cred64.dll
First submission 2024-10-16 20:49:04
File details
File type: | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 1255.0 KB (1285120 bytes) |
Compile time: | 2024-08-15 09:45:11 |
MD5: | 86d2400fe6cf41987dc3d7431cbc1279 |
SHA1: | 6a1af13d077f9632535c5d8ec5294e2c2a34cb71 |
SHA256: | 9da058418bf15b7a1611c7009c7b5fb43f549e0e3de0eeba84322ee5ede5b734 |
Import Hash : | 3eb70f83441fc8632e81bd6eb89f424d |
Sections 7 | .text .rdata .data .pdata _RDATA .rsrc .reloc |
Directories 5 | import export resource debug relocation |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 51/78 VT report date: 2024-09-23 04:27:53 |
Malware Type 2 | trojan spyware |
Threat Type 3 | zusy stealer convagent |
URLs, FQDN and IP indicators 1
PE Sections 0 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0xfbaa8 | 1031168 | a840bffca3aa9d244ddad8b5a2cb1ee94224edf8 | 95b0ca45986997ca6e3d9d43ef686d83 | |
.rdata | 0xfd000 | 0x2ce02 | 184320 | b31c15b7b72a0b8dbdca09f7a67776f1b0e2970e | e3f6e8e5c5a7d6cba62cd22f7e70b4aa | |
.data | 0x12a000 | 0xbbac | 17408 | a78813eb452a3ea2733051f72437b458f0703625 | eab9f520f4edf8588a5524e594081081 | |
.pdata | 0x136000 | 0xad70 | 44544 | f7bf372e9d55055dfc74c6e34864c03a2e465225 | ac4b6f9dfef8e2d4f003bfdd9578f011 | |
_RDATA | 0x141000 | 0x94 | 512 | f614a0b55af015a86a724f9a265c569786aed260 | 830a5ca5b68ce0d267a64e5736f6792f | |
.rsrc | 0x142000 | 0xf8 | 512 | 6f2aee814106277dae3a8e6b3254dde0bfde7fc7 | 193fc41b7ab2ce83170d116dba1ce3ac | |
.reloc | 0x143000 | 0x15f4 | 5632 | 8f10d79e5d1eaa682e767e31680031046bad09d3 | 467aa201641c83407780105210404d90 |
PE Resources 1
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x142060 | 145 |
Anti debug functions 10
GetLastError |
IsDebuggerPresent |
IsProcessorFeaturePresent |
OutputDebugStringA |
OutputDebugStringW |
Process32FirstW |
Process32NextW |
RaiseException |
TerminateProcess |
UnhandledExceptionFilter |
Strings analysis - File found
XML |
FileZilla\sitemanager.xml |
Psi\profiles\default\accounts.xml |
\.purple\accounts.xml |
.purple\accounts.xml |
Library |
mscoree.dll |
KERNEL32.dll |
bcrypt.dll |
ADVAPI32.dll |
SHELL32.dll |
WININET.dll |
Crypt32.dll |
STEALERDLL.dll |
nss3.dll |
Strings analysis - Possible IPs found 1
3.8.7.4 |
Import functions
PE Exports 2 suspicious
Function | Address |
---|---|
Main | 0x1800c0c40 |
Save | 0x180005d80 |
Name | Latest seen | MD5 |
---|---|---|
cred64.dll | 2024-07-15 20:36:02 | b9bccd35addce48384491a98e1b89eb5 |
cred64.dll | 2024-07-29 00:14:02 | d4944b1c2a2636220b189ab9b8dbbc00 |
cred64.dll | 2024-08-28 07:05:02 | 4a4527a3ecf33ac8dc86e12681abf97b |
cred64.dll | 2024-10-16 20:45:03 | d936bcd060924a3ea77c08a9fe550990 |
cred64.dll | 2024-10-16 20:46:04 | 9bafe5c5cfe47a1ed2e15f2748986d92 |
cred64.dll | 2024-10-16 20:47:03 | 1b32cdb682dc2b89bab7263aa4f1f08b |
cred64.dll | 2024-10-16 20:48:02 | 304e7afdf32dbcbdce75b6366103abcb |