DigitalSide Threat Intel

rcdll.dll

First submission 2024-10-14 16:16:02

File details

File type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 12.0 KB (12288 bytes)
Compile time: 2024-07-25 18:02:37
MD5: bbdb2d184c56d60f2aba4250ffde247c
SHA1: 04cab75908074db38e0334175c14211655289e84
SHA256: 045b24fff0acdc7cec4fdf4f03e83b23741f774dfe44102e1836a4c824abcf70
Import Hash : 8417a982c865b749aebe01b789c5e6c7
Sections 6 .text .rdata .data .pdata .rsrc .reloc
Directories 5 import export resource debug relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 0/77 VT report date: 2024-10-13 19:46:07

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://206.238.196.40/ms/rcdll.dll VirusTotal Report 206.238.196.40 VirusTotal Report 2024-10-14 16:16:02

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xf38 4096 6f7ecb0548d5b58976fe65dfcc5bd5467fad5a89 50cd75b6e55699bc15bc66c14c17b5ef
.rdata 0x2000 0xcc0 3584 a7a0539f9e704327c47301befd4ad52255953d2f 4eecef71403769497bae1a237351d0a5
.data 0x3000 0x680 512 7da78b4e2d365c3eaffcef83a783084b8f1e7bf6 13d9a87c0ad5537544e3d0978e1fc598
.pdata 0x4000 0x1ec 512 576b3539eaad63341e25dc4f2758b28a9956d609 7f14d9d15ce47e1fc6790d778a999d97
.rsrc 0x5000 0x69d 2048 b7d92a2016e05b85379b644a8aae6a5966382731 023b443a4939deaadb38628cc40af124
.reloc 0x6000 0x2c 512 84a3c954aaf9f4825b12f1f8b00e33b65f24ccf2 c03f892713df946fb2b011917e85ae4f

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0x50e8 248
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x51e0 1068
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x560c 145

Meta infos 10

LegalCopyright: Copyright (C) 2015 Google Inc.
InternalName: libGLESv2
FileVersion: 2.1.17660 git hash: 9f1dc3e9933b
FileDescription: ANGLE libGLESv2 Dynamic Link Library
OriginalFilename: libGLESv2.dll
ProductVersion: 2.1.17660 git hash: 9f1dc3e9933b
PrivateBuild: 2.1.17660 git hash: 9f1dc3e9933b
Translation: 0x0409 0x04b0
Comments: Build Date: 2022-01-10 09:19:23 +0000
ProductName: ANGLE libGLESv2 Dynamic Link Library

Anti debug functions 4

IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
libGLESv2.dll
USER32.dll
api-ms-win-crt-runtime-l1-1-0.dll
Dll4.dll
KERNEL32.dll
vcruntime140.dll

Import functions

Function Address Souspicious Anti Debug
_cexit 0x1800020d0
_initialize_onexit_table 0x1800020d8
_execute_onexit_table 0x1800020e0
_configure_narrow_argv 0x1800020e8
_seh_filter_dll 0x1800020f0
_initterm_e 0x1800020f8
_initterm 0x180002100
_initialize_narrow_environment 0x180002108
Function Address Souspicious Anti Debug
CreateFileW 0x180002000
GetFileSize 0x180002008
VirtualAlloc 0x180002010
ReadFile 0x180002018
RtlLookupFunctionEntry 0x180002020
RtlCaptureContext 0x180002028
UnhandledExceptionFilter 0x180002030
SetUnhandledExceptionFilter 0x180002038
GetCurrentProcess 0x180002040
TerminateProcess 0x180002048
IsProcessorFeaturePresent 0x180002050
QueryPerformanceCounter 0x180002058
GetCurrentProcessId 0x180002060
IsDebuggerPresent 0x180002068
InitializeSListHead 0x180002070
GetSystemTimeAsFileTime 0x180002078
GetCurrentThreadId 0x180002080
RtlVirtualUnwind 0x180002088
Function Address Souspicious Anti Debug
__std_type_info_destroy_list 0x1800020a8
__C_specific_handler 0x1800020b0
memcpy 0x1800020b8
memset 0x1800020c0
Function Address Souspicious Anti Debug
MessageBoxA 0x180002098

PE Exports 2 suspicious

Function Address
Handler 0x1800010c0
RCW 0x180001000