DigitalSide Threat Intel

Swift-sleep10-jitter-50-amsiPatch-Breakpoints.dll

First submission 2024-10-17 18:36:03

File details

File type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 95.5 KB (97792 bytes)
Compile time: 2024-09-19 07:53:04
MD5: 68ab6bcbb50fb8f895e92f8c00e350ff
SHA1: 127adb4b8367aa3f37aaf3ed72cfe79690170023
SHA256: e72717c3598893ddb4444f71747b3010171ed14737d63d043ecf9ec7844fd5a5
Sections 6 .text .data .rdata .edata .idata .reloc
Directories 3 import export relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 25/77 VT report date: 2024-10-17 18:30:15
Malware Type 1 trojan
Threat Type 3 marte shellcode hack

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://169.1.16.29/Swift-sleep10-jitter-50-amsiPatch-Breakpoints.dll VirusTotal Report 169.1.16.29 VirusTotal Report 2024-10-17 18:36:03

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x15d6c 89600 096093306cac324d16787c7781253ad87cfe6995 f6df0337b0570ee64a409933a3be70ca
.data 0x17000 0x640 2048 dc5f72bbd8cdbdbc22344aae1149203baa5eda6f 9d21723eeec2ed5b6d94ac44b40f581b
.rdata 0x18000 0x3c0 1024 aa3d6dd21d2526e3bb159e6a6b0d2735bcdd732d 98c0c0edee66b0868e6f717027c9a01e
.edata 0x19000 0x5b 512 35aa432e3e09c22eb7743e3b3e73d67838088638 4a4cb6add69092d4d9a1f8f770a04c83
.idata 0x1a000 0x14 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.reloc 0x1b000 0xb14 3072 44203188962275a70b8f190c2216de2de7528a4a c483f9d7f122796f1a6e065bc87ebbe7

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Library
demon.x86.dll

PE Exports 2 suspicious

Function Address
DllMain@12 0x63849a00
Start 0x63852d78