Suspicious
Suspect

00868131ffd1b53108c151381e0c9132

PE Executable
|
MD5: 00868131ffd1b53108c151381e0c9132
|
Size: 587.78 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
00868131ffd1b53108c151381e0c9132
Sha1
9d07098e8fa4b5bfdea5f7fcdb9e254a8f2c609d
Sha256
6bfefb0f3b8a878aec69c3d830824c3bf7d5181ffd6d6e88dc4a8d793370c233
Sha384
50bb4677ae52184886c9f02aaada92d48a8f94bf2b78edd5b647c86342af5a535fb7866541a0b4339605ef4c1f9653f1
Sha512
825d58ff8176fa649ca68de661692bcee41ef421f815b10edee7a4911c61f5d5d79770066d84abda3c0919ab3d67938c75900b4a4aceb9e8fe8ea892ceeececa
SSDeep
12288:x8tSMDi77M2JXRQsezehA7TNhfFydK1iCEUanUVbMqmlbwN/D:xQSpc2jQtz6A7RhfFydTCEUu3ThwN/
TLSH
40C4128977B9CB21F0E5C7B11972E23223752C29F125D316DEEA6ECB3145B518F28B12

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
00868131ffd1b53108c151381e0c9132
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ScientificCalculator.Forms.GraphPlotterForm.resources
Scientific_Calc.Properties.Resources.resources
GNpQ
[NBF]root.Data
[NBF]root.Data-preview.png
PIP
[NBF]root.Data
t1
[NBF]root.Data
[NBF]root.Data-preview.png
t2
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Module Name

rEtH.exe
Full Name

rEtH.exe
EntryPoint

System.Void ScientificCalculator.Program::Main()
Scope Name

rEtH.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

rEtH
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

380
Main Method

System.Void ScientificCalculator.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void ScientificCalculator.Forms.MainCalculatorForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

rEtH.exe
Full Name

rEtH.exe
EntryPoint

System.Void ScientificCalculator.Program::Main()
Scope Name

rEtH.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

rEtH
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

380
Main Method

System.Void ScientificCalculator.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void ScientificCalculator.Forms.MainCalculatorForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Artefacts
Name
 Value
PDB Path

rEtH.pdb
00868131ffd1b53108c151381e0c9132 (587.78 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙