Dtrade_v1.3.6.exe
First submission 2024-08-26 20:02:03
Last sumbission 2024-09-01 22:09:06
File details
File type: | PE32+ executable (GUI) x86-64, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 16769.48 KB (17171948 bytes) |
Compile time: | 1970-01-01 01:00:00 |
MD5: | 1f6c6f36d126cd027ded1915e321c693 |
SHA1: | 41645700d79852f1d2bac3ca637e8b07245574de |
SHA256: | cc3557f4fdaad9aa47bf46dce4f0a8e0a45d7e81084962a54b67b4f55f8bf64c |
Import Hash : | c2d457ad8ac36fc9f18d45bffcd450c2 |
Sections 16 | .text .rdata .data .pdata .xdata /4 /19 /32 /46 /65 /78 /90 .idata .reloc .symtab .rsrc |
Directories 3 | import resource relocation |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 12/79 VT report date: 2024-08-24 15:47:00 |
Malware Type 1 | trojan |
URLs, FQDN and IP indicators 1
PE Sections 5 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x45dbae | 4578304 | 4959ff863091ab0fad64b8231fb8db57dbb0ba5a | da8dd23b98f36bdb67f63ab44e79413b | |
.rdata | 0x45f000 | 0x831e90 | 8593408 | b942232b86784e66eff1e9b4212a77b445706b00 | 3448e6b8ac0da2bcc1de623d7fcdb928 | |
.data | 0xc91000 | 0xe5710 | 326144 | 8ca28451a094d1a41b64648191bf490ba6bb6e36 | 027968f17871b2c329c6f0629ee69aa7 | |
.pdata | 0xd77000 | 0x13854 | 80384 | 08b849f4516c701f0705ce1dcd2b27d8e58ee78a | ab6066eb749f36120867b292756ab8cc | |
.xdata | 0xd8b000 | 0xb4 | 512 | 97d2eb64fe66c277f669bccedafa77624c5578b4 | e5d2a6155a92aa710641cfb0e80b3a8d | |
/4 | 0xd8c000 | 0x129 | 512 | 65d9dc4d3d6c051bd184fe655ee41925f867957c | 17f62672c8506464ae13eccc2eb6cb94 | |
/19 | 0xd8d000 | 0x9a59e | 632320 | 468e427b8d7ea10f83490c1d48d3a278071d39ee | 052f8fcfc54962da13682f7aa02152e9 | |
/32 | 0xe28000 | 0x1f1fd | 127488 | 07a3539709fc0247c8cf740e9e65900a0cd11e37 | e60765e20d98c27a48e4f496820a7cab | |
/46 | 0xe48000 | 0x62 | 512 | 022947da877a6c73b7eebf874ed8ea6c6a5efdf6 | 3c09828e7fd05befad9d2b75a4abed57 | |
/65 | 0xe49000 | 0x11923e | 1152000 | 86694df97a41d914b8ddfdedd3bb3b7ce7ad1b1e | 06744f8240b03aa25f997f1398836101 | |
/78 | 0xf63000 | 0xbce75 | 774144 | b344f9dd514f7b2f46edf1595f17a9dfdd89cfdf | aa8009d756d71c512f33aeb247689955 | |
/90 | 0x1020000 | 0x3791a | 227840 | 6ad8b5af3d20b40a9efcfa55cb8c2fb7ef96afed | 1cffd1c7802afa31ec8e676526f6b468 | |
.idata | 0x1058000 | 0x554 | 1536 | 141eec217195a5cec4728a6dc79f43249f80c51f | 61c03fec1c80056a472a927dd673c682 | |
.reloc | 0x1059000 | 0x136d2 | 79872 | ca016e64a6c8a66b6a7cce5d4da088f8489a217b | 32451172184b5c936a021b69202ef111 | |
.symtab | 0x106d000 | 0x8d0f2 | 578048 | ea938d2e55865049c384c1cf4b69a3020d042097 | 1e3a53269d94c07848284fbb35ac50fd | |
.rsrc | 0x10fb000 | 0x2c84 | 11756 | c1ca3b3301f0539f4033af18431571bf7008b977 | 49903ea4678764b64074f1083551242b |
PE Resources 2
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_ICON | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x10fc6c4 | 5528 | |
RT_GROUP_ICON | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x10fdc70 | 20 |
Strings analysis - File found
Executable |
unicode.So |
Log |
github.com/aws/aws-sdk-go/aws.(*defaultLogger).Log |
math.Log |
github.com/aws/aws-sdk-go/aws.defaultLogger.Log |
Library |
WS2_32.dll |
WINMM.dll |
ntdll.dll |
bcryptprimitives.dll |
Powrprof.dll |
*syscall.DLL |
*windows.DLL |
type:.eq.syscall.DLL |
KERNEL32.dll |
type:.eq.golang.org/x/sys/windows.DLL |
Strings analysis - Possible IPs found 14
1.2.2.1 |
1.1.2.1 |
2.5.4.102 |
169.254.170.2 |
1.1.3.1 |
5.4.112.5 |
5.4.32.5 |
4.52.5.4 |
1.1.1.1 |
127.0.0.1 |
2.5.4.62 |
169.254.169.254 |
72.5.4.82 |
1.2.1.1 |
Strings analysis - Possible URLs found 7
http://www.w3.org/XML/1998/namespacexml: |
http://169.254.169.254/latestProcessProviderExecutionErrorfailed |
http:// |
http://169.254.170.2InvalidIdentityTokenRequestLimitExceededinvalid |
http://chunkedCreatedIM |
http://s3.amazonaws.com/doc/2006-03-01/ |
https://s3.ap-southeast-1.wasabisys.comcipher: |
Import functions
Name | Latest seen | MD5 |
---|---|---|
patch1.exe | 2024-05-30 18:24:05 | 06dea1ccb91e00ff46123ea0fe9f7446 |
hello.exe | 2024-06-08 15:54:03 | 44d806942d0bbc5f4302867243b66a18 |
sc.exe | 2024-06-15 18:49:16 | 1c7ce77089b1bc88099485ff0c30a928 |
huor.exe | 2024-07-10 15:41:16 | 5e808b04b297038cd01c378fb1beb6ee |
Shelzy.exe | 2024-08-27 07:15:02 | ba890934a4b54976d58c9b92b652bc16 |
svcshost.exe | 2024-08-27 07:16:03 | 45fb6e45804331506a8855a65ed14844 |
66d17d49c93d8_main.exe | 2024-08-30 10:29:02 | 01a3155b62c88c17d864f9fd78745902 |