tdrp.exe

First submission 2024-10-12 08:02:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	86.0 KB (88064 bytes)
Compile time:	2024-10-09 19:40:49
MD5:	21b61b3680c5e66f9f7b1f3026327757
SHA1:	fad18744873c0f49daab677b53cea59f808c8097
SHA256:	8de13f64aab532c0bbd3d38cc821ba6fa67ccfadde9cffd14944cc9d85830f4a
Import Hash :	45a55f64fd35b86e579e491145bcda68
Sections 5	.text .rdata .data .rsrc .reloc
Directories 3	import resource relocation

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

Virus Total:	50/77 VT report date: 2024-10-11 16:47:25
Malware Type 3	trojan downloader banker
Threat Type 3	cliptoshuffler lazy phorpiex

URL	Host (FQDN/IP)	Date Added
hXXp://twizt.net/tdrp.exe	twizt.net	2024-10-12 08:02:02

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0xcc4	3584	44874ba5a21f5c66e2a7b3cee4e796d7c1cc5143	4ed1d5456c0f8cfd3cc420222d608790
.rdata	0x2000	0x730	2048	608ed925d7b945d4265739fd4ec7aa5d0a8b08f5	5da0b1b3ed58758731ad288dffb64cfa
.data	0x3000	0x138bc	79360	8e9924ac106fb24fea5bf593858fa87474bcdf19	b1cd435eb09ff7f76fc9df12b1c349f1
.rsrc	0x17000	0x2b0	1024	1a59e0807c8b3185645e70b7543bd6b70c5ae12f	2e93193bb597dc97157b7420079408b5
.reloc	0x18000	0x2b0	1024	4c5abfd996dd1fe905c62ba618ea79ce18d4035c	44e22485e85c9148fec63fce1e708d7e

Name	Language	Sublanguage	Offset	Size	Data
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x17058	598	PE Resource: RT_MANIFEST - Data <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel> </requestedPrivileges> </security> </trustInfo> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity> </dependentAssembly> </dependency> </assembly>

Name

Language

Sublanguage

Offset

Size

Data

RT_MANIFEST

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x17058

598

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

KERNEL32.dll 17 USER32.dll 1 MSVCR90.dll 30

Function	Address	Souspicious	Anti Debug
UnhandledExceptionFilter	0x402000
GetCurrentProcess	0x402004
TerminateProcess	0x402008
GetSystemTimeAsFileTime	0x40200c
GetCurrentProcessId	0x402010
GetCurrentThreadId	0x402014
QueryPerformanceCounter	0x402018
SetUnhandledExceptionFilter	0x40201c
GetStartupInfoA	0x402020
InterlockedCompareExchange	0x402024
InterlockedExchange	0x402028
Sleep	0x40202c
LoadLibraryA	0x402030
GetProcAddress	0x402034
GetTickCount	0x402038
FreeLibrary	0x40203c
IsDebuggerPresent	0x402040

Function	Address	Souspicious	Anti Debug
wsprintfW	0x4020c4

Function	Address	Souspicious	Anti Debug
_encode_pointer	0x402048
__set_app_type	0x40204c
?terminate@@YAXXZ	0x402050
_unlock	0x402054
__dllonexit	0x402058
__p__fmode	0x40205c
_onexit	0x402060
_decode_pointer	0x402064
_except_handler4_common	0x402068
_invoke_watson	0x40206c
_controlfp_s	0x402070
_crt_debugger_hook	0x402074
__p__commode	0x402078
_adjust_fdiv	0x40207c
__setusermatherr	0x402080
_configthreadlocale	0x402084
_initterm_e	0x402088
_initterm	0x40208c
_acmdln	0x402090
exit	0x402094
_ismbblead	0x402098
_XcptFilter	0x40209c
_exit	0x4020a0
_cexit	0x4020a4
__getmainargs	0x4020a8
_amsg_exit	0x4020ac
srand	0x4020b0
rand	0x4020b4
_lock	0x4020b8
mbstowcs	0x4020bc