DigitalSide Threat Intel

nuSjygs.pack

First submission 2024-10-15 10:21:02

File details

File type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 245.5 KB (251392 bytes)
Compile time: 2024-09-13 03:42:56
MD5: 456c9a2f8300d5d3eae53785fb6e4985
SHA1: e65dccfbfc53fa29c7ca13bc7928e5579c6c4f4a
SHA256: e4fcea0890e2eef807aa90af73772e3f89cdb0864b81efed37f626da70506fda
Import Hash : 54b907ef88e1152a442e4781bba49bdc
Sections 5 .text .rdata .data .pdata .reloc
Directories 3 import export relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 47/77 VT report date: 2024-10-15 03:58:22
Malware Type 1 trojan

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://176.111.174.140/api/nuSjygs.pack VirusTotal Report 176.111.174.140 VirusTotal Report 2024-10-15 10:21:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xe207 58368 f902376ead74abf9abb9d64c984c9800118085d2 a803f59f55163a1ece46e8673fcc7b51
.rdata 0x10000 0x68b5 27136 dcada0edeebca48e0ec1b7c5bb28fedd69908187 481c085f186ad3ca953c44b47ea9e3d7
.data 0x17000 0x28f50 157696 9ffae41ff3f0c47443d18f11f5abee8d13668c44 33da6ec8e5107d28e54025492462ca6c
.pdata 0x40000 0xdb0 3584 e53a5118d6ee63017865b531a1b5843303ab1ae3 ed5a0c08afbdb69125f94ab3eba44708
.reloc 0x41000 0xda0 3584 5d358a5206ecca22e34edb2d68e12e104c583ece c6138d67bccc8177eb4876a79360ca46

Anti debug functions 11

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
Process32First
Process32FirstW
Process32Next
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
Amscoree.dll
KernelBase.dll
USER32.dll
dKERNEL32.dll
mscoree.dll
WININET.dll
ADVAPI32.dll
SHELL32.dll
Core.dll
SHLWAPI.dll
ntdll.dll

Strings analysis - Possible IPs found 1

176.111.174.140

Strings analysis - Possible URLs found 3

http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://176.111.174.140/api/diamotrix.pack
http://176.111.174.140/api/diamotrix32.pack

Import functions

Function Address Souspicious Anti Debug
InternetOpenW 0x1800103f0
HttpQueryInfoA 0x1800103f8
InternetCloseHandle 0x180010400
InternetReadFile 0x180010408
InternetOpenUrlW 0x180010410
Function Address Souspicious Anti Debug
LookupPrivilegeValueA 0x180010000
OpenProcessToken 0x180010008
AdjustTokenPrivileges 0x180010010
Function Address Souspicious Anti Debug
GetConsoleMode 0x180010020
GetConsoleCP 0x180010028
FlushFileBuffers 0x180010030
GetStringTypeW 0x180010038
LCMapStringEx 0x180010040
SetStdHandle 0x180010048
LoadLibraryW 0x180010050
OutputDebugStringW 0x180010058
LoadLibraryExW 0x180010060
SetFilePointerEx 0x180010068
WriteConsoleW 0x180010070
Thread32First 0x180010078
GetCurrentProcess 0x180010080
Process32First 0x180010088
WaitForSingleObject 0x180010090
CreateRemoteThread 0x180010098
OpenProcess 0x1800100a0
VirtualFreeEx 0x1800100a8
GetProcAddress 0x1800100b0
VirtualAllocEx 0x1800100b8
Process32Next 0x1800100c0
GetModuleHandleA 0x1800100c8
CreateToolhelp32Snapshot 0x1800100d0
CloseHandle 0x1800100d8
WriteProcessMemory 0x1800100e0
VirtualProtectEx 0x1800100e8
VirtualProtect 0x1800100f0
GetTempFileNameW 0x1800100f8
CreateFileA 0x180010100
lstrlenA 0x180010108
CreateProcessW 0x180010110
HeapAlloc 0x180010118
CompareFileTime 0x180010120
GetProcessHeap 0x180010128
WriteFile 0x180010130
GetProcessTimes 0x180010138
WideCharToMultiByte 0x180010140
Sleep 0x180010148
TerminateProcess 0x180010150
CreateFileW 0x180010158
lstrcatA 0x180010160
GetTempPathW 0x180010168
GetLastError 0x180010170
lstrcmpiA 0x180010178
Process32FirstW 0x180010180
IsWow64Process 0x180010188
Process32NextW 0x180010190
CreateMutexA 0x180010198
DeleteFileW 0x1800101a0
CreateThread 0x1800101a8
lstrcpyA 0x1800101b0
GetThreadContext 0x1800101b8
GetFileSize 0x1800101c0
SetThreadContext 0x1800101c8
GetNativeSystemInfo 0x1800101d0
CreateProcessA 0x1800101d8
ReadFile 0x1800101e0
MultiByteToWideChar 0x1800101e8
ResumeThread 0x1800101f0
HeapReAlloc 0x1800101f8
HeapFree 0x180010200
GetModuleHandleW 0x180010208
HeapCreate 0x180010210
Thread32Next 0x180010218
FlushInstructionCache 0x180010220
OpenThread 0x180010228
GetCurrentThreadId 0x180010230
GetCurrentProcessId 0x180010238
SuspendThread 0x180010240
VirtualQuery 0x180010248
VirtualFree 0x180010250
VirtualAlloc 0x180010258
GetSystemInfo 0x180010260
EncodePointer 0x180010268
DecodePointer 0x180010270
GetCommandLineA 0x180010278
RtlPcToFileHeader 0x180010280
RaiseException 0x180010288
RtlLookupFunctionEntry 0x180010290
RtlUnwindEx 0x180010298
ExitProcess 0x1800102a0
GetModuleHandleExW 0x1800102a8
HeapSize 0x1800102b0
GetStdHandle 0x1800102b8
GetModuleFileNameW 0x1800102c0
IsProcessorFeaturePresent 0x1800102c8
IsDebuggerPresent 0x1800102d0
IsValidCodePage 0x1800102d8
GetACP 0x1800102e0
GetOEMCP 0x1800102e8
GetCPInfo 0x1800102f0
SetLastError 0x1800102f8
GetFileType 0x180010300
InitializeCriticalSectionAndSpinCount 0x180010308
DeleteCriticalSection 0x180010310
InitOnceExecuteOnce 0x180010318
GetStartupInfoW 0x180010320
GetModuleFileNameA 0x180010328
QueryPerformanceCounter 0x180010330
GetSystemTimeAsFileTime 0x180010338
GetTickCount64 0x180010340
GetEnvironmentStringsW 0x180010348
FreeEnvironmentStringsW 0x180010350
RtlCaptureContext 0x180010358
RtlVirtualUnwind 0x180010360
UnhandledExceptionFilter 0x180010368
SetUnhandledExceptionFilter 0x180010370
FlsAlloc 0x180010378
FlsGetValue 0x180010380
FlsSetValue 0x180010388
FlsFree 0x180010390
EnterCriticalSection 0x180010398
LeaveCriticalSection 0x1800103a0
Function Address Souspicious Anti Debug
SHGetFolderPathA 0x1800103b0
Function Address Souspicious Anti Debug
NtQueryInformationProcess 0x180010420
Function Address Souspicious Anti Debug
PathFindFileNameW 0x1800103c0
PathFileExistsA 0x1800103c8
PathFindFileNameA 0x1800103d0
Function Address Souspicious Anti Debug
wsprintfA 0x1800103e0

PE Exports 1 suspicious

Function Address
?ReflectiveLoader@@YA_KXZ 0x18000d298

Related files by ImpHash 1 54b907ef88e1152a442e4781bba49bdc

Name Latest seen MD5
loader.bin 2024-10-15 22:04:03 079caee72a8dac67029b96992050be5b