01f8ae76c4d99dc8c01b00d7beb71657

PE Executable
|
MD5: 01f8ae76c4d99dc8c01b00d7beb71657
|
Size: 747.01 KB
|
application/x-dosexec

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	01f8ae76c4d99dc8c01b00d7beb71657
Sha1	e3ca93a0db9993e214b4af79074fa59524a2c23f
Sha256	be09dbae32fa67700c6ebefff7f8e081b61efd7431cc7326093703a172f91530
Sha384	6c299afe8cfb08d64a2b2fccdd5e72bef3a0e76bec28a10ca59cec142fd3dddc61f70815dd6382ff93d9cf608639b7ef
Sha512	bd7afb50a127fcbd52ace2accf07afeeaa86ce3c6b1a0c166731f1f3b718dbde320dd0850789624f482b97b7277438ff38eeb42682aaf4a901efbb5518a33d08
SSDeep	12288:nx5aSUdxjUbWLpa12FOLbheSFBldXUwU7MvBeptEql4vquZSNYA44M2ER0/:Yji12FK9eS/EwyMvBQtE4YquZSNYA/ME
TLSH	24F4134CBF5AAF72C70F0B7754175748C0F24152B4B6F1A91DAD49E20F29788E18BA8B

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Module Name	KhRw.exe
Full Name	KhRw.exe
EntryPoint	System.Void SecureMode.Program::Main()
Scope Name	KhRw.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	KhRw
Assembly Version	1.6.1908.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	2
Main Method	System.Void SecureMode.Program::Main()
Main IL Instruction Count	27
Main IL	ldsfld System.Byte[] SecureMode.ProfessionalForm53::Ⴓ stloc.2 <null> ldc.i4.3 <null> stloc.1 <null> ldloc.1 <null> switch dnlib.DotNet.Emit.Instruction[] call System.Void SecureMode.ReliableForm18::Ⴅ() ldc.i4 896 ldc.i4 936 call System.Void SecureMode.AdvancedForm20::Ⴄ(System.Int16,System.Int16) ldc.i4.0 <null> ldc.i4.s 116 ldc.i4.s 115 call System.Void SecureMode.EnhancedForm84::Ⴄ(System.Boolean,System.Char,System.Int16) ldloc.2 <null> ldc.i4 357 ldelem.u1 <null> ldc.i4.s 31 sub <null> stloc.1 <null> br.s IL_0008: ldloc.1 newobj System.Void SecureMode.ProfessionalForm53::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> ldtoken System.Void SecureMode.Program::Main() pop <null> ret <null>
Module Name	KhRw.exe
Full Name	KhRw.exe
EntryPoint	System.Void SecureMode.Program::Main()
Scope Name	KhRw.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	KhRw
Assembly Version	1.6.1908.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	2
Main Method	System.Void SecureMode.Program::Main()
Main IL Instruction Count	27
Main IL	ldsfld System.Byte[] SecureMode.ProfessionalForm53::Ⴓ stloc.2 <null> ldc.i4.3 <null> stloc.1 <null> ldloc.1 <null> switch dnlib.DotNet.Emit.Instruction[] call System.Void SecureMode.ReliableForm18::Ⴅ() ldc.i4 896 ldc.i4 936 call System.Void SecureMode.AdvancedForm20::Ⴄ(System.Int16,System.Int16) ldc.i4.0 <null> ldc.i4.s 116 ldc.i4.s 115 call System.Void SecureMode.EnhancedForm84::Ⴄ(System.Boolean,System.Char,System.Int16) ldloc.2 <null> ldc.i4 357 ldelem.u1 <null> ldc.i4.s 31 sub <null> stloc.1 <null> br.s IL_0008: ldloc.1 newobj System.Void SecureMode.ProfessionalForm53::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> ldtoken System.Void SecureMode.Program::Main() pop <null> ret <null>

Artefacts

Name0	Value
Embedded Resources	0
Suspicious Type Names (1-2 chars)	0

01f8ae76c4d99dc8c01b00d7beb71657 (747.01 KB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
Embedded Resources	0	01f8ae76c4d99dc8c01b00d7beb71657
Suspicious Type Names (1-2 chars)	0	01f8ae76c4d99dc8c01b00d7beb71657

You must be signed in to post a comment.

01f8ae76c4d99dc8c01b00d7beb71657

PE Executable | MD5: 01f8ae76c4d99dc8c01b00d7beb71657 | Size: 747.01 KB | application/x-dosexec

PE Executable
|
MD5: 01f8ae76c4d99dc8c01b00d7beb71657
|
Size: 747.01 KB
|
application/x-dosexec