DigitalSide Threat Intel

client64svc.exe

First submission 2022-08-04 11:16:04

File details

File type: PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
File type: 3891.0 KB (3984384 bytes)
Compile time: 1970-01-01 01:00:00
MD5: d1794f597f73f2586b5a55dd7ffc0838
SHA1: c99dcdad2edc32f5f5ac6cf5be9f2c82ab861ed2
SHA256: 709e93ce10a89fb1195616827db305ecd3d3e7bb986e54167917c864bddaa6b5
Import Hash : 9cbefe68f395e67356e2a5d8d1b285c0
Sections 6 .text .rdata .data .idata .reloc .symtab
Directories 2 import relocation
Virus Total: 15/70 VT report date: 2022-08-04 06:42:08

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://193.149.176.134:8000/client64svc.exe VirusTotal Report 193.149.176.134 VirusTotal Report 2022-08-04 11:16:04

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1e4754 1984512 b21c2576c3be03603fbd9daa3d51783ea44ec196 02f726f5df2c7438926e6c2d5ca719e0
.rdata 0x1e6000 0x1beb40 1829888 18c0a00986ba813c96f28abef1f314440f967897 73d1249bfefc6aaa553c1027eddde678
.data 0x3a5000 0x80a60 137216 d670fe099b9cead4cf6333c70bd05b0e99720dda eb9f9140eab2e389af13165b323f6f11
.idata 0x426000 0x47c 1536 0554051d494eb4470204f0d5370a4233c48bca07 a72d468d37d29beb5a9b765072e56854
.reloc 0x427000 0x7078 29184 b403cf7774acc1c64eaf7ba979df59f4f72ce978 0e04875682f1a8d677e645d575c60eef
.symtab 0x42f000 0x4 512 943ae54f4818e52409fbbaf60ffd71318d966b0d 07b5472d347d42780469fb2654b7fc54

Strings analysis - File found

Log
math.Log
Library
_32.dll
L32.DLL
i32.dll
type..eq.syscall.DLL
KERNEL32.dll
rof.dll
*windows.DLL
*syscall.DLL
type..eq.golang.org/x/sys/windows.DLL

Strings analysis - Possible IPs found 27

1.4.13.1
1.1.2.1
1.4.6.1
1.1.3.1
1.4.7.1
1.4.1.1
72.5.4.82
1.2.2.1
1.4.4.1
1.2.3.1
1.2.5.1
1.4.11.1
1.4.10.1
5.4.112.5
1.2.1.1
1.2.7.1
1.4.3.1
1.4.12.1
5.4.52.5
1.1.1.1
1.2.9.1
2.5.4.102
1.4.9.1
1.4.14.1
1.4.8.1
1.4.14.2
4.62.5.4

Import functions

Function Address Souspicious Anti Debug
WriteFile 0x7a5040
WriteConsoleW 0x7a5048
WaitForMultipleObjects 0x7a5050
WaitForSingleObject 0x7a5058
VirtualQuery 0x7a5060
VirtualFree 0x7a5068
VirtualAlloc 0x7a5070
SwitchToThread 0x7a5078
SuspendThread 0x7a5080
SetWaitableTimer 0x7a5088
SetUnhandledExceptionFilter 0x7a5090
SetProcessPriorityBoost 0x7a5098
SetEvent 0x7a50a0
SetErrorMode 0x7a50a8
SetConsoleCtrlHandler 0x7a50b0
ResumeThread 0x7a50b8
PostQueuedCompletionStatus 0x7a50c0
LoadLibraryA 0x7a50c8
LoadLibraryW 0x7a50d0
SetThreadContext 0x7a50d8
GetThreadContext 0x7a50e0
GetSystemInfo 0x7a50e8
GetSystemDirectoryA 0x7a50f0
GetStdHandle 0x7a50f8
GetQueuedCompletionStatusEx 0x7a5100
GetProcessAffinityMask 0x7a5108
GetProcAddress 0x7a5110
GetEnvironmentStringsW 0x7a5118
GetConsoleMode 0x7a5120
FreeEnvironmentStringsW 0x7a5128
ExitProcess 0x7a5130
DuplicateHandle 0x7a5138
CreateWaitableTimerExW 0x7a5140
CreateThread 0x7a5148
CreateIoCompletionPort 0x7a5150
CreateFileA 0x7a5158
CreateEventA 0x7a5160
CloseHandle 0x7a5168
AddVectoredExceptionHandler 0x7a5170

Related files by ImpHash 1 9cbefe68f395e67356e2a5d8d1b285c0

Name Latest seen MD5
client64.exe 2022-08-04 11:17:03 5d12d4f881b415a255d1a38fa1f4ad6b