vcruntime140.dll

First submission 2024-02-08 22:41:37

File details

File type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 54.88 KB (56202 bytes)
Compile time: 2019-07-18 23:54:04
MD5: ea20a0548d442458c650aacb59a6605d
SHA1: f181f8f7667deb271786181b1bfd63f5460e9d45
SHA256: d0353f255a0fd3be95e09543719d45ceddc71db1377837294a657e9b37fafaf5
Sections 5 .text .data .idata .rsrc .reloc
Directories 6 import export resource debug relocation security
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://gsggaoo.top/a9d06ea3fe859ab7/vcruntime140.dll VirusTotal Report gsggaoo.top VirusTotal Report 2024-02-08 22:41:37

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xdcf4 56832 7142019d7e7ad5f9d184fa01ecb5b9497eccf630 9f8e4e1df945d2629ea8e88287368763
.data 0xf000 0x5f4 512 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x10000 0x584 1536 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x11000 0x400 1024 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.reloc 0x12000 0xa10 3072 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e

Packers detected 1

AHTeam EP Protector 0.3 (fake PCGuard 4.03-4.15) -> FEUERRADER

File signature

MD5 SHA1 Block size Virtual Address
d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 16880 64000

Strings analysis - File found

Library
vcruntime140.dll

PE Exports 81 suspicious

Function Address
_CreateFrameInfo 0x1000d7a0
_CxxThrowException 0x10007680
_EH_prolog 0x1000df30
_FindAndUnlinkFrame 0x1000d7d0
_IsE 0x10005af0
ANONYMOUS 0x10003f63
ANONYMOUS 0x10002707
ANONYMOUS 0x10003f6d
ANONYMOUS 0x10005b20
ANONYMOUS 0x10005b30
ANONYMOUS 0x10006a60
ANONYMOUS 0x10006a70
ANONYMOUS 0x10006a90
ANONYMOUS 0x10006ae0
ANONYMOUS 0x1000d8b0
ANONYMOUS 0x1000d8b0
ANONYMOUS 0x1000d8b0
ANONYMOUS 0x1000d8f0
ANONYMOUS 0x10006c20
ANONYMOUS 0x10006c30
ANONYMOUS 0x10006ce0
ANONYMOUS 0x10005a40
ANONYMOUS 0x10005b60
ANONYMOUS 0x10005bb0
ANONYMOUS 0x10007250
ANONYMOUS 0x100072d0
ANONYMOUS 0x100073d0
ANONYMOUS 0x10006a80
ANONYMOUS 0x10005c00
ANONYMOUS 0x10005c10
ANONYMOUS 0x10003d60
ANONYMOUS 0x10005c20
ANONYMOUS 0x1000df80
ANONYMOUS 0x10007460
ANONYMOUS 0x100074d0
ANONYMOUS 0x10005c30
ANONYMOUS 0x10007510
ANONYMOUS 0x10007550
ANONYMOUS 0x10007580
ANONYMOUS 0x100075b0
ANONYMOUS 0x10003f70
ANONYMOUS 0x10003f70
ANONYMOUS 0x1000d3e0
ANONYMOUS 0x1000d410
ANONYMOUS 0x100076f0
ANONYMOUS 0x10007710
ANONYMOUS 0x10007d10
ANONYMOUS 0x10007d30
ANONYMOUS 0x10007c60
ANONYMOUS 0x10007d40
ANONYMOUS 0x100045e0
ANONYMOUS 0x10003928
ANONYMOUS 0x100039f8
ANONYMOUS 0x10004480
ANONYMOUS 0x10007d60
ANONYMOUS 0x10007720
ANONYMOUS 0x10003e30
ANONYMOUS 0x10005c40
ANONYMOUS 0x10003e96
ANONYMOUS 0x10003b30
ANONYMOUS 0x10003e20
ANONYMOUS 0x10007d80
ANONYMOUS 0x10003b04
ANONYMOUS 0x10003c08
ANONYMOUS 0x10007da0
ANONYMOUS 0x10007780
ANONYMOUS 0x10003da0
ANONYMOUS 0x10003fd0
ANONYMOUS 0x10002730
ANONYMOUS 0x10004a90
ANONYMOUS 0x100027e0
ANONYMOUS 0x10002d60
ANONYMOUS 0x100032e0
ANONYMOUS 0x10007740
ANONYMOUS 0x10003440
ANONYMOUS 0x10003570
ANONYMOUS 0x100036b0
ANONYMOUS 0x10007760
ANONYMOUS 0x10003ff0
ANONYMOUS 0x100040c0
ANONYMOUS 0x10004170