Suspicious
Suspect

008970e24250fd3992ce9dd2ecfe7f5a

PE Executable
|
MD5: 008970e24250fd3992ce9dd2ecfe7f5a
|
Size: 887.3 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
008970e24250fd3992ce9dd2ecfe7f5a
Sha1
c774cd3b66f3c0905c890ef04b5bcf2221d12b9c
Sha256
03738c27c94377feef5f7ef65a9bc09c7ce125af80ab97132a7c6fd257929154
Sha384
1a6460206e2fab91f01ac61d532178a022bf17a3598d8598db0a64b68d8a0c1d1e438f13fe477709cbb74fa9306f6334
Sha512
c94f302011ca6b1c566d9152ec6461b86bb25338a17c55b23c2d21439a176a0f19a7ff1f2bf84307e8872e79c20388c0a510b6b63a3fdc1cb57d9e8ee11fb40a
SSDeep
24576:wUxWxeVzdyMxJVEVjiY8/cwrTd3XmrcUJX2ddKh93r1:7xWxSdyMxJx0kd32p+dS
TLSH
3C150258B6648817CEB88AF10971F6310BB46EEE7911C3DA8ED86CDB78D9F081E04D57

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
008970e24250fd3992ce9dd2ecfe7f5a
[Authenticode]_a32ace3a.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0001
ID:0
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
Pansiyon_kayıt1.FrmAdminGiris.resources
$this.Icon
[NBF]root.IconData
Pansiyon_kayıt1.FrmAnaForm.resources
evet
[NBF]root.Data
timer1.TrayLocation
Pansiyon_kayıt1.FrmGazeteler.resources
Pansiyon_kayıt1.FrmMüzik.resources
axWindowsMediaPlayer1.OcxState
Pansiyon_kayıt1.Properties.Resources.resources
YhVDAe
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0xD5400 size 13832 bytes
Info

PDB Path: C:\Users\Administrator\Desktop\Client\Temp\kDXfwIzSHY\src\obj\Debug\nzimtu.pdb
Module Name

nzimtu.exe
Full Name

nzimtu.exe
EntryPoint

System.Void Pansiyon_kayıt1.Program::Main()
Scope Name

nzimtu.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

nzimtu
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

678
Main Method

System.Void Pansiyon_kayıt1.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void Pansiyon_kayıt1.FrmAnaForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

nzimtu.exe
Full Name

nzimtu.exe
EntryPoint

System.Void Pansiyon_kayıt1.Program::Main()
Scope Name

nzimtu.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

nzimtu
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

678
Main Method

System.Void Pansiyon_kayıt1.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void Pansiyon_kayıt1.FrmAnaForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
008970e24250fd3992ce9dd2ecfe7f5a (887.3 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙