b.dll

First submission 2022-08-03 10:14:02

File details

File type: PE32+ executable (DLL) (console) x86-64, for MS Windows
File type: 171.9 KB (176024 bytes)
Compile time: 2022-07-27 11:45:41
MD5: fdc1bdf5fd4fcacf23ecf24ee507e03e
SHA1: 02deffcc2b930d5c49a6d26e4e713f210248e1de
SHA256: e15f166220a800acfdf7a8df1c7a1bf441d4326347905a2e595ea988f0bd6c91
Sections 6 .text .rdata .data pht cdr .rsrc
Directories 3 export resource security
Virus Total: 30/69 VT report date: 2022-08-03 07:38:20

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://146.70.24.168/ln/b.dll VirusTotal Report 146.70.24.168 VirusTotal Report 2022-08-03 10:14:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x8c40 36352 450538760edfd41457f6bb34dcbd5ae67589ea33 0b9855e98bc64536d1073731057bbb43
.rdata 0xa000 0xd2 512 7354e6fa23200dd9b7c81e298c914ac4d6e2f232 66d436701b519b33b9c7a836dfcaccdc
.data 0xb000 0x13a 512 201fac14b255fa7359f6a48f460eeb292d1ee365 cb2c5fa719c227f8df3aac4458797ef8
pht 0xc000 0x836a 33792 bc817c4f1210f941018aed013043e6e2a3b0a7ae 12862d6540ed3cfa48dafaedeb2e4db8
cdr 0x15000 0x17d5f 97792 a3a97716758ebfed553c2183ccce5fa1c30f9d75 837c0a4cbd1db6f2ea49d607d6d9d41c
.rsrc 0x2d000 0x1e0 512 a79727ed322841468732d800aeb56d70888017fd 2d9583cf3eaec364bc8e0e0ad5dadf74

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x2d060 381

Packers detected 1

Microsoft Visual C++ vx.x DLL

File signature

MD5 SHA1 Block size Virtual Address
b8fd916055c782dda66f2037a53e57cb a957764c9ca7d05c21af80abea6ccf5ebee3a32e 5528 170496

Strings analysis - File found

Library
b0RzwJ.dll

Strings analysis - Possible URLs found 9

http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
http://ocsp.comodoca.com0
https://sectigo.com/CPS0
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
http://jqueryui.com
http://crl.comodoca.com/AAACertificateServices.crl04
http://ocsp.sectigo.com0
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#

PE Exports 8 suspicious

Function Address
DmKIaCKCN 0x180008608
GHKXQqGM 0x180008d59
GHcVDuaOKrW 0x180007e3b
PluginInit 0x180001000
QPlGiLIp 0x1800081ed
UBYbqDM 0x1800089b4
fwadUKqHGn 0x1800091dc
hlrhoiLW 0x180007a03