update.dll

First submission 2024-09-03 08:50:28

File details

File type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 41200.0 KB (42188800 bytes)
Compile time: 2023-12-31 17:19:30
MD5: 9e99b58d3b73c5f443ddd33323b13dfa
SHA1: b81c81a0896b07caafd1032c1f420c4087814af5
SHA256: 6b32bc7a49fbd0cb1c0e08bd8d2b999257b350744383acee90d54b707c799eca
Import Hash : 540867080ce64174de3841036acba743
Sections 5 .text .rdata .data .rsrc .reloc
Directories 6 import export resource debug tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://193.149.176.152:9999/update.dll VirusTotal Report 193.149.176.152 VirusTotal Report 2024-09-03 08:50:28

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x20ff9c 2162688 5bdd3643bc34f9db0d2c534633b96f9d9b833510 92cf663fb8c6b6c73ad7aa8962b2cee1
.rdata 0x211000 0x397352 3765248 ee293daca0d5ed8f06710551a23be39b94f9ac15 28716c4825c83928294cafa778fb29c5
.data 0x5a9000 0x7110 15360 6d1f26b67bef981439a7e636cf89618531db0381 19334c210e126a81bca6a8ce34c7bb9f
.rsrc 0x5b1000 0x2279c98 36150784 57d894508ecb51add9afccf7ccd95ba0a0d5579c ad38b501679e827745f32e5f633d01ef
.reloc 0x282b000 0x16cc8 93696 00928e83c8c72f29829827be818cd62a10b30b81 22228ddf9ac0709fdb5fc5ec4dd89afd

PE Resources 1

Name Language Sublanguage Offset Size Data
BMP LANG_ENGLISH SUBLANG_ENGLISH_US 0x5b1060 36150326