Suspicious
Suspect

07984259c0e59532851c9105207ddd87

PE Executable
|
MD5: 07984259c0e59532851c9105207ddd87
|
Size: 215.04 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
07984259c0e59532851c9105207ddd87
Sha1
9cc217ca6bc422153c0a0bdd42b45e15c6794808
Sha256
4a0e6efe7da756a13dd1f1f7fe3a9a24f62e03ac4181e56a9b1e9e46045ff036
Sha384
da5c1289b8609d7c2950da9b618808bcc42b44abf0eebc1d0a315bfd1f9d46c0206a3e1f5dc58ca038456c1da91d04ea
Sha512
d3e864d523a7c30245bdb48a6c076890dd0e5b5a6dff92f60bae3c3756f8eaa266e0f65397c026c587665ce4590bd108963720ff182940cb5b40c88f3303fb03
SSDeep
3072:AzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HINBucXYIVTMsJ1wym4NhdaInny:ALV6Bta6dtJmakIM5bTIRJ1JjNhnfkNL
TLSH
5624CF1637E84A2FE2DE8A79612156138779C2E3A8C3F3DF68D455B64B623E4070B1D3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
07984259c0e59532851c9105207ddd87
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
.rsrc
Resources
RT_RCDATA
ID:0001
ID:0
.Net Resources
ClientLoaderForm.resources
     ​     
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

NanoCore Client.exe
Full Name

NanoCore Client.exe
EntryPoint

System.Void ClientLoaderForm::Main()
Scope Name

NanoCore Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

NanoCore Client
Assembly Version

1.2.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

2
Main Method

System.Void ClientLoaderForm::Main()
Main IL Instruction Count

4
Main IL

call #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw== #=q_jQLaNdtSDa6ovA0VGw50w==::#=qqROT7DfncW7strhZvp0iRQ==() callvirt ClientLoaderForm #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw==::#=qbzig1$2CwLluEJt5uPtpgqPx5y_2S$GoPgJP36N8bTE=() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

NanoCore Client.exe
Full Name

NanoCore Client.exe
EntryPoint

System.Void ClientLoaderForm::Main()
Scope Name

NanoCore Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

NanoCore Client
Assembly Version

1.2.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

2
Main Method

System.Void ClientLoaderForm::Main()
Main IL Instruction Count

4
Main IL

call #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw== #=q_jQLaNdtSDa6ovA0VGw50w==::#=qqROT7DfncW7strhZvp0iRQ==() callvirt ClientLoaderForm #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw==::#=qbzig1$2CwLluEJt5uPtpgqPx5y_2S$GoPgJP36N8bTE=() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
07984259c0e59532851c9105207ddd87 (215.04 KB)
File Structure
07984259c0e59532851c9105207ddd87
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
.rsrc
Resources
RT_RCDATA
ID:0001
ID:0
.Net Resources
ClientLoaderForm.resources
     ​     
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙