useraccount.aspx

First submission 2024-09-28 05:33:03 Last sumbission 2024-09-28 10:51:02

File details

File type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 840.0 KB (860160 bytes)
Compile time: 2024-08-15 10:25:25
MD5: 9b73c82d8f0e6cae3bce7b2fc98b3383
SHA1: 24dd9872261cfb6931b2b400fffc9b9bdd4d5455
SHA256: 795778587d86ee3aa3d2f628e8d3994b8735c5528413b4298afac8b6a683aefb
Import Hash : ef2ca5265ff67c2cbad59c3dd4c595fe
Sections 4 .text .rdata .data .reloc
Directories 4 import export debug relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 49/77 VT report date: 2024-09-19 18:37:04
Malware Type 3 trojan downloader dropper
Threat Type 3 matanbuchus wiclm yxeidz

URLs, FQDN and IP indicators 4

URL Host (FQDN/IP) Date Added
hXXp://banydox.com/useraccount.aspx VirusTotal Report banydox.com VirusTotal Report 2024-09-28 10:51:04
hXXp://seburage.com:54801/useraccount.aspx VirusTotal Report seburage.com VirusTotal Report 2024-09-28 10:33:05
hXXp://193.109.85.43:54801/useraccount.aspx VirusTotal Report 193.109.85.43 VirusTotal Report 2024-09-28 09:44:04
hXXps://seburage.com/useraccount.aspx VirusTotal Report seburage.com VirusTotal Report 2024-09-28 05:33:03

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x99d5f 630272 914683be53c388243a4f2fb4f0c0f42512cf31ea c3adb16124e6ca1c4ab2392c2e60ecd1
.rdata 0x9b000 0x27644 161792 ec21797e9aefc4b7cc36570db05dbc80c450f89d febe043e30d43c54fdb54209a30f808a
.data 0xc3000 0x3f237c 3072 4c219708135f0883b4f5fb871d45238bf14237f6 54bcc695e7c4e9f654964f5aa508f143
.reloc 0x4b6000 0xf9bc 64000 3172f5703321559f66902d3fff85ed53f9fb2219 885aa6d4967bd5adb044f23c0d725496

Packers detected 1

Borland Delphi 3.0 (???)

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Object
%s.ocx
Library
mscoree.dll
ADVAPI32.dll
SHLWAPI.dll
libcurl.dll
SHELL32.dll
USER32.dll
KERNEL32.dll

Import functions

PE Exports 8 suspicious

Function Address
DllInstall 0x10053490
DllUpdate 0x1008e820
InitDLL 0x1005bb40
ThreadFunction 0x1005bba0
curl_easy_cleanup 0x10062f20
curl_easy_init 0x10063ce0
curl_easy_perform 0x10065a20
curl_easy_setopt 0x100669e0