client64.dll

First submission 2022-08-04 11:18:03

File details

File type: PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
File type: 3872.5 KB (3965440 bytes)
Compile time: 2022-07-04 13:27:36
MD5: 5d5ffeea881157599bfb2c151ced9821
SHA1: 87878f89e58c8bf2c3d4dcccec5f20d181737cac
SHA256: da653c075ddd322d4cf1e285a47cb91ddb0b6de06dfbc252eec57ea9bb50cb48
Import Hash : 226f212fbd387a85e62b6b9643a59251
Sections 11 .text .data .rdata .pdata .xdata .bss .edata .idata .CRT .tls .reloc
Directories 4 import export tls relocation
Virus Total: 5/69 VT report date: 2022-08-04 07:12:23

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://193.149.176.134:8000/client64.dll VirusTotal Report 193.149.176.134 VirusTotal Report 2022-08-04 11:18:03

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1e4010 1982976 778ef8e6059319e0c4b40f1c6f357dd647c52422 947548942a663195b13092731cf81408
.data 0x1e6000 0x21660 137216 1d7fb5413ed1a9c7ed13a63742ddf94c68dc043e 8b9390b9041a0dde21d4eb6a2ac0fa14
.rdata 0x208000 0x1b9980 1808896 63366d543536dbe1b2c6a586af77e5df1b4a9dc2 25afa21565c45020dfc63ff6ff55914a
.pdata 0x3c2000 0x2ac 1024 2b18bbddf8cf87604552bdded492672f159cd932 bed30f5e9890e06e4f89ad786bef778b
.xdata 0x3c3000 0x204 1024 1f447138fa58c806f211f4fb82f2a8d0f12aafa4 7ff2e1b9c1787061d55f0ca8960f1329
.bss 0x3c4000 0x5fb04 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.edata 0x424000 0x67 512 31b63b47e6b52bcf4be3dea9688706c4a6431f8c 257bec42b85a1060c34a5d51f9f7e0df
.idata 0x425000 0xbec 3072 2cb1385b96278c37d87c8f414618ff1cd6950da6 27cdc39de2ca3349e12cbf461342970e
.CRT 0x426000 0x58 512 1c241433a6ecd379aea724aeb44eded9707a308a ff739faea8fd241d8314b75c6224cb4c
.tls 0x427000 0x10 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.reloc 0x428000 0x6ee0 28672 9a14cf3d0195988b487c2f1de4cb3a29318ea769 df43e982db54d064e6428a4e9dd0e4e9

Anti debug functions 3

GetLastError
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Log
math.Log
Library
_32.dll
MSVCRT.dll
L32.DLL
i32.dll
type..eq.syscall.DLL
client64.dll
KERNEL32.dll
rof.dll
*windows.DLL
*syscall.DLL
type..eq.golang.org/x/sys/windows.DLL

Strings analysis - Possible IPs found 27

1.4.13.1
1.1.2.1
1.4.6.1
1.1.3.1
1.4.7.1
1.4.1.1
72.5.4.82
1.2.2.1
1.4.4.1
1.2.3.1
1.2.5.1
1.4.11.1
1.4.10.1
5.4.112.5
1.2.1.1
1.2.7.1
1.4.3.1
1.4.12.1
5.4.52.5
1.1.1.1
1.2.9.1
2.5.4.102
1.4.9.1
1.4.14.1
1.4.8.1
1.4.14.2
4.62.5.4

Import functions

PE Exports 2 suspicious

Function Address
StartClient 0x68b23320
_cgo_dummy_export 0x68d63af0