DigitalSide Threat Intel

nOjRmu66yYy4.exe?ex=670d1854&is=670bc6d4&hm=b547ab60dd344d05dcf3261e1e0ef191ab18d1671a7912e48019f9801c03b1c6&

First submission 2024-10-13 18:26:02

File details

File type: PE32+ executable (console) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 1392.0 KB (1425408 bytes)
Compile time: 2023-03-11 15:46:52
MD5: 8b923746242130bc39f9566cf8ab60dc
SHA1: 430ef7824759dc2295eb6cc5591bf2558c71e350
SHA256: 021f53c2328113f02db282d7bde017efcf807b1021173e497c06711a15d7f98f
Import Hash : a98fcc30097a9893402b8be27c43a74b
Sections 7 .text .rdata .data .pdata _RDATA .rsrc .reloc
Directories 5 import resource debug tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 29/76 VT report date: 2024-10-13 17:03:32
Malware Type 1 trojan
Threat Type 3 gamehack filerepmalware misc

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://cdn.discordapp.com/attachments/1146180038979506257/1248262806869114880/nOjRmu66yYy4.exe?ex=670d1854&is=670bc6d4&hm=b547ab60dd344d05dcf3261e1e0ef191ab18d1671a7912e48019f9801c03b1c6& VirusTotal Report cdn.discordapp.com VirusTotal Report 2024-10-13 18:26:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xaf4bc 718336 13220126e6a3fb74db21c36b0b26850529147304 74c729ffe067e412265cef5e227b941f
.rdata 0xb1000 0xa2220 664576 dc3ff3ffe332458682122e7b115280162d8a2003 9d57e79a55d59989ad76759c60a966aa
.data 0x154000 0x4204 7168 9434aa4d90349ea384e01e532170662802b64665 5ecefc752dc538d6b53e0188d9c9fa36
.pdata 0x159000 0x7080 29184 05a20b37e863974d497c1f223f55a82e4825d857 d4eab302e769e08c2f79b1e7684c7829
_RDATA 0x161000 0x15c 512 3fd54eb7ed92651af58d63f3df4dcdd5c5471309 92fa6a13e2a5108e0caa3aead0a96d6d
.rsrc 0x162000 0x288 1024 087e42634c196f85555967c5bdd71bd4062e41fc 6be9b05798cdc0744a882fd69ae48858
.reloc 0x163000 0xd14 3584 c739d83c11793749dfbe171547c63785ef8ba475 648dec168b05f1b45ea532ce07107dfa

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x162060 548

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 10

FindWindowA
GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
Process32First
Process32Next
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Text
imgui_log.txt
Library
api-ms-win-core-synch-l1-2-0.dll
mscoree.dll
KERNEL32.dll
d3dx9_43.dll
xinput1_4.dll
dwmapi.dll
xinput1_3.dll
D3DCompiler_43.dll
xinput1_2.dll
xinput9_1_0.dll
IMM32.dll
USER32.dll
xinput1_1.dll
d3d11.dll

Strings analysis - Possible URLs found 5

http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
https://github.com/JulietaUla/Montserrat)MontserratBold7.200;ULA
https://github.com/JulietaUla/Montserrat)MontserratRegular7.200;ULA
http://www.zkysky.com.ar/This
http://schemas.microsoft.com/SMI/2005/WindowsSettings

Import functions

Function Address Souspicious Anti Debug
D3DCompile 0x1400b1000
Function Address Souspicious Anti Debug
HeapReAlloc 0x1400b1040
CreateProcessW 0x1400b1048
GetExitCodeProcess 0x1400b1050
WaitForSingleObject 0x1400b1058
ReadConsoleW 0x1400b1060
EnumSystemLocalesW 0x1400b1068
GetUserDefaultLCID 0x1400b1070
IsValidLocale 0x1400b1078
GetLocaleInfoW 0x1400b1080
LCMapStringW 0x1400b1088
CompareStringW 0x1400b1090
HeapAlloc 0x1400b1098
HeapFree 0x1400b10a0
GetConsoleMode 0x1400b10a8
GetConsoleOutputCP 0x1400b10b0
FlushFileBuffers 0x1400b10b8
GetFileType 0x1400b10c0
SetFilePointerEx 0x1400b10c8
GetFileSizeEx 0x1400b10d0
GetCommandLineW 0x1400b10d8
GetCommandLineA 0x1400b10e0
WriteFile 0x1400b10e8
GetStdHandle 0x1400b10f0
GetModuleFileNameW 0x1400b10f8
ExitProcess 0x1400b1100
ReadFile 0x1400b1108
GetModuleHandleExW 0x1400b1110
FreeLibraryAndExitThread 0x1400b1118
ExitThread 0x1400b1120
CreateThread 0x1400b1128
RtlUnwind 0x1400b1130
LoadLibraryExW 0x1400b1138
TlsFree 0x1400b1140
TlsSetValue 0x1400b1148
WriteProcessMemory 0x1400b1150
ReadProcessMemory 0x1400b1158
GetModuleFileNameA 0x1400b1160
SetConsoleTitleA 0x1400b1168
GetCurrentProcess 0x1400b1170
GetTickCount64 0x1400b1178
K32GetModuleBaseNameA 0x1400b1180
Process32First 0x1400b1188
Module32Next 0x1400b1190
Module32First 0x1400b1198
OpenProcess 0x1400b11a0
CreateToolhelp32Snapshot 0x1400b11a8
Process32Next 0x1400b11b0
CloseHandle 0x1400b11b8
VirtualProtectEx 0x1400b11c0
GetModuleHandleA 0x1400b11c8
MultiByteToWideChar 0x1400b11d0
GlobalAlloc 0x1400b11d8
GlobalFree 0x1400b11e0
GlobalLock 0x1400b11e8
WideCharToMultiByte 0x1400b11f0
GlobalUnlock 0x1400b11f8
LoadLibraryA 0x1400b1200
QueryPerformanceFrequency 0x1400b1208
GetProcAddress 0x1400b1210
FreeLibrary 0x1400b1218
QueryPerformanceCounter 0x1400b1220
GetCurrentDirectoryW 0x1400b1228
CreateDirectoryW 0x1400b1230
CreateFileW 0x1400b1238
FindClose 0x1400b1240
FindFirstFileW 0x1400b1248
FindFirstFileExW 0x1400b1250
FindNextFileW 0x1400b1258
GetFileAttributesExW 0x1400b1260
IsValidCodePage 0x1400b1268
AreFileApisANSI 0x1400b1270
GetLastError 0x1400b1278
GetModuleHandleW 0x1400b1280
MoveFileExW 0x1400b1288
GetFileInformationByHandleEx 0x1400b1290
LocalFree 0x1400b1298
FormatMessageA 0x1400b12a0
GetLocaleInfoEx 0x1400b12a8
WaitForSingleObjectEx 0x1400b12b0
Sleep 0x1400b12b8
GetCurrentThreadId 0x1400b12c0
FlsAlloc 0x1400b12c8
FlsGetValue 0x1400b12d0
FlsSetValue 0x1400b12d8
FlsFree 0x1400b12e0
SetEndOfFile 0x1400b12e8
InitializeCriticalSectionEx 0x1400b12f0
GetSystemTimeAsFileTime 0x1400b12f8
EnterCriticalSection 0x1400b1300
LeaveCriticalSection 0x1400b1308
DeleteCriticalSection 0x1400b1310
EncodePointer 0x1400b1318
DecodePointer 0x1400b1320
LCMapStringEx 0x1400b1328
GetStringTypeW 0x1400b1330
GetCPInfo 0x1400b1338
InitializeCriticalSectionAndSpinCount 0x1400b1340
SetEvent 0x1400b1348
ResetEvent 0x1400b1350
CreateEventW 0x1400b1358
RtlCaptureContext 0x1400b1360
RtlLookupFunctionEntry 0x1400b1368
RtlVirtualUnwind 0x1400b1370
UnhandledExceptionFilter 0x1400b1378
SetUnhandledExceptionFilter 0x1400b1380
TerminateProcess 0x1400b1388
IsProcessorFeaturePresent 0x1400b1390
IsDebuggerPresent 0x1400b1398
GetStartupInfoW 0x1400b13a0
GetCurrentProcessId 0x1400b13a8
InitializeSListHead 0x1400b13b0
TlsGetValue 0x1400b13b8
GetACP 0x1400b13c0
GetOEMCP 0x1400b13c8
GetEnvironmentStringsW 0x1400b13d0
FreeEnvironmentStringsW 0x1400b13d8
GetProcessHeap 0x1400b13e0
SetEnvironmentVariableW 0x1400b13e8
SetStdHandle 0x1400b13f0
HeapSize 0x1400b13f8
WriteConsoleW 0x1400b1400
RtlUnwindEx 0x1400b1408
RtlPcToFileHeader 0x1400b1410
RaiseException 0x1400b1418
SetLastError 0x1400b1420
TlsAlloc 0x1400b1428
Function Address Souspicious Anti Debug
D3D11CreateDeviceAndSwapChain 0x1400b1568
Function Address Souspicious Anti Debug
DwmExtendFrameIntoClientArea 0x1400b1588
Function Address Souspicious Anti Debug
D3DXMatrixTranspose 0x1400b1578
Function Address Souspicious Anti Debug
FindWindowA 0x1400b1438
GetKeyState 0x1400b1440
ScreenToClient 0x1400b1448
GetCapture 0x1400b1450
ClientToScreen 0x1400b1458
TrackMouseEvent 0x1400b1460
SetCapture 0x1400b1468
SetCursor 0x1400b1470
GetClientRect 0x1400b1478
ReleaseCapture 0x1400b1480
SetCursorPos 0x1400b1488
GetCursorPos 0x1400b1490
OpenClipboard 0x1400b1498
CloseClipboard 0x1400b14a0
EmptyClipboard 0x1400b14a8
GetClipboardData 0x1400b14b0
SetClipboardData 0x1400b14b8
DispatchMessageA 0x1400b14c0
LoadCursorA 0x1400b14c8
SetWindowPos 0x1400b14d0
ShowWindow 0x1400b14d8
GetAsyncKeyState 0x1400b14e0
SetWindowLongA 0x1400b14e8
GetForegroundWindow 0x1400b14f0
MoveWindow 0x1400b14f8
DefWindowProcA 0x1400b1500
CreateWindowExA 0x1400b1508
SetLayeredWindowAttributes 0x1400b1510
TranslateMessage 0x1400b1518
LoadIconA 0x1400b1520
PeekMessageA 0x1400b1528
UnregisterClassA 0x1400b1530
PostQuitMessage 0x1400b1538
RegisterClassExA 0x1400b1540
UpdateWindow 0x1400b1548
GetWindowThreadProcessId 0x1400b1550
GetWindowRect 0x1400b1558
Function Address Souspicious Anti Debug
ImmReleaseContext 0x1400b1010
ImmSetCompositionWindow 0x1400b1018
ImmSetCandidateWindow 0x1400b1020
ImmAssociateContextEx 0x1400b1028
ImmGetContext 0x1400b1030