DigitalSide Threat Intel

VigorSinaUpdate.dll?ex=670c9392&is=670b4212&hm=34a01dbc68ac67677038eefba24593001752a7efc6faa020445474b71a5e778a&

First submission 2024-10-13 17:06:02

File details

File type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 562.0 KB (575488 bytes)
Compile time: 2024-10-11 20:10:22
MD5: cdd0e707baa41cfc93c769dfc25361af
SHA1: 4514c4cf5b100671f7d0fb38ed39163c830bf394
SHA256: 3342efab0dc7070c624982a3576513bb8d1d4710c86da009e381505b4dcc81d2
Import Hash : 52b7415ab69ef079f75883c0cf056278
Sections 5 .text .rdata .data .pdata .reloc
Directories 3 import tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 8/77 VT report date: 2024-10-13 16:03:49
Malware Type 1 trojan

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://cdn.discordapp.com/attachments/1292284075834343475/1294687100691812352/VigorSinaUpdate.dll?ex=670c9392&is=670b4212&hm=34a01dbc68ac67677038eefba24593001752a7efc6faa020445474b71a5e778a& VirusTotal Report cdn.discordapp.com VirusTotal Report 2024-10-13 17:06:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x32f08 208896 cb3fe2329b62e448074480a8ad774484a1b5aae7 94ffc4c67396ab3b8b1434957f7930fc
.rdata 0x34000 0x537d6 342016 109ca089fc9ebfe756519e9a8a57e2df8de6fd0d 001d14d42c50f2255323fd9cbfc39d95
.data 0x88000 0x49d0 12800 5e96e2fc8a88de5b18706aeb3ab3eec8efc8dd6f e745a2ad01b6fed5b47ff7cb5e375d79
.pdata 0x8d000 0x2130 8704 6e0525375831eaf3c1c003f849536c6311ca6599 f8425c92e35aa1b6a22109223c4d8b55
.reloc 0x90000 0x6d8 2048 67be84f5bc315cfe03b312afea9d2c2815512033 8d24fbc1496d0b715f2b30e3dedc4c59

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
mscoree.dll
ntdll.dll
USER32.dll
KERNEL32.dll

Import functions

Function Address Souspicious Anti Debug
NtClose 0x180034268
NtAllocateVirtualMemory 0x180034270
NtSuspendThread 0x180034278
NtProtectVirtualMemory 0x180034280
NtQueryVirtualMemory 0x180034288
NtFlushInstructionCache 0x180034290
NtGetContextThread 0x180034298
NtOpenThread 0x1800342a0
NtFreeVirtualMemory 0x1800342a8
NtSetContextThread 0x1800342b0
NtResumeThread 0x1800342b8
RtlCaptureContext 0x1800342c0
RtlVirtualUnwind 0x1800342c8
RtlLookupFunctionEntry 0x1800342d0
NtQuerySystemInformation 0x1800342d8
Function Address Souspicious Anti Debug
GetModuleHandleA 0x180034000
WriteConsoleW 0x180034008
CreateFileW 0x180034010
CloseHandle 0x180034018
GetConsoleMode 0x180034020
GetConsoleOutputCP 0x180034028
WriteFile 0x180034030
FlushFileBuffers 0x180034038
HeapReAlloc 0x180034040
HeapSize 0x180034048
SetStdHandle 0x180034050
SetFilePointerEx 0x180034058
GetStringTypeW 0x180034060
GetProcessHeap 0x180034068
LCMapStringW 0x180034070
FlsFree 0x180034078
QueryPerformanceCounter 0x180034080
GetCurrentProcessId 0x180034088
GetCurrentThreadId 0x180034090
GetSystemTimeAsFileTime 0x180034098
InitializeSListHead 0x1800340a0
IsDebuggerPresent 0x1800340a8
UnhandledExceptionFilter 0x1800340b0
SetUnhandledExceptionFilter 0x1800340b8
GetStartupInfoW 0x1800340c0
IsProcessorFeaturePresent 0x1800340c8
GetModuleHandleW 0x1800340d0
GetCurrentProcess 0x1800340d8
TerminateProcess 0x1800340e0
RtlPcToFileHeader 0x1800340e8
RaiseException 0x1800340f0
RtlUnwindEx 0x1800340f8
InterlockedFlushSList 0x180034100
GetLastError 0x180034108
SetLastError 0x180034110
EncodePointer 0x180034118
EnterCriticalSection 0x180034120
LeaveCriticalSection 0x180034128
DeleteCriticalSection 0x180034130
InitializeCriticalSectionAndSpinCount 0x180034138
TlsAlloc 0x180034140
TlsGetValue 0x180034148
TlsSetValue 0x180034150
TlsFree 0x180034158
FreeLibrary 0x180034160
GetProcAddress 0x180034168
LoadLibraryExW 0x180034170
ExitProcess 0x180034178
GetModuleHandleExW 0x180034180
GetModuleFileNameW 0x180034188
HeapAlloc 0x180034190
MultiByteToWideChar 0x180034198
HeapFree 0x1800341a0
GetStdHandle 0x1800341a8
GetFileType 0x1800341b0
FindClose 0x1800341b8
FindFirstFileExW 0x1800341c0
FindNextFileW 0x1800341c8
IsValidCodePage 0x1800341d0
GetACP 0x1800341d8
GetOEMCP 0x1800341e0
GetCPInfo 0x1800341e8
GetCommandLineA 0x1800341f0
GetCommandLineW 0x1800341f8
WideCharToMultiByte 0x180034200
GetEnvironmentStringsW 0x180034208
FreeEnvironmentStringsW 0x180034210
FlsAlloc 0x180034218
FlsGetValue 0x180034220
FlsSetValue 0x180034228
Function Address Souspicious Anti Debug
GetAsyncKeyState 0x180034238
MapVirtualKeyA 0x180034240
GetSystemMetrics 0x180034248
GetCursorPos 0x180034250
GetKeyNameTextA 0x180034258