexec
File size: 967.55 KB (990768 bytes)
Compile time: 2017-07-24 08:35:19
MD5: 450228d72f9f726b645c55bbbc6db905
SHA1: b26075c51a4681f2ff7407188f5e9480545a7aca
SHA256: 9124d7696d2b94e7959933c3f7a8f68e61a5ce29cd5934a4d0379c2193b126be
Import Hash : b34f154ec913d2d2c435cbd644e91687
Sections 5 .text .rdata .data .ndata .rsrc
Directories 3 import resource security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 16/77 VT report date: 2024-09-30 08:12:12
Malware Type 1 trojan
Threat Type 1 tedy

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://192.3.220.22/430/dllhost.exe VirusTotal Report 192.3.220.22 VirusTotal Report 2024-09-30 12:07:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x626d 25600 dca5cbb0cc1595681bdd02f759c2717a25e2e71c b2dd5d917f94d75528a11411abe5681c
.rdata 0x8000 0x138e 5120 613e9f1f18c58313b0e05bb3681015060648e0f2 2914bac53cd4485c9822093463e4eea6
.data 0xa000 0x20318 1536 e0f49b481b8c596bd7c1903db7aa6cb58f7e9315 c46c24ddc9bf88a6774bd207204164b9
.ndata 0x2b000 0x31000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x5c000 0x6c2d0 443392 8965fb0869276077289784a35d220c020e3e7e5e 4f3d39c7e86d8cf2186d2c5dc01043a3

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0xc78e0 296
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0xc7cf0 96
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0xc7d50 202
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0xc7e20 364
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0xc7f90 830

Meta infos 3

InternalName: atloidoaxoid.exe
Translation: 0x0409 0x04e4
Comments: National Fuel Gas Company

Anti debug functions 2

FindWindowExW
GetLastError

File signature

MD5 SHA1 Block size Virtual Address
6b9c8dfff9433b4503953f8f8a0db82b 2577addaf85fef8994af94e0b3a94cf360fc294c 2456 988312

Strings analysis - File found

Library
%s%s.dll
ADVAPI32.dll
SHELL32.dll
COMCTL32.dll
USER32.dll
GDI32.dll
ole32.dll
KERNEL32.dll

Strings analysis - Possible URLs found 1

http://nsis.sf.net/NSIS_Error

Import functions

Name Latest seen MD5
vbc.exe 2022-09-02 08:02:02 619477a50eb1e8fedf93c113944763d0
cyyyzx.exe 2022-12-18 07:06:02 ffa7d9fdf7e81851ea4f2bcb490eb18a
Damned-Setup.exe 2023-04-16 12:19:10 f5913abf02f4ed5946813fa3a43ebd67
delta-1683891759612-873837843.exe 2023-05-12 15:37:32 26b177dd363e28b6ddb2d71a251e2030
delta-1683879590321-388561736.exe 2023-05-12 22:37:31 f55742b3d3713138dc24bb27a21b33dc
delta-1683842322418-807128412.exe 2023-05-12 22:52:32 63a15f2d142db04a5dba8bd39cc0db79
delta-1683843393380-489237934.exe 2023-05-12 22:53:32 62df374103c96fd851bd2e62c056dc2f
HBZ.exe 2023-06-15 06:59:01 cc0a1c96c14263e48f82965ff47e0521
LUK.exe 2023-06-15 07:41:02 8f488bf3643183b3e0eddfb0ee888083
EYG.exe 2023-06-19 15:43:02 3d4b36f562038a18fc835188470973c7
updater.exe?ex=665dec8e&is=665c9b0e&hm=e91c7c32352f1ef8db9da88575df7aa54cf0242635e24e888ef0761661d06029& 2024-06-03 08:46:06 dc1985ae4045df7f305918407c5efd08
Snake_IT_Project.exe?ex=66683fa0&is=6666ee20&hm=2cbb91973564d24c1f031ff6fbbd40303b1e76689fa19b4ed1af4f19f3fa4b45& 2024-06-11 08:29:07 252e02142cb04a8f1ed6ff81af37b863
node.js.exe 2024-07-07 18:48:21 e4c1f362fc21b6536cd3948f43a765fe
node.js.exe 2024-07-11 11:35:14 9e6ba754b50c865d54a69075a65620ae
audiodg.exe 2024-09-25 09:23:04 c5aceb5a91bf991604daec67bde90bc7