oyylqpp3ia.dll

First submission 2023-09-14 10:52:03

File details

File type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Mime type:	application/x-dosexec
File size:	1093.5 KB (1119744 bytes)
Compile time:	2023-09-11 18:15:16
MD5:	45f4c6ea59bc7a8c2d20098698104940
SHA1:	08b4a0c8d7824a0dbd89680a70f3029355cfafea
SHA256:	2aae03be2893a2d742528bbd737b4195d84f6d3663e9eeff8c646c53675d7838
Import Hash :	660e4ba65070c42e55f04efddf5f7d78
Sections 7	.text .rdata .data .pdata .gfids .rsrc .reloc
Directories 4	import export resource relocation
Virus Total:	16/67 VT report date: 2023-09-14 08:39:57

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://116.203.112.62/oyylqpp3ia.dll	116.203.112.62	2023-09-14 10:52:03

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0xe80b	59904	3d8e61774c945a7111e7a882111428333ebf44fb	35624140f9f86e6e45576d7a803900dd
.rdata	0x10000	0x419b6	268800	0449bbe1d77e2148071b8ab122f7e98a2d886517	8dd1f6587a684641dfe0d3076c96ee3d
.data	0x52000	0xbfc88	781312	ae258df4865f2e3abf4f7e99260556471bcb7d49	a96ee2ea79638a1e37557e2042013166
.pdata	0x112000	0xe4c	4096	a1dbcfafd8f9621dd85fa703361e7a420ef196c6	253cd349c6e587a7e07354aee8edb0bf
.gfids	0x113000	0x94	512	b8db57937efb465ad950b3b78b8d34c1f47b6d1f	9598f4c961d5e93e2c06fe3b3cb0e8e9
.rsrc	0x114000	0x728	2048	0c55dd4c0998fed3b6019e177e9106fb279b7af0	cbc8a329d23b29cf1007bd2a03f54f84
.reloc	0x115000	0x61c	2048	a5275ad46cbaa99b9c42a3add3e1c0bc978cac5c	331f8941a7b3234693ac92e5c855b334

PE Resources 3

Name	Language	Sublanguage	Offset	Size	Data
RT_STRING	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x114320	646	PE Resource: RT_STRING - Data %d 641! Moscow Detached.Harderflint Popular Listened? mental CompelledAlec compare Echo+ dip- %d Tales) Proceedingsickly_arrested_ Beehive burn Fuel9%d identical_ Cost? Puddle Despair Servant@ %d$ machineryknocked 439, Careers 599. Madame 419 492 515@213, Newspapers climate@ Spur%d %s\ 207$ 871( blond acorn
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x1145a8	381	PE Resource: RT_MANIFEST - Data <?xml version='1.0' encoding='UTF-8' standalone='yes'?> <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level='asInvoker' uiAccess='false' /> </requestedPrivileges> </security> </trustInfo> </assembly>
None	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x114120	196

Name

Language

Sublanguage

Offset

Size

Data

RT_STRING

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x114320

646

RT_MANIFEST

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x1145a8

381

None

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x114120

196

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

Bochs & QEmu CPUID Trick

Strings analysis - File found

Library
mscoree.dll
utpcxre663tc32.dll
KERNEL32.dll

Import functions

KERNEL32.dll 79

Function	Address	Souspicious	Anti Debug
EnterCriticalSection	0x180010000
LeaveCriticalSection	0x180010008
InitializeCriticalSection	0x180010010
CloseHandle	0x180010018
GetLastError	0x180010020
GetCurrentActCtx	0x180010028
HeapCreate	0x180010030
TryEnterCriticalSection	0x180010038
CreateThread	0x180010040
OpenThread	0x180010048
FindFirstFileA	0x180010050
FindNextFileA	0x180010058
FindClose	0x180010060
WaitForSingleObject	0x180010068
GetStdHandle	0x180010070
WaitForMultipleObjects	0x180010078
GetCurrentThread	0x180010080
CreateFileMappingA	0x180010088
VirtualAlloc	0x180010090
DuplicateHandle	0x180010098
QueryPerformanceCounter	0x1800100a0
GetCurrentProcessId	0x1800100a8
GetCurrentThreadId	0x1800100b0
GetSystemTimeAsFileTime	0x1800100b8
InitializeSListHead	0x1800100c0
RtlCaptureContext	0x1800100c8
RtlLookupFunctionEntry	0x1800100d0
RtlVirtualUnwind	0x1800100d8
IsDebuggerPresent	0x1800100e0
UnhandledExceptionFilter	0x1800100e8
SetUnhandledExceptionFilter	0x1800100f0
GetStartupInfoW	0x1800100f8
IsProcessorFeaturePresent	0x180010100
GetModuleHandleW	0x180010108
RtlUnwindEx	0x180010110
InterlockedFlushSList	0x180010118
SetLastError	0x180010120
DeleteCriticalSection	0x180010128
InitializeCriticalSectionAndSpinCount	0x180010130
TlsAlloc	0x180010138
TlsGetValue	0x180010140
TlsSetValue	0x180010148
TlsFree	0x180010150
FreeLibrary	0x180010158
GetProcAddress	0x180010160
LoadLibraryExW	0x180010168
GetCurrentProcess	0x180010170
ExitProcess	0x180010178
TerminateProcess	0x180010180
GetModuleHandleExW	0x180010188
GetModuleFileNameA	0x180010190
MultiByteToWideChar	0x180010198
WideCharToMultiByte	0x1800101a0
HeapFree	0x1800101a8
HeapAlloc	0x1800101b0
LCMapStringW	0x1800101b8
FindFirstFileExA	0x1800101c0
IsValidCodePage	0x1800101c8
GetACP	0x1800101d0
GetOEMCP	0x1800101d8
GetCPInfo	0x1800101e0
GetCommandLineA	0x1800101e8
GetCommandLineW	0x1800101f0
GetEnvironmentStringsW	0x1800101f8
FreeEnvironmentStringsW	0x180010200
GetProcessHeap	0x180010208
GetFileType	0x180010210
GetStringTypeW	0x180010218
HeapReAlloc	0x180010220
HeapSize	0x180010228
SetStdHandle	0x180010230
RaiseException	0x180010238
WriteFile	0x180010240
FlushFileBuffers	0x180010248
GetConsoleCP	0x180010250
GetConsoleMode	0x180010258
SetFilePointerEx	0x180010260
WriteConsoleW	0x180010268
CreateFileW	0x180010270

PE Exports 1 suspicious

Function	Address
DllRegisterServer	0x18000f210

Name	Latest seen	MD5
jyi6mm2w2g.dll	2023-09-14 10:54:03	7d2156efddf126dfb4c466da06f15e11
6sev8udq1h.dll	2023-09-14 10:55:02	3a96a42f6d6334a36d2ea26abb0a2c95
i9ien8gksg.dll	2023-09-14 10:56:02	fcbb53724b1df93a5d1fc45bb55b9069
hk1c9y18em.dll	2023-09-14 10:57:03	a6ac1a8bb63362ed7515f2ca02fb52be

oyylqpp3ia.dll

File details

File features detected

URLs, FQDN and IP indicators 1

PE Sections 1 suspicious

PE Resources 3

Anti debug functions 6

Anti debug functions 1

Strings analysis - File found

Import functions

PE Exports 1 suspicious

Related files by ImpHash 4 660e4ba65070c42e55f04efddf5f7d78