DigitalSide Threat Intel

x86

First submission 2024-10-13 00:59:14

File details

File type: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=13036c1784f2698165c295b9f9f0b94e2cd8a0a4, for GNU/Linux 2.6.32, stripped
Mime type: application/x-executable
File size: 37094.45 KB (37984716 bytes)
MD5: a924cf6d7dc370a73f3645d8cab26521
SHA1: b5733254e240e758accd857eeb3e4268c933b779
SHA256: 77e05b52f51cfc8ec31f0dc2e544dc21b94250f35a5a353fd5e4e271e75bc45d

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 1/77 VT report date: 2024-08-20 07:51:41

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://194.87.232.36/x86 VirusTotal Report 194.87.232.36 VirusTotal Report 2024-10-13 00:59:14

Strings analysis - File found

Executable
lib%s.so
libv8-%d.%d.%d.%d%s%s.so
libv8-%d.%d.%d%s%s.so
Log
v8.log
f64.log
node_trace.${rotation}.log
Text
// https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Library
Error loading iphlpapi.dll

Strings analysis - Possible IPs found 7

8.1.2.4
8.1.2.5
15.1.3.4
11.1.0.1
194.87.232.36
8.1.5.1
127.0.0.1

Strings analysis - Possible URLs found 246

http://www.style=
https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
http://.jpg
https://tools.ietf.org/html/rfc7230#section-3.2.2
https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
https://github.com/nodejs/node/pull/38433#issuecomment-828426932
http://option
https://bugs.chromium.org/p/v8/issues/detail?id=10704
https://encoding.spec.whatwg.org/#textencoder
https://$
https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
https://heycam.github.io/webidl/#es-iterable
https://no-color.org/
https://github.com/tc39/proposal-weakrefs
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
http://cript
https://crbug.com/v8/8520
https://heycam.github.io/webidl/#es-operations
https://www.ecma-international.org/ecma-262/#sec-timeclip
https://github.com/acornjs/acorn/issues/575
https://tools.ietf.org/html/rfc7230#section-3.2.6
http://</a
http://code.google.com/p/closure-compiler/wiki/SourceMaps
https://github.com/nodejs/node/issues/10673
https://github.com/tc39/ecma262/issues/1209
http://ator
http://www</a
https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
https://gist.github.com/XVilka/8346728#gistcomment-2823421
https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
http://narwhaljs.org)
http://www.
http://.css
https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.js
http://www.w3.org/shortcut
https://was
http://px;
https://nodejs.org/download/release/v14.20.0/node-v14.20.0.tar.gz
https://console.spec.whatwg.org/#clear
https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
https://www.ecma-international.org/ecma-262/#sec-line-terminators
http://whether
http://addEventListenerresponsible
http://An
http://www.css
https://url.spec.whatwg.org/#concept-url
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
https://github.com/nodejs/node/pull/3394
https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
https://github.com/nodejs/node/issues\n
https://github.com/libuv/libuv/pull/1501.
http://www.icon
https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
https://github.com/nodejs/node/issues/3392
https://github.com/nodejs/node/issues/35475
http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html
https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
https://url.spec.whatwg.org/#concept-urlencoded-serializer
https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
http://<div
http://www.hortcut
https://stackoverflow.com/a/5501711/3561
https://tools.ietf.org/html/rfc6455#section-1.3
http://www.C//DTD
https://github.com/mafintosh/end-of-stream
https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
http://staticsuggested
https://github.com/nodejs/node/pull/13870#discussion_r124515293,
http://
https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
http://iparticipation
http://UA-Compatible
https://heycam.github.io/webidl/#es-iterable-entries
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
http://imEnglish
https://code.google.com/p/chromium/issues/detail?id=25916
file://
https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
https://url.spec.whatwg.org/#urlsearchparams
https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
http://applicationslink
https://github.com/nodejs/node/pull/30958
http://xt/css
https://github.com/mysticatea/abort-controller
https://url.spec.whatwg.org/#url
https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
http://www.unicode.org/copyright.html
https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
http://w
https://github.com/standard-things/esm/issues/821.
https://github.com/nodejs/node/pull/12342,
https://github.com/isaacs/color-support.
https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
http://www.interpretation
https://encoding.spec.whatwg.org
https://github.com/nodejs/node-v0.x-archive/issues/2876.
http://www.language=
http://);
https://mathiasbynens.be/notes/javascript-encoding
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equality_using
https://github.com/nodejs/node/pull/1771#issuecomment-119351671
https://url.spec.whatwg.org/#concept-urlencoded-parser
http://www./div
https://github.com/nodejs/node/pull/34010
http://www.wencodeURIComponent(
https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
file:///$
https://tools.ietf.org/html/rfc3986#section-3.2.2
https://<div
https://v8.dev/blog/v8-release-89
https://tools.ietf.org/html/rfc7540#section-8.1.2.5
https://www.iana.org/assignments/tls-extensiontype-values
https://github.com/nodejs/node/pull/12607
https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
https://www.ecma-international.org/ecma-262/#sec-promise.all
https://github.com/nodejs/node/issues/2006
https://url.spec.whatwg.org/#concept-url-origin
https://url.spec.whatwg.org/#cannot-have-a-username-password-port
http://familiar
http://mathematicsmargin-top:eventually
https://www.ecma-international.org/ecma-262/8.0/#sec-term
https://tc39.github.io/ecma262/#sec-object.prototype.tostring
https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
https://bugs.chromium.org/p/v8/issues/detail?id=10201
http://www.a
http://www.midnight-commander.org/browser/lib/tty/key.c
http://style=
https://gcc.gnu.org/bugsbasic_string::_S_construct
https://heycam.github.io/webidl/#dfn-class-string
http://a@b?@c
http://a@b@c/
https://esdiscuss.org/topic/isconstructor#content-11
https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
http://link
https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
https://github.com/nodejs/node/pull/35949#issuecomment-722496598
http://In
http://navigation
https://aIn
https://console.spec.whatwg.org/#count-map
https://encoding.spec.whatwg.org/#textdecoder
https://github.com/mafintosh/pump
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
https://heycam.github.io/webidl/#es-stringifier
https://heycam.github.io/webidl/#es-iterators
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
https://github.com/nodejs/node/pull/26334.
https://github.com/nodejs/node/pull/21313
https://github.com/nodejs/node/pull/30380#issuecomment-552948364
https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
https://github.com/nodejs/node/issues/39707
https://github.com/google/closure-compiler/wiki/Source-Maps
https://console.spec.whatwg.org/#table
http://i
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
http://www.example.com
https://tools.ietf.org/html/rfc3492#section-3.4
https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
https://console.spec.whatwg.org/#console-namespace
https://github.com/nodejs/node/issues/32020
https://www.recent
https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
https://github.com/nodejs/node/pull/38248
http://according
https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
http://www.<li
https://heycam.github.io/webidl/#dfn-default-iterator-object
https://heycam.github.io/webidl/#es-interfaces
https://github.com/nodejs/node/pull/33661
https://github.com/antirez/linenoise
https://goo.gl/t5IS6M).
https://url.spec.whatwg.org/#special-scheme
https://nodejs.org/download/release/v14.20.0/node-v14.20.0-headers.tar.gz
https://github.com/nodejs/node/issues/35981
https://github.com/nodejs/node/pull/34375
http://www.apache.org/licenses/LICENSE-2.0
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
https://github.com/nodejs/node/issues/13435
http://interpreted
http://html4/loose.dtd
https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
https://nodejs.org/\n
https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
http://www.text-decoration:underthe
https://en.wikipedia.org/wiki/ANSI_escape_code#graphics
https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
https://github.com/chalk/ansi-regex/blob/HEAD/index.js
https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
https://heycam.github.io/webidl/#dfn-iterator-prototype-object
http://s;text-align:centerfont-weight:
http://www.years
https://console.spec.whatwg.org/#countreset
https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
https://invisible-island.net/xterm/ctlseqs/ctlseqs.html
http://Descriptionrelatively
https://nodejs.org/api/fs.html
http://www.squid-cache.org/Doc/config/half_closed_clients/
http://<a
https://tc39.github.io/ecma262/#sec-%typedarray%.of
https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
http://interested
file:///
https://bugzilla.mozilla.org/show_bug.cgi?id=745678
https://bugs.chromium.org/p/v8/issues/detail?id=6593
https://heycam.github.io/webidl/#es-namespaces
https://github.com/nodejs/node/pull/34103#issuecomment-652002364
https://crbug.com/v8/7848
https://github.com/nodejs/node/issues/2119
https://sourcemaps.info/spec.html
https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
http://dictionaryperceptionrevolutionfoundationpx;height:successfulsupportersmillenniumhis
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
https://github.com/joyent/node/issues/3295.
https://linux.die.net/man/1/dircolors).
http://userguide.icu-project.org/strings/properties
http://site_name
https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
https://www.World
http://encoding=
https://heycam.github.io/webidl/#define-the-operations
https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
https://github.com/chalk/supports-color,
https://tools.ietf.org/html/rfc2397#section-2
http://www-//W3C//DTD
https://console.spec.whatwg.org/#count
https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
https://github.com/nodejs/node/issues/19009