Myguest.exe

First submission 2024-02-09 19:21:01

File details

File type: PE32 executable (console) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 1168.88 KB (1196934 bytes)
Compile time: 2015-02-05 21:33:38
MD5: d6fc4895775aafffbd52cb8e9e731824
SHA1: 9762ab2f2e6bc7a3d55bc5321667ca06cf16ce00
SHA256: a8c2d6bf4c101746a89855247e2472a8d4871b4bd75726d41948e802ebaf3e43
Import Hash : 2e838409987529c95afc2990bcd62f7c
Sections 5 .text .rdata .data .rsrc .reloc
Directories 4 import resource relocation security
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://digitalfscience.com/Myguest.exe VirusTotal Report digitalfscience.com VirusTotal Report 2024-02-09 19:21:01

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x22980 141824 5bd92e92eacc7a4aa131f663eeaa1f8278e9566a db86d6e99e6c41a098240e72ab201a44
.rdata 0x24000 0x660c 26624 03a08ae34af82aacd7fc2b7f5ef1071eb06e32d5 73eb60e98e561a32694e53f9bf7a70d1
.data 0x2b000 0x65c4 5120 e8ae143e63ae07780edf01b866db0db3799d006d 17f520eca033280bfe4d5dc9570bf157
.rsrc 0x32000 0x168d 6144 a5c5df726e816a140f1aae568acc68d94799d386 f0a3d9ec4e328b9ac3744dfa5643c54b
.reloc 0x34000 0x284a 10752 b209c8b90024a860a072d25487c0d2459eda1670 5dd89c6a4325d6a94d12063db010fa48

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x32b80 1128
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x32fe8 34
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x3300c 888
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0x33384 777

Meta infos 8

LegalCopyright: Copyright \xa9 Digital Harmony Technologies 2014 All rights reserved.
SquirrelAwareVersion: 1
FileVersion: 1.20.1.20088
FileDescription: Synchronizes data seamlessly across multiple devices and platforms.
ProductVersion: 1.20.1.20088
CompanyName: Digital Harmony Technologies
Translation: 0x0000 0x04b0
ProductName: SwiftSync

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

Bochs & QEmu CPUID Trick

File signature

MD5 SHA1 Block size Virtual Address
c1dbd692f4cb126ec39fef751b2be89d 6fe205beb116fbf895935bbed7a50b4a1562d01c 10832 1186102

Strings analysis - File found

Linker File
4.lnk
Library
WUSER32.DLL
nKERNEL32.DLL
mscoree.dll
ekernel32.dll
ADVAPI32.dll
OLEAUT32.dll
SHELL32.dll
COMCTL32.dll
ole32.dll
USER32.dll
GDI32.dll
KERNEL32.dll

Strings analysis - Possible URLs found 14

http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w
http://crl.certum.pl/ctsca2021.crl0o
http://crl.certum.pl/ctnca2.crl0l
http://cevcsca2021.ocsp-certum.com07
http://repository.certum.pl/cevcsca2021.cer0
http://repository.certum.pl/ctnca.cer09
https://www.certum.pl/CPS0
http://crl.certum.pl/ctnca.crl0k
http://subca.ocsp-certum.com05
http://repository.certum.pl/ctnca2.cer09
http://www.certum.pl/CPS0
http://subca.ocsp-certum.com01
http://repository.certum.pl/ctsca2021.cer0A
http://subca.ocsp-certum.com02

Import functions

Name Latest seen MD5
FloydRouters.exe 2024-02-10 08:21:02 399445b6d3206ed89cba61889fc0ea28
DeafSold.exe 2024-02-11 07:19:03 0db03266df49859c1f9c0ff26a5b8523