Suspicious
Suspect

18cd5ae8087ac26f58faabfa001f3ad9

PE Executable
|
MD5: 18cd5ae8087ac26f58faabfa001f3ad9
|
Size: 749.57 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Medium

Hash
 Hash Value
MD5
18cd5ae8087ac26f58faabfa001f3ad9
Sha1
ea3c1cb1cad8680c06b162fb5c697da691fb7c25
Sha256
7ac86c15c30281142e6079a462dabd0d542de4e4396b9708a8da7edd5062c2d0
Sha384
86749955a4641d747e70a596e70e744a93e3ad224ec63b76895a3c068a486bc0e1c88709019c74f1046cee4ad83e34a5
Sha512
03cf3e92d7620e2e6ff47fb52ecbe1c7487fe3b4efd4d92bbe7879269bf621062dcf165b60d2d3b01113c152edb849434864898feecde15d0a62c7c235c090b9
SSDeep
12288:0a08HV9L293ycsgd5mpKD9WaGDph74wqdSyZk/m0jLs3TvUKW4ip5xsKn/NDxKKN:0m9LM3yxRpJNph7vqdQ/Ds3bTWbxbnG2
TLSH
5CF401643319D517E86697B859B1E3B423797EA9AA01D3CB9FD87DCFB8B0F404821213

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
18cd5ae8087ac26f58faabfa001f3ad9
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0.exif
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
PictureViewer.Form1.resources
$this.Icon
[NBF]root.IconData
JPG
[NBF]root.Data
colorDialog1.TrayLocation
openFileDialog1.TrayLocation
ConnectorClient.KMCWindowsClient.resources
KMCWindowsClient.Properties.Resources.resources
JsyJSk
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

EvtbuA.exe
Full Name

EvtbuA.exe
EntryPoint

System.Void ConnectorClient.Program::Main()
Scope Name

EvtbuA.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

EvtbuA
Assembly Version

5.2.8.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

193
Main Method

System.Void ConnectorClient.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void ConnectorClient.KMCWindowsClient::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

EvtbuA.exe
Full Name

EvtbuA.exe
EntryPoint

System.Void ConnectorClient.Program::Main()
Scope Name

EvtbuA.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

EvtbuA
Assembly Version

5.2.8.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

193
Main Method

System.Void ConnectorClient.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void ConnectorClient.KMCWindowsClient::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
18cd5ae8087ac26f58faabfa001f3ad9 (749.57 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙