DeafSold.exe

First submission 2024-02-10 23:22:03 Last sumbission 2024-02-11 07:19:03

File details

File type: PE32 executable (console) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 871.84 KB (892764 bytes)
Compile time: 2016-02-10 21:17:02
MD5: 0db03266df49859c1f9c0ff26a5b8523
SHA1: bf3ea599d7c63f88d767f985599a81285a95cf5e
SHA256: 487aa8d7d2c3f85140a7dc9c8704329c6e42a296e6a89ec66a7e0de58d309ded
Import Hash : 2e838409987529c95afc2990bcd62f7c
Sections 4 .text .rdata .data .rsrc
Directories 3 import resource security
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://katanovna771.com/DeafSold.exe VirusTotal Report katanovna771.com VirusTotal Report 2024-02-11 07:19:04
hXXps://www.katanovna771.com/DeafSold.exe VirusTotal Report www.katanovna771.com VirusTotal Report 2024-02-10 23:22:03

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x22960 141824 3f9d04fbf78fd98bcfcdd9177812dc5997fd7d18 8297309ab03e594fc43a4c98bf9953a4
.rdata 0x24000 0x660c 26624 8b27a6e5f897171b4fb1c4887f9a2f5135913c56 cc1596f9f21a9ad1b3225540cad15f99
.data 0x2b000 0x65c4 5120 a804a104011ded5ec943109d224a8dfc17bcbff6 98e9f4ee598d32357ecefd6b7538c0cd
.rsrc 0x32000 0x441d 17920 5c6cace9656f59700107f933cea30017109bae0a cfd81aa709a2571251fbfa113d8a18d0

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x35920 1128
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x35d88 48
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x35db8 860
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0x36114 777

Meta infos 8

LegalCopyright: Copyright \xa9 HoloDesign Dynamics 2023 All rights reserved.
SquirrelAwareVersion: 1
FileVersion: 0.16.0.082783
FileDescription: Immersive holographic design software for 3D modeling and visualization.
ProductVersion: 0.16.0.082783
CompanyName: HoloDesign Dynamics
Translation: 0x0000 0x04b0
ProductName: HoloCraft

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

Bochs & QEmu CPUID Trick

File signature

MD5 SHA1 Block size Virtual Address
6224f11abeed98076ea0b8600dc1938d bd037cbc068894986d90fdc69257f5993570cda4 19624 873140

Strings analysis - File found

Linker File
4.lnk
Library
WUSER32.DLL
nKERNEL32.DLL
mscoree.dll
ekernel32.dll
ADVAPI32.dll
OLEAUT32.dll
SHELL32.dll
COMCTL32.dll
ole32.dll
USER32.dll
GDI32.dll
KERNEL32.dll

Strings analysis - Possible URLs found 23

http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0@
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
https://www.datanumen.com/powerpoint-recovery/0
http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
http://crl3.digicert.com/EVCodeSigning-g1.crl03
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://cacerts.digicert.com/DigiCertEVCodeSigningCA.crt0
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://ocsp.digicert.com0C
http://ocsp.digicert.com0A
http://crl4.digicert.com/EVCodeSigning-g1.crl0K
http://ocsp.digicert.com0I
http://ocsp.digicert.com0H
http://ocsp.digicert.com0X
http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
https://www.digicert.com/CPS0
http://www.digicert.com/ssl-cps-repository.htm0

Import functions

Name Latest seen MD5
Myguest.exe 2024-02-09 19:21:01 d6fc4895775aafffbd52cb8e9e731824
FloydRouters.exe 2024-02-10 08:21:02 399445b6d3206ed89cba61889fc0ea28