Suspicious
Suspect

0ad1860696fbf6e67e6b615e67641be6

PE Executable
|
MD5: 0ad1860696fbf6e67e6b615e67641be6
|
Size: 839.68 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
0ad1860696fbf6e67e6b615e67641be6
Sha1
49df7d33770de55b6b46eb438357795c73d2f1c9
Sha256
6ae5bc7d9246280c099573e968176fe7ce17dc2f3d673a4d0ab03f5022a2b86e
Sha384
186676c99bd4ddffe7037e18265915ac2b71d395e73357f6e7446e8400e826ec0317dc7b8a6b21928816f8bfa5e98dc2
Sha512
c71fbdb86f11fa748bfb9be41ed4d3744ce9b61270127973689f755ef46f2119ad24763e92f9648b9951538af7981f2525b60c3e31a27d711c26dceb4ba32c68
SSDeep
12288:9jgjWl37b00vZXcEiVNf3HS9wjwcCQ2IDrpdVFOr2kTawm9GdwW:9Eqlk0hsEiVpowEYDjL6SGuW
TLSH
4705F0E7235EA907C4618AB40DF1D37703BCAD99641CC3828FE96DCFB4A5B116B16293

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
0ad1860696fbf6e67e6b615e67641be6
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0.exif
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
GameApi.MainForm.resources
$this.Icon
[NBF]root.IconData
fee
[NBF]root.Data
CrudForm.Properties.Resources.resources
JSNg
[NBF]root.Data
[NBF]root.Data-preview.png
GameApi.StoresForm.resources
$this.Icon
[NBF]root.IconData
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: C:\Users\Administrator\Desktop\Client\Temp\jbFsKSmKHg\src\obj\Debug\gbRe.pdb
Module Name

gbRe.exe
Full Name

gbRe.exe
EntryPoint

System.Void GameApi.Program::Main()
Scope Name

gbRe.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

gbRe
Assembly Version

5.4.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

305
Main Method

System.Void GameApi.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void GameApi.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

gbRe.exe
Full Name

gbRe.exe
EntryPoint

System.Void GameApi.Program::Main()
Scope Name

gbRe.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

gbRe
Assembly Version

5.4.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

305
Main Method

System.Void GameApi.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void GameApi.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
0ad1860696fbf6e67e6b615e67641be6 (839.68 KB)
File Structure
0ad1860696fbf6e67e6b615e67641be6
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0.exif
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
GameApi.MainForm.resources
$this.Icon
[NBF]root.IconData
fee
[NBF]root.Data
CrudForm.Properties.Resources.resources
JSNg
[NBF]root.Data
[NBF]root.Data-preview.png
GameApi.StoresForm.resources
$this.Icon
[NBF]root.IconData
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙