DigitalSide Threat Intel

SillyMenu.dll?ex=670c5b65&is=670b09e5&hm=792a613aead3306fb0ec11de519ffed4c877b127f74b7dee1c26e64c96e518ad&

First submission 2024-10-13 19:59:01

File details

File type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Mime type: application/x-dosexec
File size: 41.0 KB (41984 bytes)
Compile time: 2041-10-11 04:57:30
MD5: 5c87de108cbb7f7d04d47ad19a31744f
SHA1: d474cda4b2bd0f5a01ac175356e0101278beb955
SHA256: 9fd805edf5687ab1eec97b8004a9f1a4d5fcf31a3dab79602d4232a49387c79f
Import Hash : dae02f32a21e03ce65412f6e56942daa
Sections 3 .text .rsrc .reloc
Directories 4 import resource debug relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 3/77 VT report date: 2024-10-13 19:23:28
Threat Type 1 msil

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://cdn.discordapp.com/attachments/1245502741833322541/1245523224578490468/SillyMenu.dll?ex=670c5b65&is=670b09e5&hm=792a613aead3306fb0ec11de519ffed4c877b127f74b7dee1c26e64c96e518ad& VirusTotal Report cdn.discordapp.com VirusTotal Report 2024-10-13 19:59:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x2000 0x9a90 39936 d6d83e41113ebfc376da5dc1096fb27f7ffe840e 2bcd66e7100b55d81596ce68a04a57a2
.rsrc 0xc000 0x31c 1024 9d42a03f6bdb6861caa08beff7bd196953f29ba1 916ccfadd5dd12e0189ef8d1de7e3cf9
.reloc 0xe000 0xc 512 cb863e941d2f7193a977e2e731111a6ce2672429 7b0ef807a8f360b9982187b6fe2bd2b4

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0xc058 704

Meta infos 10

LegalCopyright:
Assembly Version: 1.0.0.0
InternalName: SillyMenu.dll
FileVersion: 1.0.0.0
CompanyName: SillyMenu
OriginalFilename: SillyMenu.dll
Translation: 0x0000 0x04b0
FileDescription: SillyMenu
ProductVersion: 1.0.0
ProductName: SillyMenu

Packers detected 1

Microsoft Visual C# / Basic .NET

Strings analysis - File found

Library
SillyMenu.dll
mscoree.dll

Strings analysis - Possible URLs found 2

https://adlibsreal.github.io/8g8ZjzUgLEc.jpg
https://adlibsreal.github.io/FfYMUDwXkAAOj2j.jpg

Import functions

Function Address Souspicious Anti Debug
_CorDllMain 0x10002000

Related files by ImpHash 20 dae02f32a21e03ce65412f6e56942daa

Name Latest seen MD5
LOADER.dll 2022-08-02 07:12:07 2f0b24e0a8943df9671cea03bac81f8a
IZvPLPlcOQdnewd.dll 2022-09-27 09:22:02 7b16311303f3a9caccdf5459d7a0088f
pranga.dll 2022-09-27 12:31:03 33913c9e68c1773ffda89c77e2f74128
RunPe.dll 2022-11-26 11:32:02 7e602e2396e174ca36fe8757bb2ae6ff
hey.pdf 2022-11-26 11:34:01 866df0cf03d6de3b061b3feabce079a2
cnngvvtg0kn?id=z2t0bj3q4l2 2023-01-30 17:59:02 90f8c6f505fa29dbcf443a9638145160
Newtonsoft.Json.dll 2023-04-15 10:39:02 081d9558bbb7adce142da153b2d5577a
System.Data.SQLite.dll 2023-04-15 10:40:02 55c797383dbbbfe93c0fe3215b99b8ec
BouncyCastle.Crypto.dll 2023-04-15 10:41:02 f0b3e112ce4807a28e2b5d66a840ed7f
DotNetZip.dll 2023-04-15 10:42:02 a999d7f3807564cc816c16f862a60bbe
xfcdu9.dll 2023-04-18 11:51:03 389fdf6b1ce4b4d656723252966a76cc
YeniLib.dll 2023-04-19 15:52:01 7e1c63c4896de6bb721865c1ef0d0f35
BeeShell.dll 2023-04-19 18:25:02 7d2a4517999ca9c212fc93566f177584
emptyfilename.tmp 2023-05-15 11:14:02 459d85937f975c9571d2cb390a16c117
dll 2024-07-15 18:27:01 2ecb51ab00c5f340380ecf849291dbcf
MAD.dll 2024-06-09 15:21:02 655d12178996fa2e84348d53575a2c21
DLLL.dll 2024-09-27 11:25:02 7d9c5df6d1a2f85004890dc0c3d287a3
ProlongedPortable.dll 2024-09-27 16:29:02 f67e91ea39ec8ae219cbd761d17329b7
VxV_Pad_2_V1.dll?ex=670c7072&is=670b1ef2&hm=160a359bb436a70dccae393a31c0c446fb42abb66b87d8d999d8f57f77995495& 2024-10-13 18:27:02 bd745fd12f4298c0faf6d3cb1058bb30
Solar_Beta.dll?ex=670cd690&is=670b8510&hm=7de3e375051b0444b9c8262a86018ba78643ee94455cc22dc6d3f71ab514350f& 2024-10-13 18:31:02 6c923ac6e2a2058abf0774d80e75726a