account2.aspx

First submission 2024-10-17 00:31:02

File details

File type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	285.5 KB (292352 bytes)
Compile time:	2024-10-16 21:48:01
MD5:	dbc0c2b6d7d32f874bcd3106f289bd39
SHA1:	3a7b9edf266bc28d3dd5ab227ab85e58d8dd7812
SHA256:	b3fbd0d41a21faa8808dc9acfb383df8cbfaa6dcdbb97d694f1107151cbecf33
Import Hash :	c42f350ae80747a40ff805999d415e09
Sections 4	.text .rdata .data .reloc
Directories 5	import export debug tls relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	10/77 VT report date: 2024-10-17 00:00:37
Malware Type 2	trojan downloader

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXps://ebaltrahal.com/account2.aspx	ebaltrahal.com	2024-10-17 00:31:02

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x3498f	215552	d3e523a03bb83fbfe1007d19569c50902b5e8f60	07f470a6a8e642086ca798811bf2fef2
.rdata	0x36000	0xd904	55808	ba6d540555c37ec0f344726aabece3e3a66bd604	2a305a9ef40206f1860884cc491e3a73
.data	0x44000	0x467b04	3584	8941445d6eda755fc06c62ab76b47519c52f0ea3	422d9e7734e3e7b8b2d4869db28f32fa
.reloc	0x4ac000	0x3e7c	16384	ff22540f3f2e71b1e1b25c751efe801c64ff1d1f	275f93e20e531d5592c8f329d8648fb1

Packers detected 1

Borland Delphi 3.0 (???)

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Object
%s.ocx
Library
mscoree.dll
USER32.dll
SHELL32.dll
-msi.dll
libcurl.dll
ADVAPI32.dll
KERNEL32.dll
SHLWAPI.dll

Import functions

ADVAPI32.dll 3 SHELL32.dll 1 KERNEL32.dll 82 SHLWAPI.dll 2 USER32.dll 28

Function	Address	Souspicious	Anti Debug
RegCreateKeyExW	0x10036000
RegCloseKey	0x10036004
RegSetValueExW	0x10036008

Function	Address	Souspicious	Anti Debug
SHCreateDirectoryExW	0x1003615c

Function	Address	Souspicious	Anti Debug
GetLastError	0x10036010
SetLastError	0x10036014
HeapAlloc	0x10036018
HeapReAlloc	0x1003601c
GetProcessHeap	0x10036020
GetCurrentProcessId	0x10036024
ExitProcess	0x10036028
GetCurrentThreadId	0x1003602c
CreateProcessW	0x10036030
GetCurrentProcessorNumber	0x10036034
GetTickCount	0x10036038
GetWindowsDirectoryW	0x1003603c
GetModuleHandleA	0x10036040
lstrlenA	0x10036044
lstrlenW	0x10036048
IsBadReadPtr	0x1003604c
IsValidCodePage	0x10036050
GetOEMCP	0x10036054
GetSystemDefaultUILanguage	0x10036058
GetSystemDefaultLangID	0x1003605c
GetThreadUILanguage	0x10036060
GetACP	0x10036064
WriteConsoleW	0x10036068
CreateFileW	0x1003606c
CloseHandle	0x10036070
SetFilePointerEx	0x10036074
GetConsoleMode	0x10036078
GetConsoleOutputCP	0x1003607c
WriteFile	0x10036080
FlushFileBuffers	0x10036084
SetStdHandle	0x10036088
HeapSize	0x1003608c
GetStringTypeW	0x10036090
GetFileType	0x10036094
GetStdHandle	0x10036098
LCMapStringW	0x1003609c
FreeEnvironmentStringsW	0x100360a0
GetEnvironmentStringsW	0x100360a4
WideCharToMultiByte	0x100360a8
MultiByteToWideChar	0x100360ac
GetCommandLineA	0x100360b0
SetEnvironmentVariableW	0x100360b4
GetEnvironmentVariableW	0x100360b8
GetCommandLineW	0x100360bc
GetCPInfo	0x100360c0
FindNextFileW	0x100360c4
FindFirstFileExW	0x100360c8
FindClose	0x100360cc
ReleaseSRWLockExclusive	0x100360d0
AcquireSRWLockExclusive	0x100360d4
WakeAllConditionVariable	0x100360d8
SleepConditionVariableSRW	0x100360dc
IsProcessorFeaturePresent	0x100360e0
IsDebuggerPresent	0x100360e4
UnhandledExceptionFilter	0x100360e8
SetUnhandledExceptionFilter	0x100360ec
GetStartupInfoW	0x100360f0
GetModuleHandleW	0x100360f4
QueryPerformanceCounter	0x100360f8
GetSystemTimeAsFileTime	0x100360fc
InitializeSListHead	0x10036100
GetCurrentProcess	0x10036104
TerminateProcess	0x10036108
RtlUnwind	0x1003610c
InterlockedFlushSList	0x10036110
EncodePointer	0x10036114
EnterCriticalSection	0x10036118
LeaveCriticalSection	0x1003611c
DeleteCriticalSection	0x10036120
InitializeCriticalSectionAndSpinCount	0x10036124
TlsAlloc	0x10036128
TlsGetValue	0x1003612c
TlsSetValue	0x10036130
TlsFree	0x10036134
FreeLibrary	0x10036138
GetProcAddress	0x1003613c
LoadLibraryExW	0x10036140
RaiseException	0x10036144
GetModuleHandleExW	0x10036148
GetModuleFileNameW	0x1003614c
HeapFree	0x10036150
DecodePointer	0x10036154

Function	Address	Souspicious	Anti Debug
StrCmpIW	0x10036164
PathAppendW	0x10036168

Function	Address	Souspicious	Anti Debug
GetLastActivePopup	0x10036170
GetTopWindow	0x10036174
GetShellWindow	0x10036178
GetParent	0x1003617c
GetCaretBlinkTime	0x10036180
GetCursor	0x10036184
GetCursorPos	0x10036188
GetWindowDC	0x1003618c
GetForegroundWindow	0x10036190
EndMenu	0x10036194
GetSubMenu	0x10036198
ArrangeIconicWindows	0x1003619c
GetMenu	0x100361a0
IsWindowEnabled	0x100361a4
IsWindowUnicode	0x100361a8
GetCapture	0x100361ac
GetFocus	0x100361b0
GetActiveWindow	0x100361b4
GetDlgCtrlID	0x100361b8
IsZoomed	0x100361bc
IsWindowVisible	0x100361c0
OpenIcon	0x100361c4
IsWindow	0x100361c8
GetDoubleClickTime	0x100361cc
GetMessageTime	0x100361d0
GetMessagePos	0x100361d4
wsprintfW	0x100361d8
DestroyMenu	0x100361dc

PE Exports 10 suspicious

Function	Address
DllInstall	0x1001dda0
DllUninitialize	0x100260c0
Main	0x10021640
MainDll	0x10021680
ThreadFunction	0x100216e0
UnregisterDll	0x10023e00
curl_easy_cleanup	0x10023eb0
curl_easy_init	0x10023f20
curl_easy_perform	0x10024a80
curl_easy_setopt	0x10024ae0