DigitalSide Threat Intel

Flex.dll?ex=670f643d&is=670e12bd&hm=5bf582024587d9ff5a4f1d3b879dc3a71af32abf218bc2d74f8b1b849f38a43b&

First submission 2024-10-15 20:31:02

File details

File type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 483.5 KB (495104 bytes)
Compile time: 2024-04-12 23:17:46
MD5: a4b4be6d4b29266af8e66aca3836fa4a
SHA1: 75c326f0c72721dfb2af4aa9756ff8ecb1158002
SHA256: 4977ca8bb95e5104d62422242a975eb325288420379cf5b9e10d1e78645b3c5e
Import Hash : 8428cfcb4f57f8abe2f45132c19fd67d
Sections 6 .text .rdata .data .pdata .rsrc .reloc
Directories 5 import resource debug tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 30/76 VT report date: 2024-10-15 15:22:20
Malware Type 1 trojan
Threat Type 1 gamehack

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://cdn.discordapp.com/attachments/1295642004386091039/1295642102079688714/Flex.dll?ex=670f643d&is=670e12bd&hm=5bf582024587d9ff5a4f1d3b879dc3a71af32abf218bc2d74f8b1b849f38a43b& VirusTotal Report cdn.discordapp.com VirusTotal Report 2024-10-15 20:31:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x609db 395776 bdd78ebb607d1c0e19b4b4f89d4afba5ae541ae4 bfd78e9637161a4739be81d5cdf00d2e
.rdata 0x62000 0x12af6 76800 fdb48fe7c0f3ae9cb91181327ecdcc8378530735 e0255e74a9268d8822ed04ca7ac8b756
.data 0x75000 0x13c0 2560 5edc427b59fb0e064809f74da8850d9d30644446 e218af0f3794d2488dc5580598e4cc48
.pdata 0x77000 0x42b4 17408 2b9a1ce6d894b3998b986574d9c2ecab6a393e0a aecf7f006ed7dca208b60791c1544ae3
.rsrc 0x7c000 0xf8 512 860dc11240532b464be020f0d55881adc4de0259 0deaaac3f0dc5653aa759e15c976e2c4
.reloc 0x7d000 0x2a8 1024 109efb55ff8ab5254f6cf95883e2b35fcfa7b544 09146ad7795e97ac8a0231b1340e6e08

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x7c060 145

Anti debug functions 8

FindWindowA
FindWindowW
GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Text
imgui_log.txt
Library
xinput1_1.dll
KERNEL32.dll
Shcore.dll
api-ms-win-crt-heap-l1-1-0.dll
msvcp140.dll
xinput1_3.dll
xinput1_4.dll
ntdll.dll
api-ms-win-crt-stdio-l1-1-0.dll
WS2_32.dll
api-ms-win-crt-utility-l1-1-0.dll
xinput1_2.dll
dbghelp.dll
USER32.dll
jvm.dll
vcruntime140.dll
api-ms-win-crt-filesystem-l1-1-0.dll
xinput9_1_0.dll
OPENGL32.dll
IMM32.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
VCRUNTIME140_1.dll
api-ms-win-crt-math-l1-1-0.dll
GDI32.dll
KernelBase.dll

Import functions

Function Address Souspicious Anti Debug
ImageNtHeader 0x180062858
Function Address Souspicious Anti Debug
atof 0x180062670
Function Address Souspicious Anti Debug
_unlock_file 0x180062680
_lock_file 0x180062688
Function Address Souspicious Anti Debug
glOrtho 0x1800623b8
wglMakeCurrent 0x1800623c0
glDisable 0x1800623c8
wglDeleteContext 0x1800623d0
glGetIntegerv 0x1800623d8
glLoadIdentity 0x1800623e0
wglCreateContext 0x1800623e8
glMatrixMode 0x1800623f0
wglGetCurrentContext 0x1800623f8
glViewport 0x180062400
Function Address Souspicious Anti Debug
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z 0x180062220
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z 0x180062228
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ 0x180062230
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z 0x180062238
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z 0x180062240
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ 0x180062248
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z 0x180062250
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z 0x180062258
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ 0x180062260
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ 0x180062268
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z 0x180062270
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ 0x180062278
??7ios_base@std@@QEBA_NXZ 0x180062280
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z 0x180062288
??Bid@locale@std@@QEAA_KXZ 0x180062290
?always_noconv@codecvt_base@std@@QEBA_NXZ 0x180062298
?_Throw_Cpp_error@std@@YAXH@Z 0x1800622a0
?uncaught_exceptions@std@@YAHXZ 0x1800622a8
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A 0x1800622b0
?_Xlength_error@std@@YAXPEBD@Z 0x1800622b8
_Cnd_do_broadcast_at_thread_exit 0x1800622c0
_Thrd_id 0x1800622c8
_Thrd_join 0x1800622d0
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ 0x1800622d8
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z 0x1800622e0
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z 0x1800622e8
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z 0x1800622f0
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z 0x1800622f8
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ 0x180062300
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z 0x180062308
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z 0x180062310
?good@ios_base@std@@QEBA_NXZ 0x180062318
_Query_perf_frequency 0x180062320
_Mtx_destroy_in_situ 0x180062328
_Mtx_lock 0x180062330
_Mtx_init_in_situ 0x180062338
_Query_perf_counter 0x180062340
_Mtx_unlock 0x180062348
??1_Lockit@std@@QEAA@XZ 0x180062350
??0_Lockit@std@@QEAA@H@Z 0x180062358
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A 0x180062360
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ 0x180062368
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A 0x180062370
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z 0x180062378
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z 0x180062380
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z 0x180062388
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ 0x180062390
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ 0x180062398
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ 0x1800623a0
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z 0x1800623a8
Function Address Souspicious Anti Debug
GetDeviceCaps 0x180062000
Function Address Souspicious Anti Debug
strncmp 0x180062828
strcmp 0x180062830
strncpy 0x180062838
Function Address Souspicious Anti Debug
JNI_GetCreatedJavaVMs 0x180062868
Function Address Souspicious Anti Debug
exit 0x180062710
_beginthreadex 0x180062718
terminate 0x180062720
_seh_filter_dll 0x180062728
_initterm_e 0x180062730
_initterm 0x180062738
_cexit 0x180062740
_crt_atexit 0x180062748
_execute_onexit_table 0x180062750
_register_onexit_function 0x180062758
_initialize_onexit_table 0x180062760
_initialize_narrow_environment 0x180062768
_configure_narrow_argv 0x180062770
_invalid_parameter_noinfo_noreturn 0x180062778
Function Address Souspicious Anti Debug
AcquireSRWLockExclusive 0x180062038
ReleaseSRWLockExclusive 0x180062040
GetCurrentThreadId 0x180062048
SuspendThread 0x180062050
ResumeThread 0x180062058
CreateToolhelp32Snapshot 0x180062060
GetLastError 0x180062068
HeapReAlloc 0x180062070
HeapAlloc 0x180062078
GetModuleHandleA 0x180062080
Sleep 0x180062088
DisableThreadLibraryCalls 0x180062090
CreateThread 0x180062098
GetProcAddress 0x1800620a0
MultiByteToWideChar 0x1800620a8
GlobalAlloc 0x1800620b0
GlobalFree 0x1800620b8
GlobalLock 0x1800620c0
WideCharToMultiByte 0x1800620c8
GlobalUnlock 0x1800620d0
LoadLibraryA 0x1800620d8
FreeLibrary 0x1800620e0
QueryPerformanceFrequency 0x1800620e8
VerSetConditionMask 0x1800620f0
QueryPerformanceCounter 0x1800620f8
WriteProcessMemory 0x180062100
HeapFree 0x180062108
K32GetModuleFileNameExA 0x180062110
CloseHandle 0x180062118
K32GetModuleBaseNameA 0x180062120
K32GetModuleInformation 0x180062128
ReadProcessMemory 0x180062130
GetCurrentProcess 0x180062138
GetThreadContext 0x180062140
GetCurrentProcessId 0x180062148
FlushInstructionCache 0x180062150
SetThreadContext 0x180062158
OpenThread 0x180062160
VirtualFree 0x180062168
VirtualAlloc 0x180062170
GetSystemInfo 0x180062178
VirtualQuery 0x180062180
WakeAllConditionVariable 0x180062188
SleepConditionVariableSRW 0x180062190
RtlCaptureContext 0x180062198
RtlLookupFunctionEntry 0x1800621a0
RtlVirtualUnwind 0x1800621a8
UnhandledExceptionFilter 0x1800621b0
SetUnhandledExceptionFilter 0x1800621b8
TerminateProcess 0x1800621c0
IsProcessorFeaturePresent 0x1800621c8
IsDebuggerPresent 0x1800621d0
GetSystemTimeAsFileTime 0x1800621d8
InitializeSListHead 0x1800621e0
HeapCreate 0x1800621e8
OpenProcess 0x1800621f0
VirtualProtect 0x1800621f8
Thread32Next 0x180062200
K32EnumProcessModulesEx 0x180062208
Thread32First 0x180062210
Function Address Souspicious Anti Debug
cosf 0x1800626b8
sin 0x1800626c0
sqrtf 0x1800626c8
acosf 0x1800626d0
fmodf 0x1800626d8
atan2 0x1800626e0
cos 0x1800626e8
sinf 0x1800626f0
sqrt 0x1800626f8
ceilf 0x180062700
Function Address Souspicious Anti Debug
__CxxFrameHandler4 0x180062638
Function Address Souspicious Anti Debug
qsort 0x180062848
Function Address Souspicious Anti Debug
memchr 0x1800625c0
__std_exception_destroy 0x1800625c8
memcmp 0x1800625d0
memcpy 0x1800625d8
__std_exception_copy 0x1800625e0
memmove 0x1800625e8
__std_terminate 0x1800625f0
strstr 0x1800625f8
__current_exception 0x180062600
__current_exception_context 0x180062608
__C_specific_handler 0x180062610
_CxxThrowException 0x180062618
memset 0x180062620
__std_type_info_destroy_list 0x180062628
Function Address Souspicious Anti Debug
_fseeki64 0x180062788
fsetpos 0x180062790
ungetc 0x180062798
setvbuf 0x1800627a0
_get_stream_buffer_pointers 0x1800627a8
fgetc 0x1800627b0
fputc 0x1800627b8
__stdio_common_vfprintf 0x1800627c0
__stdio_common_vsscanf 0x1800627c8
fgetpos 0x1800627d0
__stdio_common_vsprintf 0x1800627d8
_wfopen 0x1800627e0
fwrite 0x1800627e8
ftell 0x1800627f0
fflush 0x1800627f8
fread 0x180062800
fseek 0x180062808
fclose 0x180062810
__acrt_iob_func 0x180062818
Function Address Souspicious Anti Debug
WSAStartup 0x180062648
closesocket 0x180062650
WSACleanup 0x180062658
socket 0x180062660
Function Address Souspicious Anti Debug
malloc 0x180062698
free 0x1800626a0
_callnewh 0x1800626a8
Function Address Souspicious Anti Debug
GetKeyState 0x180062410
GetMessageExtraInfo 0x180062418
LoadCursorA 0x180062420
DestroyWindow 0x180062428
GetDC 0x180062430
SetWindowPos 0x180062438
MonitorFromWindow 0x180062440
EnumDisplayMonitors 0x180062448
ScreenToClient 0x180062450
AdjustWindowRectEx 0x180062458
WindowFromPoint 0x180062460
ShowWindow 0x180062468
GetCapture 0x180062470
SetWindowLongA 0x180062478
ClientToScreen 0x180062480
IsChild 0x180062488
GetWindowLongW 0x180062490
TrackMouseEvent 0x180062498
GetMonitorInfoA 0x1800624a0
GetForegroundWindow 0x1800624a8
DefWindowProcA 0x1800624b0
CreateWindowExA 0x1800624b8
SendInput 0x1800624c0
FindWindowW 0x1800624c8
GetAsyncKeyState 0x1800624d0
GetSystemMetrics 0x1800624d8
FindWindowA 0x1800624e0
CallWindowProcA 0x1800624e8
SetWindowLongPtrW 0x1800624f0
GetWindowThreadProcessId 0x1800624f8
SetWindowTextW 0x180062500
SetClipboardData 0x180062508
GetClipboardData 0x180062510
EmptyClipboard 0x180062518
CloseClipboard 0x180062520
OpenClipboard 0x180062528
GetCursorPos 0x180062530
ReleaseDC 0x180062538
SetCursorPos 0x180062540
IsIconic 0x180062548
SetForegroundWindow 0x180062550
ReleaseCapture 0x180062558
RegisterClassExA 0x180062560
SetWindowLongPtrA 0x180062568
BringWindowToTop 0x180062570
IsWindowUnicode 0x180062578
UnregisterClassA 0x180062580
GetClientRect 0x180062588
SetWindowLongW 0x180062590
SetCursor 0x180062598
SetLayeredWindowAttributes 0x1800625a0
SetFocus 0x1800625a8
SetCapture 0x1800625b0
Function Address Souspicious Anti Debug
ImmSetCandidateWindow 0x180062010
ImmReleaseContext 0x180062018
ImmGetContext 0x180062020
ImmSetCompositionWindow 0x180062028