DigitalSide Threat Intel

tu.dll

First submission 2022-08-04 15:12:03

File details

File type: PE32+ executable (DLL) (console) x86-64, for MS Windows
File type: 297.0 KB (304128 bytes)
Compile time: 2022-07-26 20:25:01
MD5: d38f6f01bb926df07d34de0649f608f6
SHA1: 8a3bd09ea156ede59f527af01412e66181b6d74c
SHA256: b59430d733e346aef69dc5992cee0f06d8dbfca7744d212159528c89d1008953
Sections 5 .text .rdata .data pht cdr
Directories 1 export
Virus Total: 15/69 VT report date: 2022-08-04 13:16:23

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://metalanddesign.com/tu.dll VirusTotal Report metalanddesign.com VirusTotal Report 2022-08-04 15:12:04

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xa321 41984 6d87965fcb4bdd2673fc5e97f52867ec73e2b817 0fcc1808858bab49c806e461b07c71c8
.rdata 0xc000 0x149 512 062f327a1e25e2dbbbb7848a849fa923b5d33ad5 48846de709cd330cda2e17cf40e4d011
.data 0xd000 0x22 512 ee8ce079c9e19cd1a428f7f263f4dbaba5cc8155 ead2c8e009381246ed4654c0ab379c1e
pht 0xe000 0x1df6a 122880 2ac7fa0e8cabc2a120527bcb23ab70b202f879e2 1724efd10237384b1ce5eafb2ca27ff5
cdr 0x2c000 0x216e7 137216 27624c74ab46e7dac78e1084a15c6aa83e3cfb42 547c40f9ea75a8e585496fb370555bd3

Packers detected 2

Microsoft Visual C++ vx.x DLL
Microsoft Visual C++ v6.0

Strings analysis - File found

Library
KZlsVp.dll

Strings analysis - Possible URLs found 187

https://xakep.ru/wp-content/themes/woohoo/js/matchMedia.addListener.js
https://xakep.ru/tag/uyazvimosti/
https://xakep.ru/category/privacy/
https://xakep.ru/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/css/fa.min.css
https://mc.yandex.ru/metrika/tag.js
https://xakep.ru/2022/04/20/powershell-secrets-2/
https://xakep.ru/wp-content/themes/woohoo/js/enquire.min.js
https://xakep.ru/2022/04/22/psychic-signatures-in-java/
https://xakep.ru/wp-content/plugins/elasticpress/dist/css/highlighting-styles.min.css
https://xakep.ru/wp-content/uploads/2021/10/362909/python4-v-768x1024.jpg
https://xakep.ru/wp-content/themes/woohoo/style.css
https://xakep.ru/wp-content/uploads/2022/02/374762/stream-h-104x74.jpg
https://xakep.ru/wp-content/plugins/prettify-code-syntax/javascripts/prettify.js
https://xakep.ru/2022/04/11/windows-cmd-ffmpeg/
https://xakep.ru/wp-content/plugins/xakep-core/ads/script.js
https://schema.org/ImageObject
https://xakep.ru/wp-content/uploads/2019/02/207666/python-pil-test-stand.jpg
https://xakep.ru/wp-content/uploads/2021/12/366640/273-retina-210x280.jpg
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/ghostscript-9.21.tar.gz
https://xakep.ru/wp-content/themes/woohoo/js/jquery.placeholder.js
https://xakep.ru/wp-content/uploads/2018/09/x-new_6.png
https://xakep.ru/2019/02/11/ghostbutt/feed/
http://ghostbutt.com/
https://xakep.ru/2019/02/11/opera-android-vpn/
https://xakep.ru/?p=207666
http://ogp.me/ns/fb#
https://xakep.ru/wp-login.php?redirect_to=https%3A%2F%2Fxakep.ru%2F2019%2F02%2F11%2Fghostbutt%2F
https://xakep.ru/wp-content/plugins/prettify-code-syntax/javascripts/lang-pascal.js
https://xakep.ru/wp-content/uploads/2022/04/381060/625006fecae67-h-104x74.jpg
https://xakep.ru/wp-content/plugins/wpdiscuz/assets/css/wpdiscuz-combo.min.css
https://xakep.ru/wp-content/uploads/2019/02/207666/ghost-h.jpg
https://xakep.ru/wp-content/themes/woohoo/css/ie9.css
https://xakep.ru/wp-content/plugins/prettify-code-syntax/stylesheets/default.css
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/ghostscript-9.21-linux-x86_64.tgz
https://xakep.ru/wp-content/uploads/2021/10/362909/python4-v.jpg
https://xakep.ru/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/js-css/jquery.modal.min.js
https://xakep.ru/2019/02/11/new-bleichenbacher-attacks/
https://xakep.ru/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fxakep.ru%2F2019%2F02%2F11%2Fghostbutt%2F
https://xakep.ru/feed/
https://xakep.ru/wp-content/themes/woohoo/js/widget-ajax.js
https://xakep.ru/tag/linux/
https://xakep.ru/wp-content/plugins/prettify-code-syntax/javascripts/lang-dart.js
https://xakep.ru/wp-content/plugins/wp-polls/polls-css.css
https://xakep.ru/wp-admin/users.php?page=paywall_subscribes
https://xakep.ru/wp-content/uploads/2022/01/368398/274-retina-1-1152x1536.jpg
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs923/ghostscript-9.23-linux-x86_64.tgz
https://schema.org/Organization
https://secure.gravatar.com/avatar/78da81286e3e78c6338efbb98f47680d?s=150&d=retro&r=g
https://www.ghostscript.com/download.html
https://xakep.ru/wp-content/themes/woohoo/js/theia-sticky.js
https://xakep.ru/wp-content/themes/woohoo/js/selectivizr-min.js
https://xakep.ru/wp-content/plugins/xakep-core/banners/style.css?1650873670
https://xakep.ru/wp-includes/js/wp-embed.min.js
https://xakep.ru/wp-json/wp/v2/posts/207666
https://xakep.ru/wp-content/uploads/2022/04/383081/ps-h-104x74.jpg
https://xakep.ru/about
https://xakep.ru/wp-content/uploads/2021/11/363594/272-retina.jpg
https://xakep.ru/wp-content/uploads/2021/11/363594/272-retina-70x93.jpg
https://xakep.ru/tag/android/
https://xakep.ru/wp-content/plugins/wpdiscuz/themes/default/style.css
https://xakep.ru/wp-content/plugins/xakep-core/style.css?1650873670
https://xakep.ru/wp-content/uploads/2021/12/366640/273-retina-1152x1536.jpg
https://xakep.ru/wp-content/plugins/foobox-image-lightbox/free/css/foobox.free.min.css
https://xakep.ru/wp-includes/css/dist/block-library/style.min.css
https://xakep.ru/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fxakep.ru%2F2019%2F02%2F11%2Fghostbutt%2F&format=xml
https://xakep.ru/wp-content/themes/woohoo/js/search.js
https://xakep.ru/wp-content/uploads/2017/06/xakep-favicon.png
https://xakep.ru/wp-content/uploads/2019/02/207666/ghostscript-debug-build-binary.jpg
https://xakep.ru/comments/feed/
https://xakep.ru/2022/04/21/twice-more-0days/
https://xakep.ru/wp-content/plugins/prettify-code-syntax/javascripts/load.js
https://xakep.ru/2022/04/21/herpaderping-and-ghosting/
https://xakep.ru/2022/04/22/alhack/
https://xakep.ru/wp-content/plugins/prettify-code-syntax/javascripts/lang-clj.js
https://github.com/vulhub/vulhub/tree/master/python/PIL-CVE-2018-16509
https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&subset=latin%2Ccyrillic
https://xakep.ru/wp-content/plugins/prettify-code-syntax/javascripts/lang-sql.js
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs923/ghostscript-9.23.tar.gz
https://xakep.ru/wp-content/themes/woohoo/js/html5.js
https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit
https://xakep.ru/2022/04/22/nezumi-hacking-guide-19/
https://xakep.ru/wp-content/uploads/2021/10/362909/python4-v-210x280.jpg
https://xakep.ru/wp-content/uploads/2022/01/368398/274-retina-1-70x93.jpg
https://xakep.ru/tag/pillow/
https://xakep.ru/2022/02/22/sonerezh/
https://xakep.ru/tag/vzlom/
https://xakep.ru/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/js-css/jquery.modal.min.css
https://xakep.ru/wp-content/uploads/2021/11/366590/bundle-Linux-v.jpg
https://xakep.ru/wp-content/uploads/2021/11/366590/bundle-Linux-v-768x1024.jpg
https://xakep.ru/wp-content/themes/woohoo/css/ie8.css
https://xakep.ru/wp-content/themes/woohoo/css/ie7.css
https://github.com/pwndbg/pwndbg
https://xakep.ru/wp-content/uploads/2019/02/207666/ghost-h.jpg);
https://xakep.ru/tag/windows/
https://xakep.ru/new-authors/
https://xakep.ru/wp-content/plugins/foobox-image-lightbox/free/js/foobox.free.min.js
https://xakep.ru/2022/04/22/phone-spam/
https://xakep.ru/wp-content/uploads/2021/10/362909/python4-v-1152x1536.jpg
https://xakep.ru/corporate
https://xakep.ru/wp-content/themes/woohoo
https://xakep.ru/wp-content/uploads/2022/04/383150/MicrosoftTeams-image12-320x220.jpg);
https://xakep.ru/wp-content/uploads/2018/10/190894/hacking-h-104x74.jpg
https://xakep.ru/wp-content/uploads/2017/06/xakep-favicon-93x93.png
https://xakep.ru/2022/04/08/powershell-secrets/
https://xakep.ru/wp-content/uploads/2021/11/363594/272-retina-210x280.jpg
https://xakep.ru/wp-content/uploads/2019/02/207666/ghostscript-9-21-installed.jpg
http://russiansecurity.expert/
https://xakep.ru/tag/hackthebox/
https://xakep.ru/2019/02/11/ghostbutt/?amp
https://xakep.ru/tag/articles/
https://xakep.ru/wp-content/uploads/2022/04/382853/hide-malware-h-104x74.jpg
https://xakep.ru/wp-content/uploads/2021/11/366590/bundle-Linux-v-1152x1536.jpg
https://xakep.ru/wp-content/uploads/2021/11/363594/272-retina-768x1024.jpg
https://xakep.ru/wp-content/uploads/2022/01/368398/274-retina-1-210x280.jpg
https://xakep.ru/wp-content/themes/woohoo/js/matchMedia.js
http://ogp.me/ns#
https://www.googletagservices.com/tag/js/gpt.js
https://xakep.ru/2019/02/11/ghostbutt/
https://xakep.ru/tag/ghostscript/
https://xakep.ru/2022/04/22/call-records-no-more/
https://xakep.ru/wp-content/plugins/wp-polls/polls-js.js
https://xakep.ru/2019/02/11/ghostbutt/#comments
https://xakep.ru/wp-content/uploads/2021/12/366640/273-retina.jpg
https://xakep.ru/wp-content/uploads/2021/10/362909/python4-v-70x93.jpg
https://xakep.ru/issues/xa/
https://xakep.ru/wp-includes/js/jquery/jquery.min.js
https://xakep.ru/category/admin/
https://xakep.ru/wp-content/themes/woohoo/css/main.css
https://xakep.ru/wp-content/uploads/2022/04/381386/bag-drums-h-104x74.jpg
https://my.xakep.ru/python-express
https://xakep.ru/wp-content/plugins/prettify-code-syntax/javascripts/lang-yaml.js
https://xakep.ru/wp-login.php
https://xakep.ru/xmlrpc.php
https://xakep.ru/wp-content/uploads/2021/12/366640/273-retina-768x1024.jpg
https://xakep.ru/wp-content/plugins/prettify-code-syntax/javascripts/lang-lisp.js
https://xakep.ru/wp-content/plugins/prettify-code-syntax/javascripts/lang-r.js
https://xakep.ru/wp-json/
https://xakep.ru/tag/vpn/
https://xakep.ru/wp-content/uploads/2017/10/300px-Qrator_LOGO.png
https://xakep.ru/wp-content/uploads/2021/11/366590/bundle-Linux-v-70x93.jpg
https://xakep.ru/wp-includes/js/jquery/jquery-migrate.min.js
http://schema.org/WebPage
https://xakep.ru/category/coding/
https://xakep.ru/wp-admin/admin-ajax.php?action=wpdAddSubscription
https://xakep.ru/wp-content/plugins/prettify-code-syntax/javascripts/lang-lua.js
https://api.w.org/
http://ogp.me/ns/profile#
https://xakep.ru/wp-content/uploads/2016/09/favicon.ico
https://xakep.ru/wp-includes/js/comment-reply.min.js
https://xakep.ru/wp-includes/wlwmanifest.xml
https://xakep.ru/wp-content/plugins/xakep-core/xmd.css?1650873670
https://xakep.ru/wp-content/uploads/2021/12/366640/273-retina-70x93.jpg
https://xakep.ru/category/hack/
https://xakep.ru/wp-content/plugins/prettify-code-syntax/javascripts/lang-erlang.js
https://xakep.ru/wp-content/plugins/wpdiscuz/assets/js/wpdiscuz-combo.min.js
https://xakep.ru/wp-content/uploads/2022/04/382598/toby-h-104x74.jpg
https://xakep.ru/wp-content/uploads/2022/01/368398/274-retina-1-768x1024.jpg
https://xakep.shop/
https://xakep.ru/tag/zhelezo/
https://xakep.ru/wp-content/plugins/prettify-code-syntax/javascripts/lang-go.js
https://qrator.net/ru/
https://xakep.ru/
https://xakep.ru/2022/04/19/htb-toby/
https://xakep.ru/wp-content/uploads/2022/01/368398/274-retina-1.jpg
https://xakep.ru/author/iamsecurity/
https://schema.org/Person
https://xakep.ru/2022/04/22/pwn2own-miami-2022/
https://xakep.ru/wp-content/uploads/2021/11/363594/272-retina-1152x1536.jpg
https://xakep.ru/wp-admin/admin-ajax.php
https://xakep.ru/wp-content/plugins/xakep-core/ads/style.css
http://schema.org/Article
https://xakep.ru/wp-content/uploads/2021/11/366590/bundle-Linux-v-210x280.jpg
https://xakep.ru/wp-content/themes/woohoo/js/post-like.js
https://xakep.ru/wp-content/plugins/prettify-code-syntax/javascripts/lang-css.js
https://xakep.ru/wp-content/themes/woohoo/framework/shorty/js/blocks.js
https://xakep.ru/category/geek/
https://xakep.ru/wp-content/plugins/prettify-code-syntax/javascripts/lang-hs.js
https://xakep.ru/wp-content/plugins/prettify-code-syntax/javascripts/lang-vb.js
https://xakep.ru/tag/vybor-redaktora/
https://xakep.ru/xmlrpc.php?rsd
http://gmpg.org/xfn/11
http://ogp.me/ns/article#
https://mc.yandex.ru/watch/88149838
https://xakep.ru/wp-content/themes/woohoo/js/main.js
https://xakep.ru/category/tricks/
https://schema.org/WebPage
https://xakep.ru/wp-content/themes/woohoo/js/min.js

PE Exports 14 suspicious

Function Address
DllRegisterServer 0x180001000
FKhyIY 0x180009fbd
NuZZAep 0x18000abd7
OOFtaQ 0x180009420
OgZCyjzots 0x18000983c
aoDRSSJwer 0x18000a3ff
hYfdpyf 0x180008fba
hdYZPMiSPcl 0x18000a827
jUBjiPHNOrI 0x1800087c4
qhGYdGErDK 0x1800083df
rowwHaY 0x180009bb3
tVrQzUu 0x180008bcd
vCRvWsm 0x180008032
yvSDQgtr 0x180007bad