client64svc.exe

First submission 2022-08-04 11:16:04

File details

File type: PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
File type: 3891.0 KB (3984384 bytes)
Compile time: 1970-01-01 01:00:00
MD5: d1794f597f73f2586b5a55dd7ffc0838
SHA1: c99dcdad2edc32f5f5ac6cf5be9f2c82ab861ed2
SHA256: 709e93ce10a89fb1195616827db305ecd3d3e7bb986e54167917c864bddaa6b5
Import Hash : 9cbefe68f395e67356e2a5d8d1b285c0
Sections 6 .text .rdata .data .idata .reloc .symtab
Directories 2 import relocation
Virus Total: 15/70 VT report date: 2022-08-04 06:42:08

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://193.149.176.134:8000/client64svc.exe VirusTotal Report 193.149.176.134 VirusTotal Report 2022-08-04 11:16:04

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1e4754 1984512 b21c2576c3be03603fbd9daa3d51783ea44ec196 02f726f5df2c7438926e6c2d5ca719e0
.rdata 0x1e6000 0x1beb40 1829888 18c0a00986ba813c96f28abef1f314440f967897 73d1249bfefc6aaa553c1027eddde678
.data 0x3a5000 0x80a60 137216 d670fe099b9cead4cf6333c70bd05b0e99720dda eb9f9140eab2e389af13165b323f6f11
.idata 0x426000 0x47c 1536 0554051d494eb4470204f0d5370a4233c48bca07 a72d468d37d29beb5a9b765072e56854
.reloc 0x427000 0x7078 29184 b403cf7774acc1c64eaf7ba979df59f4f72ce978 0e04875682f1a8d677e645d575c60eef
.symtab 0x42f000 0x4 512 943ae54f4818e52409fbbaf60ffd71318d966b0d 07b5472d347d42780469fb2654b7fc54

Strings analysis - File found

Log
math.Log
Library
_32.dll
L32.DLL
i32.dll
type..eq.syscall.DLL
KERNEL32.dll
rof.dll
*windows.DLL
*syscall.DLL
type..eq.golang.org/x/sys/windows.DLL

Strings analysis - Possible IPs found 27

1.4.13.1
1.1.2.1
1.4.6.1
1.1.3.1
1.4.7.1
1.4.1.1
72.5.4.82
1.2.2.1
1.4.4.1
1.2.3.1
1.2.5.1
1.4.11.1
1.4.10.1
5.4.112.5
1.2.1.1
1.2.7.1
1.4.3.1
1.4.12.1
5.4.52.5
1.1.1.1
1.2.9.1
2.5.4.102
1.4.9.1
1.4.14.1
1.4.8.1
1.4.14.2
4.62.5.4

Import functions

Name Latest seen MD5
client64.exe 2022-08-04 11:17:03 5d12d4f881b415a255d1a38fa1f4ad6b