vcruntime140.dll

First submission 2023-02-06 10:40:02 Last sumbission 2024-05-20 08:30:02

File details

File type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
File size: 78.98 KB (80880 bytes)
Compile time: 2019-07-18 23:54:04
MD5: a37ee36b536409056a86f50e67777dd7
SHA1: 1cafa159292aa736fc595fc04e16325b27cd6750
SHA256: 8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825
Import Hash : 6a84b7445ccacd5d29ac27de2745f356
Sections 5 .text .data .idata .rsrc .reloc
Directories 6 security relocation debug resource export import
Virus Total: 0/69 VT report date: 2023-02-06 01:40:36

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://147.45.47.150/9f244f7bc6ab2605/vcruntime140.dll VirusTotal Report 147.45.47.150 VirusTotal Report 2024-05-20 08:30:03
hXXp://185.172.128.170/8420e83ceb95f3af/vcruntime140.dll VirusTotal Report 185.172.128.170 VirusTotal Report 2024-05-18 22:58:04

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xdcf4 56832 ce007357c33fa7e0901a68b854d8d2a98cc9565a 4da508a792f17eb70fc527f196e17b1c
.data 0xf000 0x5f4 512 8f20f51d3120a29f73f5eac966c2c3d707e745a2 44f568c10e74e073142f81fd4e04d7e6
.idata 0x10000 0x584 1536 105faec2dc8fcd60857288724616c55d1b26093e 815d869d862ccfa9c90b3f4063cd90eb
.rsrc 0x11000 0x400 1024 93a777ce81ee313c7ede1bc87f674a4f5c92f341 ec015dc17ff07dd72f25a48791ffde15
.reloc 0x12000 0xa10 3072 35afbc8e084e566a5b966b515fe5cd58e837b1c0 8d6967b67a7b3932ec34879053146032

Packers detected 1

Borland Delphi 3.0 (???)

File signature

MD5 SHA1 Block size Virtual Address
a776ba51117476a3fc4871001bd080db 8e5cca4cdd8ea567896a915700e8831521e0205c 16880 64000

Strings analysis - File found

Library
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
KERNEL32.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
vcruntime140.dll

Strings analysis - Possible URLs found 15

http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a
http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
http://www.microsoft.com0
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
http://www.microsoft.com/PKI/docs/CPS/default.htm0@
http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0
http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
http://www.microsoft.com/pkiops/docs/primarycps.htm0@
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0

PE Exports 81 suspicious

Function Address
wcsstr 0x10004170
wcsrchr 0x100040c0
wcschr 0x10003ff0
unexpected 0x10007760
strstr 0x100036b0
strrchr 0x10003570
strchr 0x10003440
set_unexpected 0x10007740
memset 0x100032e0
memmove 0x10002d60
memcpy 0x100027e0
memcmp 0x10004a90
memchr 0x10002730
longjmp 0x10003fd0
_setjmp3 0x10003da0
_set_se_translator 0x10007780
_set_purecall_handler 0x10007da0
_seh_longjmp_unwind4 0x10003c08
_seh_longjmp_unwind 0x10003b04
_purecall 0x10007d80
_longjmpex 0x10003e20
_local_unwind4 0x10003b30
_local_unwind2 0x10003e96
_is_exception_typeof 0x10005c40
_global_unwind2 0x10003e30
_get_unexpected 0x10007720
_get_purecall_handler 0x10007d60
_except_handler4_common 0x10004480
_except_handler3 0x100039f8
_except_handler2 0x10003928
_chkesp 0x100045e0
__vcrt_LoadLibraryExW 0x10007d40
__vcrt_InitializeCriticalSectionEx 0x10007c60
__vcrt_GetModuleHandleW 0x10007d30
__vcrt_GetModuleFileNameW 0x10007d10
__uncaught_exceptions 0x10007710
__uncaught_exception 0x100076f0
__unDNameEx 0x1000d410
__unDName 0x1000d3e0
__telemetry_main_return_trigger 0x10003f70
__telemetry_main_invoke_trigger 0x10003f70
__std_type_info_name 0x100075b0
__std_type_info_hash 0x10007580
__std_type_info_destroy_list 0x10007550
__std_type_info_compare 0x10007510
__std_terminate 0x10005c30
__std_exception_destroy 0x100074d0
__std_exception_copy 0x10007460
__report_gsfailure 0x1000df80
__processing_throw 0x10005c20
__intrinsic_setjmp 0x10003d60
__current_exception_context 0x10005c10
__current_exception 0x10005c00
__TypeMatch 0x10006a80
__RTtypeid 0x100073d0
__RTDynamicCast 0x100072d0
__RTCastToVoid 0x10007250
__GetPlatformExceptionInfo 0x10005bb0
__FrameUnwindFilter 0x10005b60
__DestructExceptionObject 0x10005a40
__CxxUnregisterExceptionObject 0x10006ce0
__CxxRegisterExceptionObject 0x10006c30
__CxxQueryExceptionSize 0x10006c20
__CxxLongjmpUnwind 0x1000d8f0
__CxxFrameHandler3 0x1000d8b0
__CxxFrameHandler2 0x1000d8b0
__CxxFrameHandler 0x1000d8b0
__CxxExceptionFilter 0x10006ae0
__CxxDetectRethrow 0x10006a90
__BuildCatchObjectHelper 0x10006a70
__BuildCatchObject 0x10006a60
__AdjustPointer 0x10005b30
_SetWinRTOutOfMemoryExceptionCallback 0x10005b20
_NLG_Return2 0x10003f6d
_NLG_Return 0x10002707
_NLG_Dispatch2 0x10003f63
_IsExceptionObjectToBeDestroyed 0x10005af0
_FindAndUnlinkFrame 0x1000d7d0
_EH_prolog 0x1000df30
_CxxThrowException 0x10007680
_CreateFrameInfo 0x1000d7a0