VxV_Pad_2_V1.dll?ex=670c7072&is=670b1ef2&hm=160a359bb436a70dccae393a31c0c446fb42abb66b87d8d999d8f57f77995495&

First submission 2024-10-13 18:27:02

File details

File type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Mime type:	application/x-dosexec
File size:	4770.5 KB (4884992 bytes)
Compile time:	2041-05-28 02:40:31
MD5:	bd745fd12f4298c0faf6d3cb1058bb30
SHA1:	c0b140ff4199d43005b0bb464a48fd46e2e4f20e
SHA256:	5a738bc13f111911358ff5d0dabf9660897162c9d3493c0924129bac038eb793
Import Hash :	dae02f32a21e03ce65412f6e56942daa
Sections 3	.text .rsrc .reloc
Directories 3	import resource relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	8/77 VT report date: 2024-10-13 17:30:50
Malware Type 1	trojan
Threat Type 1	msil

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXps://cdn.discordapp.com/attachments/1170852733633441792/1294649385002729483/VxV_Pad_2_V1.dll?ex=670c7072&is=670b1ef2&hm=160a359bb436a70dccae393a31c0c446fb42abb66b87d8d999d8f57f77995495&	cdn.discordapp.com	2024-10-13 18:27:02

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x2000	0x4a8104	4882944	51350ae5df1a713459c51d1f49414684353b816c	03aca4f6b8f1764c9ed315ef4b4bb0d4
.rsrc	0x4ac000	0x340	1024	daea595aa48c801040b4491a5bef2c8cec8b5892	d1a77f5a5a8b7d1ffb44f908e9ec1704
.reloc	0x4ae000	0xc	512	975fe8d13eca5259434a4384381396d2423db2f2	099ad8b390b3d1ec5cd132725140a3c6

PE Resources 1

Name	Language	Sublanguage	Offset	Size	Data
RT_VERSION	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x4ac058	744	PE Resource: RT_VERSION - Data 4VS_VERSION_INFO?DVarFileInfo$TranslationHStringFileInfo$000004b0: CompanyNameVxV Pad 2 V1B FileDescriptionVxV Pad 2 V10FileVersion1.0.0.0BInternalNameVxV Pad 2 V1.dll(LegalCopyright JOriginalFilenameVxV Pad 2 V1.dll: ProductNameVxV Pad 2 V10ProductVersion1.0.08Assembly Version1.0.0.0

Name

Language

Sublanguage

Offset

Size

Data

RT_VERSION

LANG_NEUTRAL

SUBLANG_NEUTRAL

0x4ac058

744

Meta infos 10

LegalCopyright:
Assembly Version:	1.0.0.0
InternalName:	VxV Pad 2 V1.dll
FileVersion:	1.0.0.0
CompanyName:	VxV Pad 2 V1
OriginalFilename:	VxV Pad 2 V1.dll
Translation:	0x0000 0x04b0
FileDescription:	VxV Pad 2 V1
ProductVersion:	1.0.0
ProductName:	VxV Pad 2 V1

Packers detected 1

Microsoft Visual C# / Basic .NET

Strings analysis - File found

Library
VxV Pad 2 V1.dll
USER32.dll
mscoree.dll
ntdll.dll

Strings analysis - Possible URLs found 5

https://i.pinimg.com/736x/58/72/db/5872dbc337cee578532d0bd784924c94.jpg
https://static-00.iconduck.com/assets.00/person-icon-1901x2048-a9h70k71.png
https://cdn.pixabay.com/photo/2013/07/12/12/56/home-146585_640.png
https://www.krqe.com/wp-content/uploads/sites/12/2022/12/AdobeStock_81556974.jpeg?w=2560&h=1440&crop=1
https://dm0qx8t0i9gc9.cloudfront.net/thumbnails/image/rDtN98Qoishumwih/cemented-wall-seamless-texture_fyLTZ3Du_thumb.jpg

Import functions

mscoree.dll 1

Function	Address	Souspicious	Anti Debug
_CorDllMain	0x10002000

Name	Latest seen	MD5
LOADER.dll	2022-08-02 07:12:07	2f0b24e0a8943df9671cea03bac81f8a
IZvPLPlcOQdnewd.dll	2022-09-27 09:22:02	7b16311303f3a9caccdf5459d7a0088f
pranga.dll	2022-09-27 12:31:03	33913c9e68c1773ffda89c77e2f74128
RunPe.dll	2022-11-26 11:32:02	7e602e2396e174ca36fe8757bb2ae6ff
hey.pdf	2022-11-26 11:34:01	866df0cf03d6de3b061b3feabce079a2
cnngvvtg0kn?id=z2t0bj3q4l2	2023-01-30 17:59:02	90f8c6f505fa29dbcf443a9638145160
Newtonsoft.Json.dll	2023-04-15 10:39:02	081d9558bbb7adce142da153b2d5577a
System.Data.SQLite.dll	2023-04-15 10:40:02	55c797383dbbbfe93c0fe3215b99b8ec
BouncyCastle.Crypto.dll	2023-04-15 10:41:02	f0b3e112ce4807a28e2b5d66a840ed7f
DotNetZip.dll	2023-04-15 10:42:02	a999d7f3807564cc816c16f862a60bbe
xfcdu9.dll	2023-04-18 11:51:03	389fdf6b1ce4b4d656723252966a76cc
YeniLib.dll	2023-04-19 15:52:01	7e1c63c4896de6bb721865c1ef0d0f35
BeeShell.dll	2023-04-19 18:25:02	7d2a4517999ca9c212fc93566f177584
emptyfilename.tmp	2023-05-15 11:14:02	459d85937f975c9571d2cb390a16c117
dll	2024-07-15 18:27:01	2ecb51ab00c5f340380ecf849291dbcf
MAD.dll	2024-06-09 15:21:02	655d12178996fa2e84348d53575a2c21
DLLL.dll	2024-09-27 11:25:02	7d9c5df6d1a2f85004890dc0c3d287a3
ProlongedPortable.dll	2024-09-27 16:29:02	f67e91ea39ec8ae219cbd761d17329b7
Solar_Beta.dll?ex=670cd690&is=670b8510&hm=7de3e375051b0444b9c8262a86018ba78643ee94455cc22dc6d3f71ab514350f&	2024-10-13 18:31:02	6c923ac6e2a2058abf0774d80e75726a
SillyMenu.dll?ex=670c5b65&is=670b09e5&hm=792a613aead3306fb0ec11de519ffed4c877b127f74b7dee1c26e64c96e518ad&	2024-10-13 19:59:01	5c87de108cbb7f7d04d47ad19a31744f

VxV_Pad_2_V1.dll?ex=670c7072&is=670b1ef2&hm=160a359bb436a70dccae393a31c0c446fb42abb66b87d8d999d8f57f77995495&

File details

File features detected

OSINT Enrichments

URLs, FQDN and IP indicators 1

PE Sections 1 suspicious

PE Resources 1

Meta infos 10

Packers detected 1

Strings analysis - File found

Strings analysis - Possible URLs found 5

Import functions

Related files by ImpHash 20 dae02f32a21e03ce65412f6e56942daa