DigitalSide Threat Intel

CompPkgSup.dll?ex=670ef1f2&is=670da072&hm=0ef149bf8000f5d08bd27446ab0651cfc3038bd4f627014443f6e0056b60f8df

First submission 2024-10-15 19:54:02

File details

File type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 336.05 KB (344120 bytes)
Compile time: 2024-10-12 02:55:47
MD5: f0fa6871cb996242a649dd629a0591f1
SHA1: 8e5bedd1dd509f83d13426ff22d62f349488ae5f
SHA256: 40f4d3bbb8009c0ff599f4102b1601467a3bfc18de64061f92eff0f1fc0b3d6e
Import Hash : 3254359579f23afe607e1d61dde58b23
Sections 6 .text .rdata .data .pdata .rsrc .reloc
Directories 6 import resource debug tls relocation security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 11/77 VT report date: 2024-10-15 10:55:58
Malware Type 1 trojan
Threat Type 1 gencbl

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://cdn.discordapp.com/attachments/1275547427826569297/1295519381710962760/CompPkgSup.dll?ex=670ef1f2&is=670da072&hm=0ef149bf8000f5d08bd27446ab0651cfc3038bd4f627014443f6e0056b60f8df VirusTotal Report cdn.discordapp.com VirusTotal Report 2024-10-15 19:54:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x3effb 258048 a284209a45ee0fb3441f4f1070f82e595d361493 e5b30f03c385e9496cb7f415587d6841
.rdata 0x40000 0xeb5c 60416 608a6a9656bac2fd93134fe48054b04b12cc1153 4a8b8352afec621a3ee78deba453fb28
.data 0x4f000 0x1e08 2560 0d09b4693f6537dc79e04e38c4d9f72ac252f7f4 b4438c0d30de02275d9a4bf4b89e8a6b
.pdata 0x51000 0x2c4c 11776 81aff6a2723b49c8d7268c12b50a04ef062b840a 8c3c2c61aafe2885eb3951d312a8f393
.rsrc 0x54000 0xf8 512 6bbc15a0367b83368d6ac205d6d53848301792ab 7c139771cc4b97d7f468254be5d2679a
.reloc 0x55000 0x148 512 e2c72d2de20e89a94352c9ea9825ab193068aad8 4dc9b1e2cecb0a6d7bf3095fe687757c

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x54060 145

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
77b46abf5ee59e4f7ce17f5a9a09c3bd dc1378de61d0aacaaec629faa496fccc4048713a 9272 334848

Strings analysis - File found

Log
\FortniteGame\Saved\Logs\FortniteGame.log
Text
imgui_log.txt
Library
api-ms-win-core-registry-l1-1-0.dll
DiscordHook64.dll
ADVAPI32.dll
bin\amd64\MSPDB140.DLL
api-ms-win-crt-utility-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
msvcp140.dll
api-ms-win-crt-stdio-l1-1-0.dll
WS2_32.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
vcruntime140.dll
api-ms-win-crt-filesystem-l1-1-0.dll
VCRUNTIME140_1.dll
d3dcompiler_47.dll
IMM32.dll
xinput1_4.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-environment-l1-1-0.dll
USER32.dll
KERNEL32.dll

Strings analysis - Possible URLs found 20

https://www.verisign.com/cps0
https://d.symcb.com/cps0%
http://ocsp.digicert.com0C
http://ocsp.verisign.com0
http://ocsp.digicert.com0A
https://www.verisign.com/rpa
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://sf.symcb.com/sf.crl0f
http://crl.verisign.com/pca3-g5.crl04
https://www.verisign.com/rpa0
http://logo.verisign.com/vslogo.gif04
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
https://d.symcb.com/rpa0
http://ocsp.digicert.com0X

Import functions

Function Address Souspicious Anti Debug
getenv 0x180040500
Function Address Souspicious Anti Debug
_lock_file 0x180040510
_unlock_file 0x180040518
Function Address Souspicious Anti Debug
__vcrt_LoadLibraryExW 0x180040410
__std_type_info_destroy_list 0x180040418
__std_exception_destroy 0x180040420
memchr 0x180040428
memcmp 0x180040430
memmove 0x180040438
__std_exception_copy 0x180040440
__std_terminate 0x180040448
memcpy 0x180040450
_CxxThrowException 0x180040458
__C_specific_handler_noexcept 0x180040460
__current_exception_context 0x180040468
__current_exception 0x180040470
__C_specific_handler 0x180040478
memset 0x180040480
__vcrt_GetModuleFileNameW 0x180040488
strstr 0x180040490
Function Address Souspicious Anti Debug
None 0x1800404c8
None 0x1800404d0
Function Address Souspicious Anti Debug
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z 0x1800401f8
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z 0x180040200
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z 0x180040208
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ 0x180040210
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ 0x180040218
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z 0x180040220
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z 0x180040228
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ 0x180040230
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z 0x180040238
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ 0x180040240
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z 0x180040248
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ 0x180040250
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ 0x180040258
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ 0x180040260
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z 0x180040268
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z 0x180040270
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ 0x180040278
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z 0x180040280
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z 0x180040288
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ 0x180040290
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z 0x180040298
?good@ios_base@std@@QEBA_NXZ 0x1800402a0
?always_noconv@codecvt_base@std@@QEBA_NXZ 0x1800402a8
??Bid@locale@std@@QEAA_KXZ 0x1800402b0
_Query_perf_counter 0x1800402b8
?_Xlength_error@std@@YAXPEBD@Z 0x1800402c0
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ 0x1800402c8
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ 0x1800402d0
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ 0x1800402d8
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z 0x1800402e0
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z 0x1800402e8
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z 0x1800402f0
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A 0x1800402f8
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A 0x180040300
?_Xout_of_range@std@@YAXPEBD@Z 0x180040308
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ 0x180040310
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A 0x180040318
?uncaught_exceptions@std@@YAHXZ 0x180040320
??0_Lockit@std@@QEAA@H@Z 0x180040328
??1_Lockit@std@@QEAA@XZ 0x180040330
_Query_perf_frequency 0x180040338
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z 0x180040340
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z 0x180040348
Function Address Souspicious Anti Debug
atoi 0x1800404e0
strtoul 0x1800404e8
mbstowcs_s 0x1800404f0
Function Address Souspicious Anti Debug
strcmp 0x180040690
strcpy_s 0x180040698
strncpy_s 0x1800406a0
strncpy 0x1800406a8
_wcsicmp 0x1800406b0
strcat_s 0x1800406b8
Function Address Souspicious Anti Debug
__CxxFrameHandler4 0x1800404a0
Function Address Souspicious Anti Debug
_initialize_narrow_environment 0x180040588
_configure_narrow_argv 0x180040590
_seh_filter_dll 0x180040598
_register_onexit_function 0x1800405a0
_execute_onexit_table 0x1800405a8
_beginthreadex 0x1800405b0
_crt_atexit 0x1800405b8
_invalid_parameter_noinfo 0x1800405c0
_cexit 0x1800405c8
_errno 0x1800405d0
_initterm_e 0x1800405d8
_invalid_parameter_noinfo_noreturn 0x1800405e0
_initterm 0x1800405e8
terminate 0x1800405f0
_initialize_onexit_table 0x1800405f8
Function Address Souspicious Anti Debug
Beep 0x180040030
GetCurrentProcessId 0x180040038
GetModuleHandleW 0x180040040
CreateSemaphoreW 0x180040048
VirtualQuery 0x180040050
GlobalAlloc 0x180040058
GlobalFree 0x180040060
GlobalLock 0x180040068
GlobalUnlock 0x180040070
QueryPerformanceFrequency 0x180040078
QueryPerformanceCounter 0x180040080
FreeLibrary 0x180040088
GetProcessHeap 0x180040090
InitializeSListHead 0x180040098
GetSystemTimeAsFileTime 0x1800400a0
WideCharToMultiByte 0x1800400a8
MultiByteToWideChar 0x1800400b0
RaiseException 0x1800400b8
IsDebuggerPresent 0x1800400c0
IsProcessorFeaturePresent 0x1800400c8
TerminateProcess 0x1800400d0
SetUnhandledExceptionFilter 0x1800400d8
UnhandledExceptionFilter 0x1800400e0
RtlVirtualUnwind 0x1800400e8
RtlLookupFunctionEntry 0x1800400f0
RtlCaptureContext 0x1800400f8
SleepConditionVariableSRW 0x180040100
GetLastError 0x180040108
AcquireSRWLockExclusive 0x180040110
ReleaseSRWLockExclusive 0x180040118
GetSystemInfo 0x180040120
VirtualFree 0x180040128
VirtualAlloc 0x180040130
Thread32Next 0x180040138
Thread32First 0x180040140
CreateToolhelp32Snapshot 0x180040148
ResumeThread 0x180040150
SuspendThread 0x180040158
SetThreadContext 0x180040160
GetThreadContext 0x180040168
OpenThread 0x180040170
GetCurrentThreadId 0x180040178
GetCurrentProcess 0x180040180
HeapFree 0x180040188
HeapReAlloc 0x180040190
HeapAlloc 0x180040198
HeapDestroy 0x1800401a0
HeapCreate 0x1800401a8
VirtualProtect 0x1800401b0
FlushInstructionCache 0x1800401b8
GetProcAddress 0x1800401c0
Sleep 0x1800401c8
OpenProcess 0x1800401d0
CloseHandle 0x1800401d8
K32GetProcessImageFileNameW 0x1800401e0
WakeAllConditionVariable 0x1800401e8
Function Address Souspicious Anti Debug
floorf 0x180040550
fmodf 0x180040558
sinf 0x180040560
sqrtf 0x180040568
ceilf 0x180040570
cosf 0x180040578
Function Address Souspicious Anti Debug
qsort 0x1800406c8
Function Address Souspicious Anti Debug
D3DCompile 0x180040000
Function Address Souspicious Anti Debug
fread 0x180040608
fsetpos 0x180040610
ungetc 0x180040618
_fseeki64 0x180040620
setvbuf 0x180040628
fgetpos 0x180040630
__stdio_common_vswprintf 0x180040638
fwrite 0x180040640
fputc 0x180040648
__stdio_common_vsscanf 0x180040650
fgetc 0x180040658
_wfopen 0x180040660
__stdio_common_vsprintf 0x180040668
fflush 0x180040670
fclose 0x180040678
_get_stream_buffer_pointers 0x180040680
Function Address Souspicious Anti Debug
WSACleanup 0x1800404b0
WSAStartup 0x1800404b8
Function Address Souspicious Anti Debug
realloc 0x180040528
free 0x180040530
malloc 0x180040538
_callnewh 0x180040540
Function Address Souspicious Anti Debug
GetKeyState 0x180040358
ScreenToClient 0x180040360
GetCapture 0x180040368
ClientToScreen 0x180040370
IsChild 0x180040378
GetForegroundWindow 0x180040380
MessageBoxA 0x180040388
GetAsyncKeyState 0x180040390
SetWindowLongPtrW 0x180040398
CallWindowProcW 0x1800403a0
SetClipboardData 0x1800403a8
LoadCursorW 0x1800403b0
GetClipboardData 0x1800403b8
EmptyClipboard 0x1800403c0
CloseClipboard 0x1800403c8
OpenClipboard 0x1800403d0
GetCursorPos 0x1800403d8
SetCursorPos 0x1800403e0
ReleaseCapture 0x1800403e8
GetClientRect 0x1800403f0
SetCursor 0x1800403f8
SetCapture 0x180040400
Function Address Souspicious Anti Debug
ImmReleaseContext 0x180040010
ImmGetContext 0x180040018
ImmSetCompositionWindow 0x180040020

Related files by ImpHash 1 3254359579f23afe607e1d61dde58b23

Name Latest seen MD5
win64help.dll?ex=670c3661&is=670ae4e1&hm=34e9d9802f25be6669092bd636fdec89da344d630c1feed0501755a57d63d928& 2024-10-13 18:33:02 3fe8eb38f23d00e1045c26084724785e