jyi6mm2w2g.dll

First submission 2023-09-14 10:54:03

File details

File type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Mime type:	application/x-dosexec
File size:	1093.0 KB (1119232 bytes)
Compile time:	2023-09-11 18:15:51
MD5:	7d2156efddf126dfb4c466da06f15e11
SHA1:	cf90131f73f72b7f32bccca438283a04a1001dbe
SHA256:	452bb497728f1eb2ccd56b83f7a13e51447bd79852085e68908cb6c47625060b
Import Hash :	660e4ba65070c42e55f04efddf5f7d78
Sections 7	.text .rdata .data .pdata .gfids .rsrc .reloc
Directories 4	import export resource relocation
Virus Total:	15/70 VT report date: 2023-09-14 08:48:23

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://23.88.100.71/jyi6mm2w2g.dll	23.88.100.71	2023-09-14 10:54:03

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0xe83d	59904	f0478e72303212d9ff227c9de4ccfa312838ece9	5ca0c94e51412e1c03389811bd4f490a
.rdata	0x10000	0x419d6	268800	fa16cebc7ef5be1354fff1899eeb76fad92b65ed	3c5b30c91148eb43a6ca921fa0ddeaaf
.data	0x52000	0xbfbb8	780800	e303867394969b5202c11762bbf2b9e471f360e2	ff53217541840dd98296d8cffe1ad986
.pdata	0x112000	0xe4c	4096	bf32d986708b801efcad62e3bd1c3f84467da771	bd8d2698e17d03d37ac8278219176162
.gfids	0x113000	0x94	512	18863189ddb3e9bbb7b2939ec00e4fb9b6ee4cb9	1947c73fe158e983612ea38eb99b3cba
.rsrc	0x114000	0x728	2048	0c55dd4c0998fed3b6019e177e9106fb279b7af0	cbc8a329d23b29cf1007bd2a03f54f84
.reloc	0x115000	0x61c	2048	0900611d72b0ab38fdae3bfe15a84a52b7412d65	5c59096811af801a95e7e38e9e770580

PE Resources 3

Name	Language	Sublanguage	Offset	Size	Data
RT_STRING	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x114320	646	PE Resource: RT_STRING - Data %d 641! Moscow Detached.Harderflint Popular Listened? mental CompelledAlec compare Echo+ dip- %d Tales) Proceedingsickly_arrested_ Beehive burn Fuel9%d identical_ Cost? Puddle Despair Servant@ %d$ machineryknocked 439, Careers 599. Madame 419 492 515@213, Newspapers climate@ Spur%d %s\ 207$ 871( blond acorn
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x1145a8	381	PE Resource: RT_MANIFEST - Data <?xml version='1.0' encoding='UTF-8' standalone='yes'?> <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level='asInvoker' uiAccess='false' /> </requestedPrivileges> </security> </trustInfo> </assembly>
None	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x114120	196

Name

Language

Sublanguage

Offset

Size

Data

RT_STRING

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x114320

646

RT_MANIFEST

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x1145a8

381

None

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x114120

196

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

Bochs & QEmu CPUID Trick

Strings analysis - File found

Library
mscoree.dll
utpcxre663tc32.dll
KERNEL32.dll

Import functions

KERNEL32.dll 79

Function	Address	Souspicious	Anti Debug
EnterCriticalSection	0x180010000
LeaveCriticalSection	0x180010008
InitializeCriticalSection	0x180010010
CloseHandle	0x180010018
GetLastError	0x180010020
GetCurrentActCtx	0x180010028
HeapCreate	0x180010030
TryEnterCriticalSection	0x180010038
CreateThread	0x180010040
OpenThread	0x180010048
FindFirstFileA	0x180010050
FindNextFileA	0x180010058
FindClose	0x180010060
WaitForSingleObject	0x180010068
GetStdHandle	0x180010070
WaitForMultipleObjects	0x180010078
GetCurrentThread	0x180010080
CreateFileMappingA	0x180010088
VirtualAlloc	0x180010090
DuplicateHandle	0x180010098
QueryPerformanceCounter	0x1800100a0
GetCurrentProcessId	0x1800100a8
GetCurrentThreadId	0x1800100b0
GetSystemTimeAsFileTime	0x1800100b8
InitializeSListHead	0x1800100c0
RtlCaptureContext	0x1800100c8
RtlLookupFunctionEntry	0x1800100d0
RtlVirtualUnwind	0x1800100d8
IsDebuggerPresent	0x1800100e0
UnhandledExceptionFilter	0x1800100e8
SetUnhandledExceptionFilter	0x1800100f0
GetStartupInfoW	0x1800100f8
IsProcessorFeaturePresent	0x180010100
GetModuleHandleW	0x180010108
RtlUnwindEx	0x180010110
InterlockedFlushSList	0x180010118
SetLastError	0x180010120
DeleteCriticalSection	0x180010128
InitializeCriticalSectionAndSpinCount	0x180010130
TlsAlloc	0x180010138
TlsGetValue	0x180010140
TlsSetValue	0x180010148
TlsFree	0x180010150
FreeLibrary	0x180010158
GetProcAddress	0x180010160
LoadLibraryExW	0x180010168
GetCurrentProcess	0x180010170
ExitProcess	0x180010178
TerminateProcess	0x180010180
GetModuleHandleExW	0x180010188
GetModuleFileNameA	0x180010190
MultiByteToWideChar	0x180010198
WideCharToMultiByte	0x1800101a0
HeapFree	0x1800101a8
HeapAlloc	0x1800101b0
LCMapStringW	0x1800101b8
FindFirstFileExA	0x1800101c0
IsValidCodePage	0x1800101c8
GetACP	0x1800101d0
GetOEMCP	0x1800101d8
GetCPInfo	0x1800101e0
GetCommandLineA	0x1800101e8
GetCommandLineW	0x1800101f0
GetEnvironmentStringsW	0x1800101f8
FreeEnvironmentStringsW	0x180010200
GetProcessHeap	0x180010208
GetFileType	0x180010210
GetStringTypeW	0x180010218
HeapReAlloc	0x180010220
HeapSize	0x180010228
SetStdHandle	0x180010230
RaiseException	0x180010238
WriteFile	0x180010240
FlushFileBuffers	0x180010248
GetConsoleCP	0x180010250
GetConsoleMode	0x180010258
SetFilePointerEx	0x180010260
WriteConsoleW	0x180010268
CreateFileW	0x180010270

PE Exports 1 suspicious

Function	Address
DllRegisterServer	0x18000f22c

Name	Latest seen	MD5
oyylqpp3ia.dll	2023-09-14 10:52:03	45f4c6ea59bc7a8c2d20098698104940
6sev8udq1h.dll	2023-09-14 10:55:02	3a96a42f6d6334a36d2ea26abb0a2c95
i9ien8gksg.dll	2023-09-14 10:56:02	fcbb53724b1df93a5d1fc45bb55b9069
hk1c9y18em.dll	2023-09-14 10:57:03	a6ac1a8bb63362ed7515f2ca02fb52be

jyi6mm2w2g.dll

File details

File features detected

URLs, FQDN and IP indicators 1

PE Sections 1 suspicious

PE Resources 3

Anti debug functions 6

Anti debug functions 1

Strings analysis - File found

Import functions

PE Exports 1 suspicious

Related files by ImpHash 4 660e4ba65070c42e55f04efddf5f7d78