vcruntime140.dll

First submission 2023-02-06 10:40:02 Last sumbission 2024-10-17 08:35:02

File details

File type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
File size:	78.98 KB (80880 bytes)
Compile time:	2019-07-18 23:54:04
MD5:	a37ee36b536409056a86f50e67777dd7
SHA1:	1cafa159292aa736fc595fc04e16325b27cd6750
SHA256:	8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825
Import Hash :	6a84b7445ccacd5d29ac27de2745f356
Sections 5	.text .data .idata .rsrc .reloc
Directories 6	security relocation debug resource export import

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	0/69 VT report date: 2023-02-06 01:40:36

URLs, FQDN and IP indicators 11

URL	Host (FQDN/IP)	Date Added
hXXp://147.45.41.134/b65e93b2e3fe9102/vcruntime140.dll	147.45.41.134	2024-10-17 08:35:07
hXXp://147.45.47.86/12182f9d6e8b5491/vcruntime140.dll	147.45.47.86	2024-10-16 22:15:06
hXXp://185.216.71.126/0853a005e18f0946/vcruntime140.dll	185.216.71.126	2024-10-16 21:48:06
hXXp://91.214.78.178/094d58d3b8547ded/vcruntime140.dll	91.214.78.178	2024-10-16 21:21:07
hXXp://91.211.248.13/7e94ecaaae676f92/vcruntime140.dll	91.211.248.13	2024-10-16 08:45:06
hXXp://178.63.148.7/09f5d6b1c37d35fd/vcruntime140.dll	178.63.148.7	2024-10-15 09:19:03
hXXp://185.244.219.195/ac45f2162b48380d/vcruntime140.dll	185.244.219.195	2024-10-15 09:05:04
hXXp://178.159.43.166/0028a0f3432ee7b2/vcruntime140.dll	178.159.43.166	2024-10-13 20:25:04
hXXp://95.217.125.57/557b2ce3c387a13c/vcruntime140.dll	95.217.125.57	2024-10-13 17:00:06
hXXp://178.63.215.77/a43eb2d9880da9a6/vcruntime140.dll	178.63.215.77	2024-10-12 18:37:04
hXXp://45.91.200.43/b112953a9d0b6fc2/vcruntime140.dll	45.91.200.43	2024-10-12 02:09:04

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0xdcf4	56832	ce007357c33fa7e0901a68b854d8d2a98cc9565a	4da508a792f17eb70fc527f196e17b1c
.data	0xf000	0x5f4	512	8f20f51d3120a29f73f5eac966c2c3d707e745a2	44f568c10e74e073142f81fd4e04d7e6
.idata	0x10000	0x584	1536	105faec2dc8fcd60857288724616c55d1b26093e	815d869d862ccfa9c90b3f4063cd90eb
.rsrc	0x11000	0x400	1024	93a777ce81ee313c7ede1bc87f674a4f5c92f341	ec015dc17ff07dd72f25a48791ffde15
.reloc	0x12000	0xa10	3072	35afbc8e084e566a5b966b515fe5cd58e837b1c0	8d6967b67a7b3932ec34879053146032

Packers detected 1

Borland Delphi 3.0 (???)

File signature

MD5	SHA1	Block size	Virtual Address
a776ba51117476a3fc4871001bd080db	8e5cca4cdd8ea567896a915700e8831521e0205c	16880	64000

Strings analysis - File found

Library
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
KERNEL32.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
vcruntime140.dll

Strings analysis - Possible URLs found 15

http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a
http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
http://www.microsoft.com0
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
http://www.microsoft.com/PKI/docs/CPS/default.htm0@
http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0
http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
http://www.microsoft.com/pkiops/docs/primarycps.htm0@
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0

PE Exports 81 suspicious

Function	Address
wcsstr	0x10004170
wcsrchr	0x100040c0
wcschr	0x10003ff0
unexpected	0x10007760
strstr	0x100036b0
strrchr	0x10003570
strchr	0x10003440
set_unexpected	0x10007740
memset	0x100032e0
memmove	0x10002d60
memcpy	0x100027e0
memcmp	0x10004a90
memchr	0x10002730
longjmp	0x10003fd0
_setjmp3	0x10003da0
_set_se_translator	0x10007780
_set_purecall_handler	0x10007da0
_seh_longjmp_unwind4	0x10003c08
_seh_longjmp_unwind	0x10003b04
_purecall	0x10007d80
_longjmpex	0x10003e20
_local_unwind4	0x10003b30
_local_unwind2	0x10003e96
_is_exception_typeof	0x10005c40
_global_unwind2	0x10003e30
_get_unexpected	0x10007720
_get_purecall_handler	0x10007d60
_except_handler4_common	0x10004480
_except_handler3	0x100039f8
_except_handler2	0x10003928
_chkesp	0x100045e0
__vcrt_LoadLibraryExW	0x10007d40
__vcrt_InitializeCriticalSectionEx	0x10007c60
__vcrt_GetModuleHandleW	0x10007d30
__vcrt_GetModuleFileNameW	0x10007d10
__uncaught_exceptions	0x10007710
__uncaught_exception	0x100076f0
__unDNameEx	0x1000d410
__unDName	0x1000d3e0
__telemetry_main_return_trigger	0x10003f70
__telemetry_main_invoke_trigger	0x10003f70
__std_type_info_name	0x100075b0
__std_type_info_hash	0x10007580
__std_type_info_destroy_list	0x10007550
__std_type_info_compare	0x10007510
__std_terminate	0x10005c30
__std_exception_destroy	0x100074d0
__std_exception_copy	0x10007460
__report_gsfailure	0x1000df80
__processing_throw	0x10005c20
__intrinsic_setjmp	0x10003d60
__current_exception_context	0x10005c10
__current_exception	0x10005c00
__TypeMatch	0x10006a80
__RTtypeid	0x100073d0
__RTDynamicCast	0x100072d0
__RTCastToVoid	0x10007250
__GetPlatformExceptionInfo	0x10005bb0
__FrameUnwindFilter	0x10005b60
__DestructExceptionObject	0x10005a40
__CxxUnregisterExceptionObject	0x10006ce0
__CxxRegisterExceptionObject	0x10006c30
__CxxQueryExceptionSize	0x10006c20
__CxxLongjmpUnwind	0x1000d8f0
__CxxFrameHandler3	0x1000d8b0
__CxxFrameHandler2	0x1000d8b0
__CxxFrameHandler	0x1000d8b0
__CxxExceptionFilter	0x10006ae0
__CxxDetectRethrow	0x10006a90
__BuildCatchObjectHelper	0x10006a70
__BuildCatchObject	0x10006a60
__AdjustPointer	0x10005b30
_SetWinRTOutOfMemoryExceptionCallback	0x10005b20
_NLG_Return2	0x10003f6d
_NLG_Return	0x10002707
_NLG_Dispatch2	0x10003f63
_IsExceptionObjectToBeDestroyed	0x10005af0
_FindAndUnlinkFrame	0x1000d7d0
_EH_prolog	0x1000df30
_CxxThrowException	0x10007680
_CreateFrameInfo	0x1000d7a0