tdrp.exe

First submission 2024-10-17 01:53:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	74.5 KB (76288 bytes)
Compile time:	2024-10-15 15:15:49
MD5:	ff2df00e788749ba0f2ca8c29a35030c
SHA1:	9638e9861cdd6a8b5e4aad28739ebd62ab12b6a1
SHA256:	8c8ef3881ab44057b4972c9112f73e334c664dace19295c5755f5a38ea6191d7
Import Hash :	4cb3381251b5ea793cf2758c80a4b865
Sections 5	.text .rdata .data .rsrc .reloc
Directories 3	import resource relocation

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

Virus Total:	52/77 VT report date: 2024-10-17 01:21:11
Malware Type 3	trojan downloader banker
Threat Type 3	lazy clipbanker cliptoshuffler

URL	Host (FQDN/IP)	Date Added
hXXp://185.215.113.66/tdrp.exe	185.215.113.66	2024-10-17 01:53:02

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0xce4	3584	93ef2e9ecbf13b0000d75bccda37e449629db927	8a2c1ebaafb304912d7dc21edfcd9608
.rdata	0x2000	0x74e	2048	0dc6c91faa9beea4b938423b2ef31b904ed17c85	18eed5a40e3e4bf4f1be28f1da84eb51
.data	0x3000	0x10aec	67584	67142a9c57547fb42aa97516d9eb89987ce3396f	1aff5ad547c4c730fc85ab2115a11e33
.rsrc	0x14000	0x2b0	1024	79c7f9e3039c23759c1a6aa09f908c96b0d62a2b	d3c0a200e37454c5b637d8ffc8bf7fdf
.reloc	0x15000	0x2a8	1024	1745f1d34cb99f25f2237910190561e109a7c511	8d1b8a83be87cee29c8ad42631b1ef94

Name	Language	Sublanguage	Offset	Size	Data
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x14058	598	PE Resource: RT_MANIFEST - Data <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel> </requestedPrivileges> </security> </trustInfo> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity> </dependentAssembly> </dependency> </assembly>

Name

Language

Sublanguage

Offset

Size

Data

RT_MANIFEST

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x14058

598

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

KERNEL32.dll 17 USER32.dll 1 MSVCR90.dll 31

Function	Address	Souspicious	Anti Debug
UnhandledExceptionFilter	0x402000
GetCurrentProcess	0x402004
TerminateProcess	0x402008
GetSystemTimeAsFileTime	0x40200c
GetCurrentProcessId	0x402010
GetCurrentThreadId	0x402014
QueryPerformanceCounter	0x402018
SetUnhandledExceptionFilter	0x40201c
GetStartupInfoA	0x402020
InterlockedCompareExchange	0x402024
InterlockedExchange	0x402028
Sleep	0x40202c
LoadLibraryA	0x402030
GetProcAddress	0x402034
GetTickCount	0x402038
FreeLibrary	0x40203c
IsDebuggerPresent	0x402040

Function	Address	Souspicious	Anti Debug
wsprintfW	0x4020c8

Function	Address	Souspicious	Anti Debug
__p__fmode	0x402048
_encode_pointer	0x40204c
__set_app_type	0x402050
?terminate@@YAXXZ	0x402054
_unlock	0x402058
__p__commode	0x40205c
_lock	0x402060
_onexit	0x402064
_decode_pointer	0x402068
_except_handler4_common	0x40206c
_invoke_watson	0x402070
_controlfp_s	0x402074
_crt_debugger_hook	0x402078
_adjust_fdiv	0x40207c
__setusermatherr	0x402080
_configthreadlocale	0x402084
_initterm_e	0x402088
_initterm	0x40208c
_acmdln	0x402090
exit	0x402094
_ismbblead	0x402098
_XcptFilter	0x40209c
_exit	0x4020a0
_cexit	0x4020a4
__getmainargs	0x4020a8
_amsg_exit	0x4020ac
srand	0x4020b0
rand	0x4020b4
mbstowcs	0x4020b8
__dllonexit	0x4020bc
strlen	0x4020c0