DigitalSide Threat Intel

amd64.exe

First submission 2024-10-11 11:11:13

File details

File type: PE32+ executable (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 5780.53 KB (5919264 bytes)
Compile time: 1970-01-01 01:00:00
MD5: 35b5a66be6e3bcfbf109f19ceac7cbb1
SHA1: d7ec588d36eaa1b81b2c069c07105891a30dfd17
SHA256: 3a68cd7db885a8b3c3124386739fb31a6bf459bfa53cd0e63bf1e1bcf706496c
Import Hash : c2d457ad8ac36fc9f18d45bffcd450c2
Sections 8 .text .rdata .data .pdata .xdata .idata .reloc .symtab
Directories 2 import relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 28/77 VT report date: 2024-10-11 06:44:57
Malware Type 1 trojan
Threat Type 1 cerbu

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://122.51.105.218/amd64.exe VirusTotal Report 122.51.105.218 VirusTotal Report 2024-10-11 11:11:13

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x2571ce 2454016 bde5bac3c46e1ca3477d309cffb3b022561d7974 84e0277ed2adc1b0df0e7fabaae477a1
.rdata 0x259000 0x2fedb0 3141120 dd8315479141362b3e4b0c3f9a46a29914903dd5 157c927c2c61017a6ca697bf9be38f5d
.data 0x558000 0xc2f60 218624 d10b715b1f6b700f9bf70c8c5eba781baaaf6d1d 1cc79fee237f029fab4eaceb04cef250
.pdata 0x61b000 0xde90 57344 363002146676aa44f1226f4f66481ccd8c845094 d38647bf681ccb2f46df3a50b537ae79
.xdata 0x629000 0xb4 512 3505d4239ff23996b84c425b1e6c7189447fbecb 2e6d8fe37c7015f0e1f121bd6f0aa308
.idata 0x62a000 0x554 1536 70438fb64f65299e0310e4ce3f06ae45817bb55f 81bb5e2037f4792401bdb0a9be189338
.reloc 0x62b000 0xab1a 44032 b073393345767c399038347ecfc024f4b5361e6e b33bb7e47792197279199e6877bdf21d
.symtab 0x636000 0x4 512 943ae54f4818e52409fbbaf60ffd71318d966b0d 07b5472d347d42780469fb2654b7fc54

Strings analysis - File found

Library
WS2_32.dll
WINMM.dll
ntdll.dll
bcryptprimitives.dll
Powrprof.dll
KERNEL32.dll

Strings analysis - Possible IPs found 13

4.1.2.2
5.4.112.5
1.1.2.1
4.1.2.1
1.1.3.1
5.4.32.5
2.5.4.102
1.1.1.1
127.0.0.1
2.5.4.62
72.5.4.82
8.8.8.8
4.52.5.4

Strings analysis - Possible URLs found 1

http://chunkedCreatedIM

Import functions

Function Address Souspicious Anti Debug
WriteFile 0x958040
WriteConsoleW 0x958048
WerSetFlags 0x958050
WerGetFlags 0x958058
WaitForMultipleObjects 0x958060
WaitForSingleObject 0x958068
VirtualQuery 0x958070
VirtualFree 0x958078
VirtualAlloc 0x958080
TlsAlloc 0x958088
SwitchToThread 0x958090
SuspendThread 0x958098
SetWaitableTimer 0x9580a0
SetProcessPriorityBoost 0x9580a8
SetEvent 0x9580b0
SetErrorMode 0x9580b8
SetConsoleCtrlHandler 0x9580c0
RtlVirtualUnwind 0x9580c8
RtlLookupFunctionEntry 0x9580d0
ResumeThread 0x9580d8
RaiseFailFastException 0x9580e0
PostQueuedCompletionStatus 0x9580e8
LoadLibraryW 0x9580f0
LoadLibraryExW 0x9580f8
SetThreadContext 0x958100
GetThreadContext 0x958108
GetSystemInfo 0x958110
GetSystemDirectoryA 0x958118
GetStdHandle 0x958120
GetQueuedCompletionStatusEx 0x958128
GetProcessAffinityMask 0x958130
GetProcAddress 0x958138
GetErrorMode 0x958140
GetEnvironmentStringsW 0x958148
GetCurrentThreadId 0x958150
GetConsoleMode 0x958158
FreeEnvironmentStringsW 0x958160
ExitProcess 0x958168
DuplicateHandle 0x958170
CreateWaitableTimerExW 0x958178
CreateThread 0x958180
CreateIoCompletionPort 0x958188
CreateFileA 0x958190
CreateEventA 0x958198
CloseHandle 0x9581a0
AddVectoredExceptionHandler 0x9581a8
AddVectoredContinueHandler 0x9581b0

Related files by ImpHash 8 c2d457ad8ac36fc9f18d45bffcd450c2

Name Latest seen MD5
patch1.exe 2024-05-30 18:24:05 06dea1ccb91e00ff46123ea0fe9f7446
hello.exe 2024-06-08 15:54:03 44d806942d0bbc5f4302867243b66a18
sc.exe 2024-06-15 18:49:16 1c7ce77089b1bc88099485ff0c30a928
huor.exe 2024-07-10 15:41:16 5e808b04b297038cd01c378fb1beb6ee
Dtrade_v1.3.6.exe 2024-09-01 22:09:06 1f6c6f36d126cd027ded1915e321c693
Shelzy.exe 2024-08-27 07:15:02 ba890934a4b54976d58c9b92b652bc16
svcshost.exe 2024-08-27 07:16:03 45fb6e45804331506a8855a65ed14844
66d17d49c93d8_main.exe 2024-10-07 21:21:04 01a3155b62c88c17d864f9fd78745902