Dtrade_v1.3.6.exe

First submission 2024-08-26 20:02:03 Last sumbission 2024-09-01 22:09:06

File details

File type: PE32+ executable (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 16769.48 KB (17171948 bytes)
Compile time: 1970-01-01 01:00:00
MD5: 1f6c6f36d126cd027ded1915e321c693
SHA1: 41645700d79852f1d2bac3ca637e8b07245574de
SHA256: cc3557f4fdaad9aa47bf46dce4f0a8e0a45d7e81084962a54b67b4f55f8bf64c
Import Hash : c2d457ad8ac36fc9f18d45bffcd450c2
Sections 16 .text .rdata .data .pdata .xdata /4 /19 /32 /46 /65 /78 /90 .idata .reloc .symtab .rsrc
Directories 3 import resource relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 12/79 VT report date: 2024-08-24 15:47:00
Malware Type 1 trojan

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://www.newunioncredit.org/inc/Dtrade_v1.3.6.exe VirusTotal Report www.newunioncredit.org VirusTotal Report 2024-09-01 22:09:09

PE Sections 5 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x45dbae 4578304 4959ff863091ab0fad64b8231fb8db57dbb0ba5a da8dd23b98f36bdb67f63ab44e79413b
.rdata 0x45f000 0x831e90 8593408 b942232b86784e66eff1e9b4212a77b445706b00 3448e6b8ac0da2bcc1de623d7fcdb928
.data 0xc91000 0xe5710 326144 8ca28451a094d1a41b64648191bf490ba6bb6e36 027968f17871b2c329c6f0629ee69aa7
.pdata 0xd77000 0x13854 80384 08b849f4516c701f0705ce1dcd2b27d8e58ee78a ab6066eb749f36120867b292756ab8cc
.xdata 0xd8b000 0xb4 512 97d2eb64fe66c277f669bccedafa77624c5578b4 e5d2a6155a92aa710641cfb0e80b3a8d
/4 0xd8c000 0x129 512 65d9dc4d3d6c051bd184fe655ee41925f867957c 17f62672c8506464ae13eccc2eb6cb94
/19 0xd8d000 0x9a59e 632320 468e427b8d7ea10f83490c1d48d3a278071d39ee 052f8fcfc54962da13682f7aa02152e9
/32 0xe28000 0x1f1fd 127488 07a3539709fc0247c8cf740e9e65900a0cd11e37 e60765e20d98c27a48e4f496820a7cab
/46 0xe48000 0x62 512 022947da877a6c73b7eebf874ed8ea6c6a5efdf6 3c09828e7fd05befad9d2b75a4abed57
/65 0xe49000 0x11923e 1152000 86694df97a41d914b8ddfdedd3bb3b7ce7ad1b1e 06744f8240b03aa25f997f1398836101
/78 0xf63000 0xbce75 774144 b344f9dd514f7b2f46edf1595f17a9dfdd89cfdf aa8009d756d71c512f33aeb247689955
/90 0x1020000 0x3791a 227840 6ad8b5af3d20b40a9efcfa55cb8c2fb7ef96afed 1cffd1c7802afa31ec8e676526f6b468
.idata 0x1058000 0x554 1536 141eec217195a5cec4728a6dc79f43249f80c51f 61c03fec1c80056a472a927dd673c682
.reloc 0x1059000 0x136d2 79872 ca016e64a6c8a66b6a7cce5d4da088f8489a217b 32451172184b5c936a021b69202ef111
.symtab 0x106d000 0x8d0f2 578048 ea938d2e55865049c384c1cf4b69a3020d042097 1e3a53269d94c07848284fbb35ac50fd
.rsrc 0x10fb000 0x2c84 11756 c1ca3b3301f0539f4033af18431571bf7008b977 49903ea4678764b64074f1083551242b

PE Resources 2

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x10fc6c4 5528
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x10fdc70 20

Strings analysis - File found

Executable
unicode.So
Log
github.com/aws/aws-sdk-go/aws.(*defaultLogger).Log
math.Log
github.com/aws/aws-sdk-go/aws.defaultLogger.Log
Library
WS2_32.dll
WINMM.dll
ntdll.dll
bcryptprimitives.dll
Powrprof.dll
*syscall.DLL
*windows.DLL
type:.eq.syscall.DLL
KERNEL32.dll
type:.eq.golang.org/x/sys/windows.DLL

Strings analysis - Possible IPs found 14

1.2.2.1
1.1.2.1
2.5.4.102
169.254.170.2
1.1.3.1
5.4.112.5
5.4.32.5
4.52.5.4
1.1.1.1
127.0.0.1
2.5.4.62
169.254.169.254
72.5.4.82
1.2.1.1

Strings analysis - Possible URLs found 7

http://www.w3.org/XML/1998/namespacexml:
http://169.254.169.254/latestProcessProviderExecutionErrorfailed
http://
http://169.254.170.2InvalidIdentityTokenRequestLimitExceededinvalid
http://chunkedCreatedIM
http://s3.amazonaws.com/doc/2006-03-01/
https://s3.ap-southeast-1.wasabisys.comcipher:

Import functions

Name Latest seen MD5
patch1.exe 2024-05-30 18:24:05 06dea1ccb91e00ff46123ea0fe9f7446
hello.exe 2024-06-08 15:54:03 44d806942d0bbc5f4302867243b66a18
sc.exe 2024-06-15 18:49:16 1c7ce77089b1bc88099485ff0c30a928
huor.exe 2024-07-10 15:41:16 5e808b04b297038cd01c378fb1beb6ee
Shelzy.exe 2024-08-27 07:15:02 ba890934a4b54976d58c9b92b652bc16
svcshost.exe 2024-08-27 07:16:03 45fb6e45804331506a8855a65ed14844
66d17d49c93d8_main.exe 2024-08-30 10:29:02 01a3155b62c88c17d864f9fd78745902