CompPkgSup.dll?ex=670fa3ae&is=670e522e&hm=0b60d6d6ae09437ed31eeae63fe1cdcec8191ba2645f3ef726e372c63b4c2f96&
First submission 2024-10-13 19:45:02
Last sumbission 2024-10-15 19:53:02
File details
| File type: | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 5451.41 KB (5582248 bytes) |
| Compile time: | 2024-10-10 00:49:02 |
| MD5: | 5a64f8b68c232aa482411d1638011b6b |
| SHA1: | 5fb42bb34d255acef944d560606b7bc78b0b00fc |
| SHA256: | 2fb59f7698a1ec5f801292ec4c63dcdf256b96d0a199eb7acd014dd8f7c6dad0 |
| Import Hash : | e621a1a023607281564c146f7b3a29b6 |
| Sections 12 | .text��� .rdata�� .data��� .pdata�� .00cfg�� .fptable .retplne .tls���� _RDATA�� .vmp0��� .vmp1��� .reloc�� |
| Directories 4 | import tls relocation security |
File features detected
Is DLL
Packers
Anti Debug
URLs, FQDN and IP indicators 2
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXps://cdn.discordapp.com/attachments/1295527483990343751/1295529030979686530/CompPkgSup.dll?ex=670fa3ae&is=670e522e&hm=0b60d6d6ae09437ed31eeae63fe1cdcec8191ba2645f3ef726e372c63b4c2f96&  |
cdn.discordapp.com |
2024-10-15 19:53:07 |
| hXXps://cdn.discordapp.com/attachments/1279305711012282378/1294114982010814565/CompPkgSup_.dll?ex=670c78ff&is=670b277f&hm=18a712e26d0b35c07a11382102c079bf667453ffb8b8771d8b509760118520be& |
cdn.discordapp.com |
2024-10-13 19:45:02 |
PE Sections 11 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x1000 | 0x4555b | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .rdata�� | 0x47000 | 0x12b44 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .data��� | 0x5a000 | 0x2c2ca4 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .pdata�� | 0x31d000 | 0x1b54 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .00cfg�� | 0x31f000 | 0x38 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .fptable | 0x320000 | 0x100 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .retplne | 0x321000 | 0xc8 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .tls���� | 0x322000 | 0x9 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| _RDATA�� | 0x323000 | 0x1f4 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .vmp0��� | 0x324000 | 0x359f49 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .vmp1��� | 0x67e000 | 0x550b88 | 5573632 | 3b3a1ae796a3cf0d9a8764c170316573c5c16f11 | f096ebe083cfa10dd4056af3714dcf4a | |
| .reloc�� | 0xbcf000 | 0xc4 | 512 | 49d986aa6c5f272ed35d588ef71bc75593648985 | c3cec31b91b3d60a20e91d5333755f04 |
Anti debug functions 1
| Virtual Box |
File signature
| MD5 | SHA1 | Block size | Virtual Address |
|---|---|---|---|
| 64fed70c59d129255e83b0019e78df69 | 3e340ddb33dcfccfde07352ca46d99db3812c56a | 7080 | 5575168 |
Strings analysis - File found
| Library |
| KERNEL32.dll |
| USER32.dll |
| WTSAPI32.dll |
Strings analysis - Possible URLs found 12
| https://www.verisign.com/cps0 |
| http://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0 |
| https://d.symcb.com/cps0% |
| http://sf.symcb.com/sf.crt0 |
| http://ocsp.verisign.com0 |
| https://www.verisign.com/rpa |
| http://sf.symcb.com/sf.crl0f |
| http://crl.verisign.com/pca3-g5.crl04 |
| https://www.verisign.com/rpa0 |
| http://logo.verisign.com/vslogo.gif04 |
| http://sf.symcd.com0& |
| https://d.symcb.com/rpa0 |