FloydRouters.exe

First submission 2024-02-10 08:21:02

File details

File type: PE32 executable (console) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 6049.14 KB (6194321 bytes)
Compile time: 2018-02-09 15:02:36
MD5: 399445b6d3206ed89cba61889fc0ea28
SHA1: f9ca1d168a7cceda30f645f4aa819ba86b06dc56
SHA256: 78dc54014ef568d2ccc8bab5f167efb51043e69d7d4d3842cced2e07b4fc20ad
Import Hash : 2e838409987529c95afc2990bcd62f7c
Sections 5 .text .rdata .data .rsrc .reloc
Directories 4 import resource relocation security
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://transfer.sh/get/OoWXVtnLtb/FloydRouters.exe VirusTotal Report transfer.sh VirusTotal Report 2024-02-10 08:21:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x22980 141824 5bd92e92eacc7a4aa131f663eeaa1f8278e9566a db86d6e99e6c41a098240e72ab201a44
.rdata 0x24000 0x660c 26624 03a08ae34af82aacd7fc2b7f5ef1071eb06e32d5 73eb60e98e561a32694e53f9bf7a70d1
.data 0x2b000 0x65c4 5120 e8ae143e63ae07780edf01b866db0db3799d006d 17f520eca033280bfe4d5dc9570bf157
.rsrc 0x32000 0x4e09 20480 21a5a6b76a14c06f89d9fb551caff4636d86cd23 beb328ce2f049a9da8d333d3510478bb
.reloc 0x37000 0x284a 10752 b209c8b90024a860a072d25487c0d2459eda1670 5dd89c6a4325d6a94d12063db010fa48

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x362e0 1128
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x36748 62
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x36788 888
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0x36b00 777

Meta infos 8

LegalCopyright: Copyright \xa9 MaritimeTech Dynamics 2015 All rights reserved.
SquirrelAwareVersion: 1
FileVersion: 3.4150.8.5142
FileDescription: Provides a secure and efficient harbor management system for maritime operations.
ProductVersion: 3.4150.8.5142
CompanyName: MaritimeTech Dynamics
Translation: 0x0000 0x04b0
ProductName: TechHarbor

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

Bochs & QEmu CPUID Trick

File signature

MD5 SHA1 Block size Virtual Address
9eeed8698009616b56397977ffcad37b 1f056423d3a20dc76ac66d13365b03f3906420eb 13304 6181017

Strings analysis - File found

Linker File
4.lnk
Library
WUSER32.DLL
nKERNEL32.DLL
mscoree.dll
ekernel32.dll
ADVAPI32.dll
SHELL32.dll
KERNEL32.dll
COMCTL32.dll
OLEAUT32.dll
ole32.dll
USER32.dll
GDI32.dll

Strings analysis - Possible URLs found 17

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
http://ocsp.digicert.com0A
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
http://ocsp.digicert.com0I
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://ocsp.digicert.com0C
http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0K
http://ocsp.digicert.com0\
http://www.digicert.com/CPS0
http://ocsp.digicert.com0X

Import functions

Name Latest seen MD5
Myguest.exe 2024-02-09 19:21:01 d6fc4895775aafffbd52cb8e9e731824
DeafSold.exe 2024-02-11 07:19:03 0db03266df49859c1f9c0ff26a5b8523