DigitalSide Threat Intel

client64.exe

First submission 2022-08-04 11:17:03

File details

File type: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
File type: 3851.0 KB (3943424 bytes)
Compile time: 1970-01-01 01:00:00
MD5: 5d12d4f881b415a255d1a38fa1f4ad6b
SHA1: ada6a4d7fc8ba6602a634dda8e9d1d9579b8324f
SHA256: 87e3af6eb3bd9f6966c598106e3febb59a5a0d1fd94238aa465fb0c31729e3c3
Import Hash : 9cbefe68f395e67356e2a5d8d1b285c0
Sections 6 .text .rdata .data .idata .reloc .symtab
Directories 2 import relocation
Virus Total: 17/70 VT report date: 2022-08-04 06:03:23

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://193.149.176.134:8000/client64.exe VirusTotal Report 193.149.176.134 VirusTotal Report 2022-08-04 11:17:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1e0dcf 1969664 564fcfc5fa8a0a95ec1af8497afbfe39ec5b3c3f 87f560c4cab1777a15c07dc3944913ca
.rdata 0x1e2000 0x1b8ad0 1805312 8f86e2a7906b1fe0818cb9aa3b45250220d49e3f a99281e9f48b9d3c6fa7869e5a517aec
.data 0x39b000 0x806e0 136704 db4f3bcec52bd03768a31f4761482383d7e3553a 09afd241acdaf502e27e7231bf4923ef
.idata 0x41c000 0x47c 1536 98e080b52fdfc681a907d944de264b1b382ae840 4c0f4e745fa3272efa18983131c1c295
.reloc 0x41d000 0x6dde 28160 ea52f41b1e26e1fb19afbaed9f05c521f9e8ca91 8dfc38bb26435cfe4c8c61ccaa04e3e3
.symtab 0x424000 0x4 512 943ae54f4818e52409fbbaf60ffd71318d966b0d 07b5472d347d42780469fb2654b7fc54

Strings analysis - File found

Log
math.Log
Library
_32.dll
L32.DLL
i32.dll
type..eq.syscall.DLL
rof.dll
KERNEL32.dll
*windows.DLL
*syscall.DLL
type..eq.golang.org/x/sys/windows.DLL

Strings analysis - Possible IPs found 27

1.4.13.1
1.1.2.1
1.4.6.1
1.1.3.1
1.4.7.1
1.4.1.1
72.5.4.82
1.2.2.1
1.4.4.1
1.2.3.1
1.2.5.1
1.4.11.1
1.4.10.1
5.4.112.5
1.2.1.1
1.2.7.1
1.4.3.1
1.4.12.1
5.4.52.5
1.1.1.1
1.2.9.1
2.5.4.102
1.4.9.1
1.4.14.1
1.4.8.1
1.4.14.2
4.62.5.4

Import functions

Function Address Souspicious Anti Debug
WriteFile 0x79b040
WriteConsoleW 0x79b048
WaitForMultipleObjects 0x79b050
WaitForSingleObject 0x79b058
VirtualQuery 0x79b060
VirtualFree 0x79b068
VirtualAlloc 0x79b070
SwitchToThread 0x79b078
SuspendThread 0x79b080
SetWaitableTimer 0x79b088
SetUnhandledExceptionFilter 0x79b090
SetProcessPriorityBoost 0x79b098
SetEvent 0x79b0a0
SetErrorMode 0x79b0a8
SetConsoleCtrlHandler 0x79b0b0
ResumeThread 0x79b0b8
PostQueuedCompletionStatus 0x79b0c0
LoadLibraryA 0x79b0c8
LoadLibraryW 0x79b0d0
SetThreadContext 0x79b0d8
GetThreadContext 0x79b0e0
GetSystemInfo 0x79b0e8
GetSystemDirectoryA 0x79b0f0
GetStdHandle 0x79b0f8
GetQueuedCompletionStatusEx 0x79b100
GetProcessAffinityMask 0x79b108
GetProcAddress 0x79b110
GetEnvironmentStringsW 0x79b118
GetConsoleMode 0x79b120
FreeEnvironmentStringsW 0x79b128
ExitProcess 0x79b130
DuplicateHandle 0x79b138
CreateWaitableTimerExW 0x79b140
CreateThread 0x79b148
CreateIoCompletionPort 0x79b150
CreateFileA 0x79b158
CreateEventA 0x79b160
CloseHandle 0x79b168
AddVectoredExceptionHandler 0x79b170

Related files by ImpHash 1 9cbefe68f395e67356e2a5d8d1b285c0

Name Latest seen MD5
client64svc.exe 2022-08-04 11:16:04 d1794f597f73f2586b5a55dd7ffc0838