natgo.exe
First submission 2024-10-15 18:33:32
File details
| File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 4640.3 KB (4751670 bytes) |
| Compile time: | 2024-09-05 08:38:07 |
| MD5: | 82461678b37aa9f863694a501dd70e5d |
| SHA1: | 828691a6599f40c0975e4b5c502cf5a4e390f786 |
| SHA256: | eba74f2d0682e47bdf60ef2ba1542db074b2546600c6ac6a42713ef5aad70fde |
| Sections 4 | .text��� .rdata�� .data��� .rsrc��� |
| Directories 3 | import resource security |
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://dl.natgo.cn:888/natgo.exe  |
dl.natgo.cn |
2024-10-15 18:33:32 |
PE Sections 0 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x1000 | 0x18173a | 1581056 | d04589272360ee2a036353d10b1b0d842669e797 | c771b8b1bcd5e8fd62c9c86e4ee6f4ad | |
| .rdata�� | 0x183000 | 0x64f002 | 6619136 | 10546f78586f7355e4bc8203b8f98967f51f96fa | c341d6f1eb952dd32f683183e397a59e | |
| .data��� | 0x7d3000 | 0x65aca | 114688 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .rsrc��� | 0x839000 | 0x488ec | 299008 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e |
Packers detected 3
| Microsoft Visual C++ v6.0 |
| Microsoft Visual C++ 5.0 |
| Microsoft Visual C++ |
Anti debug functions 1
| VMCheck.dll |
File signature
| MD5 | SHA1 | Block size | Virtual Address |
|---|---|---|---|
| d41d8cd98f00b204e9800998ecf8427e | da39a3ee5e6b4b0d3255bfef95601890afd80709 | 11592 | 8617984 |
Strings analysis - File found
| Library |
| dbghelp.dll |
| VERSION.dll |
| COMCTL32.dll |
| GDI32.dll |
| ADVAPI32.dll |
| /HPSocket4C.dll |
| WININET.dll |
| SHLWAPI.dll |
| MPR.dll |
| USER32.dll |
| SHELL32.dll |
| OLEAUT32.dll |
| WS2_32.dll |
| ntdll.dll |
| HPSocket4C.dll |
| MSVCRT.dll |
| KernelBase.dll |
| ole32.dll |
| AVIFIL32.dll |
| KERNEL32.dll |
| MSVFW32.dll |
| d3d11.dll |
| d2d1.dll |
| WINMM.dll |
| IPHLPAPI.DLL |
| winbrand.dll |
| libeay32.dll |
| COMDLG32.dll |
| Crypt32.dll |
Strings analysis - Possible IPs found 3
| 192.168.0.129 |
| 255.255.255.255 |
| 127.0.0.1 |
Strings analysis - Possible URLs found 27
| http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 |
| http:// |
| http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
| http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
| http://ns.adobe.com/tiff/1.0/ |
| http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
| http://purl.org/dc/elements/1.1/ |
| http://ns.adobe.com/photoshop/1.0/ |
| http://ns.adobe.com/xap/1.0/mm/ |
| http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
| http://ns.adobe.com/exif/1.0/ |
| http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# |
| http://ocsp.digicert.com0C |
| https://sectigo.com/CPS0 |
| http://ocsp.digicert.com0A |
| http://dl.natgo.cn:888/natgo.exe |
| http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0# |
| http://www.w3.org/1999/02/22-rdf-syntax-ns# |
| http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0 |
| http://ocsp.sectigo.com00 |
| http://ns.adobe.com/xap/1.0/ |
| http://ocsp.digicert.com0X |
| http://ocsp.sectigo.com0 |
| http://ns.adobe.com/xap/1.0/sType/ResourceRef# |
| http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
| http://ns.adobe.com/xap/1.0/sType/ResourceEvent# |
| http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |