client64.exe

First submission 2022-08-04 11:17:03

File details

File type: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
File type: 3851.0 KB (3943424 bytes)
Compile time: 1970-01-01 01:00:00
MD5: 5d12d4f881b415a255d1a38fa1f4ad6b
SHA1: ada6a4d7fc8ba6602a634dda8e9d1d9579b8324f
SHA256: 87e3af6eb3bd9f6966c598106e3febb59a5a0d1fd94238aa465fb0c31729e3c3
Import Hash : 9cbefe68f395e67356e2a5d8d1b285c0
Sections 6 .text .rdata .data .idata .reloc .symtab
Directories 2 import relocation
Virus Total: 17/70 VT report date: 2022-08-04 06:03:23

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://193.149.176.134:8000/client64.exe VirusTotal Report 193.149.176.134 VirusTotal Report 2022-08-04 11:17:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1e0dcf 1969664 564fcfc5fa8a0a95ec1af8497afbfe39ec5b3c3f 87f560c4cab1777a15c07dc3944913ca
.rdata 0x1e2000 0x1b8ad0 1805312 8f86e2a7906b1fe0818cb9aa3b45250220d49e3f a99281e9f48b9d3c6fa7869e5a517aec
.data 0x39b000 0x806e0 136704 db4f3bcec52bd03768a31f4761482383d7e3553a 09afd241acdaf502e27e7231bf4923ef
.idata 0x41c000 0x47c 1536 98e080b52fdfc681a907d944de264b1b382ae840 4c0f4e745fa3272efa18983131c1c295
.reloc 0x41d000 0x6dde 28160 ea52f41b1e26e1fb19afbaed9f05c521f9e8ca91 8dfc38bb26435cfe4c8c61ccaa04e3e3
.symtab 0x424000 0x4 512 943ae54f4818e52409fbbaf60ffd71318d966b0d 07b5472d347d42780469fb2654b7fc54

Strings analysis - File found

Log
math.Log
Library
_32.dll
L32.DLL
i32.dll
type..eq.syscall.DLL
rof.dll
KERNEL32.dll
*windows.DLL
*syscall.DLL
type..eq.golang.org/x/sys/windows.DLL

Strings analysis - Possible IPs found 27

1.4.13.1
1.1.2.1
1.4.6.1
1.1.3.1
1.4.7.1
1.4.1.1
72.5.4.82
1.2.2.1
1.4.4.1
1.2.3.1
1.2.5.1
1.4.11.1
1.4.10.1
5.4.112.5
1.2.1.1
1.2.7.1
1.4.3.1
1.4.12.1
5.4.52.5
1.1.1.1
1.2.9.1
2.5.4.102
1.4.9.1
1.4.14.1
1.4.8.1
1.4.14.2
4.62.5.4

Import functions

Name Latest seen MD5
client64svc.exe 2022-08-04 11:16:04 d1794f597f73f2586b5a55dd7ffc0838