DigitalSide Threat Intel

recode.tan.dll?ex=670cda82&is=670b8902&hm=1619df5720aa3617f6de0de6322140f91b2876f4fc379c9595f90f1f0f9d433e&

First submission 2024-10-13 18:28:01 Last sumbission 2024-10-13 18:30:02

File details

File type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 913.5 KB (935424 bytes)
Compile time: 2024-10-13 10:46:00
MD5: bdc7a771ca8ec9770cee726c30aa65a8
SHA1: 7b322d39c7f8cc3b6bd631f4a12686c652f6e7be
SHA256: aab3515a9b5b171824fe65a559de8596577a77299237f132ef0714c76b46628a
Sections 4 .text .data .pdata .reloc
Directories 2 debug relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 5/77 VT report date: 2024-10-13 17:09:26

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXps://cdn.discordapp.com/attachments/1242908028521549954/1294944463315140699/recode.tan.dll?ex=670cda82&is=670b8902&hm=1619df5720aa3617f6de0de6322140f91b2876f4fc379c9595f90f1f0f9d433e& VirusTotal Report cdn.discordapp.com VirusTotal Report 2024-10-13 18:30:04
hXXps://cdn.discordapp.com/attachments/1242908028521549954/1294944334591823953/recode.tan.dll?ex=670cda64&is=670b88e4&hm=315d7ad3a9364eb41b384dd56ee8ebf687c268431e217989f742d3e403f3fcd1& VirusTotal Report cdn.discordapp.com VirusTotal Report 2024-10-13 18:28:01

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xb90f1 758272 6b952bef49aeef7853ca8d792ae696d0deda027e e6448a0eb7955ae552a1a50afe6007d9
.data 0xbb000 0x2dd80 148480 02a215ad50199dfa9bcc0e2f6c6caa69ff39477d f91ac62e46505fdb1e45940939da544e
.pdata 0xe9000 0x67bc 26624 5ac504bda4097a1e86a7b82893e8cb4171881a7f 6ba9ffd12d1418586cee941dbc570967
.reloc 0xf0000 0x3c4 1024 a5b2e6f9d40e429c2624c8078fd8a4f14fc12dc9 d1e8931cfad15b18c5473af34e74c1bd

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)