i9ien8gksg.dll

First submission 2023-09-14 10:56:02

File details

File type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Mime type:	application/x-dosexec
File size:	1094.0 KB (1120256 bytes)
Compile time:	2023-09-11 18:16:49
MD5:	fcbb53724b1df93a5d1fc45bb55b9069
SHA1:	890b9b2dfda3203dc1a65c926d45b4e55db7c01a
SHA256:	33e80e854c0959e28b1f94cdcd67e28298dcfa3d80d160bc2042f00047a81922
Import Hash :	660e4ba65070c42e55f04efddf5f7d78
Sections 7	.text .rdata .data .pdata .gfids .rsrc .reloc
Directories 4	import export resource relocation
Virus Total:	15/70 VT report date: 2023-09-14 08:48:10

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://23.88.100.71/i9ien8gksg.dll	23.88.100.71	2023-09-14 10:56:03

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0xe849	59904	ef30c5e954f119e882a203672b4590932f20aa66	0b38afbba0ec6fbd686032b9370e46f5
.rdata	0x10000	0x41a26	269312	f7610ce8a8f4d9688511b401f4227094821d4e42	19b614be781b1f5ee1f7e64fe3e25251
.data	0x52000	0xbfd38	781312	4cff7ee7047c9951057a43bfcde56b5dbdd4940e	707dc3d96e72818f6741a91c06f58b25
.pdata	0x112000	0xe4c	4096	834d7a7d4160777addb7bbfa4eb5941fbebc31f5	7207be020e0b7ba2d72c05fda5cd2d5c
.gfids	0x113000	0x94	512	abea4113f9b478c04c57c2a1d03a271972c762f3	2f68f83abdd02cff1eb2214e91b9a309
.rsrc	0x114000	0x728	2048	0c55dd4c0998fed3b6019e177e9106fb279b7af0	cbc8a329d23b29cf1007bd2a03f54f84
.reloc	0x115000	0x61c	2048	4eb889fd1bf8e1df6592986ca1bc07fee4cc7300	a409acf9bb3ff0b703a28054a403c662

PE Resources 3

Name	Language	Sublanguage	Offset	Size	Data
RT_STRING	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x114320	646	PE Resource: RT_STRING - Data %d 641! Moscow Detached.Harderflint Popular Listened? mental CompelledAlec compare Echo+ dip- %d Tales) Proceedingsickly_arrested_ Beehive burn Fuel9%d identical_ Cost? Puddle Despair Servant@ %d$ machineryknocked 439, Careers 599. Madame 419 492 515@213, Newspapers climate@ Spur%d %s\ 207$ 871( blond acorn
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x1145a8	381	PE Resource: RT_MANIFEST - Data <?xml version='1.0' encoding='UTF-8' standalone='yes'?> <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level='asInvoker' uiAccess='false' /> </requestedPrivileges> </security> </trustInfo> </assembly>
None	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x114120	196

Name

Language

Sublanguage

Offset

Size

Data

RT_STRING

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x114320

646

RT_MANIFEST

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x1145a8

381

None

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x114120

196

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

Bochs & QEmu CPUID Trick

Strings analysis - File found

Library
mscoree.dll
utpcxre663tc32.dll
KERNEL32.dll

Import functions

KERNEL32.dll 79

Function	Address	Souspicious	Anti Debug
EnterCriticalSection	0x180010000
LeaveCriticalSection	0x180010008
InitializeCriticalSection	0x180010010
CloseHandle	0x180010018
GetLastError	0x180010020
GetCurrentActCtx	0x180010028
HeapCreate	0x180010030
TryEnterCriticalSection	0x180010038
CreateThread	0x180010040
OpenThread	0x180010048
FindFirstFileA	0x180010050
FindNextFileA	0x180010058
FindClose	0x180010060
WaitForSingleObject	0x180010068
GetStdHandle	0x180010070
WaitForMultipleObjects	0x180010078
GetCurrentThread	0x180010080
CreateFileMappingA	0x180010088
VirtualAlloc	0x180010090
DuplicateHandle	0x180010098
QueryPerformanceCounter	0x1800100a0
GetCurrentProcessId	0x1800100a8
GetCurrentThreadId	0x1800100b0
GetSystemTimeAsFileTime	0x1800100b8
InitializeSListHead	0x1800100c0
RtlCaptureContext	0x1800100c8
RtlLookupFunctionEntry	0x1800100d0
RtlVirtualUnwind	0x1800100d8
IsDebuggerPresent	0x1800100e0
UnhandledExceptionFilter	0x1800100e8
SetUnhandledExceptionFilter	0x1800100f0
GetStartupInfoW	0x1800100f8
IsProcessorFeaturePresent	0x180010100
GetModuleHandleW	0x180010108
RtlUnwindEx	0x180010110
InterlockedFlushSList	0x180010118
SetLastError	0x180010120
DeleteCriticalSection	0x180010128
InitializeCriticalSectionAndSpinCount	0x180010130
TlsAlloc	0x180010138
TlsGetValue	0x180010140
TlsSetValue	0x180010148
TlsFree	0x180010150
FreeLibrary	0x180010158
GetProcAddress	0x180010160
LoadLibraryExW	0x180010168
GetCurrentProcess	0x180010170
ExitProcess	0x180010178
TerminateProcess	0x180010180
GetModuleHandleExW	0x180010188
GetModuleFileNameA	0x180010190
MultiByteToWideChar	0x180010198
WideCharToMultiByte	0x1800101a0
HeapFree	0x1800101a8
HeapAlloc	0x1800101b0
LCMapStringW	0x1800101b8
FindFirstFileExA	0x1800101c0
IsValidCodePage	0x1800101c8
GetACP	0x1800101d0
GetOEMCP	0x1800101d8
GetCPInfo	0x1800101e0
GetCommandLineA	0x1800101e8
GetCommandLineW	0x1800101f0
GetEnvironmentStringsW	0x1800101f8
FreeEnvironmentStringsW	0x180010200
GetProcessHeap	0x180010208
GetFileType	0x180010210
GetStringTypeW	0x180010218
HeapReAlloc	0x180010220
HeapSize	0x180010228
SetStdHandle	0x180010230
RaiseException	0x180010238
WriteFile	0x180010240
FlushFileBuffers	0x180010248
GetConsoleCP	0x180010250
GetConsoleMode	0x180010258
SetFilePointerEx	0x180010260
WriteConsoleW	0x180010268
CreateFileW	0x180010270

PE Exports 1 suspicious

Function	Address
DllRegisterServer	0x18000f244

Name	Latest seen	MD5
oyylqpp3ia.dll	2023-09-14 10:52:03	45f4c6ea59bc7a8c2d20098698104940
jyi6mm2w2g.dll	2023-09-14 10:54:03	7d2156efddf126dfb4c466da06f15e11
6sev8udq1h.dll	2023-09-14 10:55:02	3a96a42f6d6334a36d2ea26abb0a2c95
hk1c9y18em.dll	2023-09-14 10:57:03	a6ac1a8bb63362ed7515f2ca02fb52be

i9ien8gksg.dll

File details

File features detected

URLs, FQDN and IP indicators 1

PE Sections 1 suspicious

PE Resources 3

Anti debug functions 6

Anti debug functions 1

Strings analysis - File found

Import functions

PE Exports 1 suspicious

Related files by ImpHash 4 660e4ba65070c42e55f04efddf5f7d78