Suspicious
Suspect

15f6f2ced80d7b3319e8c2fc3108e6d2

PE Executable
|
MD5: 15f6f2ced80d7b3319e8c2fc3108e6d2
|
Size: 700.42 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
15f6f2ced80d7b3319e8c2fc3108e6d2
Sha1
4c910cd1bb1db9077fe95c977c4b15992b37d02c
Sha256
961685e50728a4d97f0032d5d3967bed0c538c10c8d6e04b357b02f68473b0aa
Sha384
24aa47d613bb6cefe131fdfcee0f59b3f89d9584225c672b4aa2d20a77526aff423f4e05a74bb65df009cfad97017308
Sha512
c7f16282c363b66c3ae1c1f44ef618e99c148ec52d4774f3a59a3ed3bf0e1598f35fe531483b47739d9c1924eaccaf106224d8ecaaa1b22f7be8c9a18663f7f3
SSDeep
12288:xp1kyacwIVxljY0XxhfRda+r0nAoNS/eMZyNBeIOa6:D1kNavYm0+wnAmS2MKQIOa
TLSH
7DE412842B17DA03CDA253B50AB1F574937E1EBD6912E3864FECBDEF7961B105910283

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
15f6f2ced80d7b3319e8c2fc3108e6d2
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
AgatePrintingStation.ClientSolution.AddClientForm.resources
AgatePrintingStation.frmMain.resources
$this.Icon
[NBF]root.IconData
MN
[NBF]root.Data
AgatePrintingStation.Properties.Resources.resources
RYhV
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

dzDo.exe
Full Name

dzDo.exe
EntryPoint

System.Void AgatePrintingStation.Program::Main()
Scope Name

dzDo.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

dzDo
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

157
Main Method

System.Void AgatePrintingStation.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void AgatePrintingStation.frmMain::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

dzDo.exe
Full Name

dzDo.exe
EntryPoint

System.Void AgatePrintingStation.Program::Main()
Scope Name

dzDo.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

dzDo
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

157
Main Method

System.Void AgatePrintingStation.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void AgatePrintingStation.frmMain::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
15f6f2ced80d7b3319e8c2fc3108e6d2 (700.42 KB)
File Structure
15f6f2ced80d7b3319e8c2fc3108e6d2
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
AgatePrintingStation.ClientSolution.AddClientForm.resources
AgatePrintingStation.frmMain.resources
$this.Icon
[NBF]root.IconData
MN
[NBF]root.Data
AgatePrintingStation.Properties.Resources.resources
RYhV
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙