Suspicious
Suspect

18ef0c50b7342b6faae615f5d1132367

PE Executable
|
MD5: 18ef0c50b7342b6faae615f5d1132367
|
Size: 562.18 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

High

Hash
 Hash Value
MD5
18ef0c50b7342b6faae615f5d1132367
Sha1
f8c8584f1830c8c1b72802d6e656a59ff19c7691
Sha256
932857e7d796c0ea5002d21a2f6fe9646fc1de0548c2847d6dfe0458dc1398cc
Sha384
e0eceadf4318114f13eca37b972462c55cb8629e38b2f3c0b541468abd053f01f80ccdb08a2cda4e8fe78d1e466ba0f3
Sha512
95e42602168264092ee9d33deacf220bfb144d022f3dcab7c2beb961b92cc7ae47566583f31908c3376701e4cd6aa61c54d6c71f1d3c5aa1dab1375a79c2b70a
SSDeep
12288:oDZOFACgkhbq6uD9/zWR5r/Yk7xAmrocVmhan2mm7RCkR:oNmACgkNqJ97WEk70v
TLSH
8AC4E19C3110B15FC493DA3249A4DE74D7756CAAA307C313A6EB2CAF7E0D6D69E041E2

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
18ef0c50b7342b6faae615f5d1132367
[Authenticode]_a32ace3a.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
WorldClock.Form1.resources
WorldClock.Properties.Resources.resources
dTAg
[NBF]root.Data
[NBF]root.Data-preview.png
shu
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x85E00 size 13832 bytes
Module Name

vGEx.exe
Full Name

vGEx.exe
EntryPoint

System.Void WorldClock.Program::Main()
Scope Name

vGEx.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

vGEx
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

165
Main Method

System.Void WorldClock.Program::Main()
Main IL Instruction Count

55
Main IL

nop <null> ldc.i4 -129213237 ldc.i4 -218965379 xor <null> dup <null> stloc.0 <null> ldc.i4.8 <null> rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_00AF: ret call System.Void WorldClock.Program::‮‍‮‍‎‫‫‏‌‮‍‏‍‬‬‪‭​​‫‪​‌‫‮() ldloc.0 <null> ldc.i4 806545693 mul <null> ldc.i4 -98010557 xor <null> br.s IL_0006: ldc.i4 -218965379 ldc.i4.0 <null> call System.Void WorldClock.Program::‌‪‫‭‌‬​‌‌‫​‍‮‪‫‭‪‌‍‌‮(System.Boolean) ldloc.0 <null> ldc.i4 -1694957345 mul <null> ldc.i4 -390586958 xor <null> br.s IL_0006: ldc.i4 -218965379 nop <null> ldloc.0 <null> ldc.i4 342830170 mul <null> ldc.i4 350874 xor <null> br.s IL_0006: ldc.i4 -218965379 nop <null> ldloc.0 <null> ldc.i4 -51722281 mul <null> ldc.i4 459736582 xor <null> br.s IL_0006: ldc.i4 -218965379 nop <null> ldloc.0 <null> ldc.i4 -322857017 mul <null> ldc.i4 -1005626592 xor <null> br IL_0006: ldc.i4 -218965379 newobj System.Void WorldClock.Form1::.ctor() call System.Void WorldClock.Program::‪‍‍‬‎‪‮‪‍​‏‫‏‍‭‭​‭‬‎‬‬‮‍‏‮‮(System.Windows.Forms.Form) ldloc.0 <null> ldc.i4 -680015366 mul <null> ldc.i4 -106917528 xor <null> br IL_0006: ldc.i4 -218965379 ret <null>
Module Name

vGEx.exe
Full Name

vGEx.exe
EntryPoint

System.Void WorldClock.Program::Main()
Scope Name

vGEx.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

vGEx
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

165
Main Method

System.Void WorldClock.Program::Main()
Main IL Instruction Count

55
Main IL

nop <null> ldc.i4 -129213237 ldc.i4 -218965379 xor <null> dup <null> stloc.0 <null> ldc.i4.8 <null> rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_00AF: ret call System.Void WorldClock.Program::‮‍‮‍‎‫‫‏‌‮‍‏‍‬‬‪‭​​‫‪​‌‫‮() ldloc.0 <null> ldc.i4 806545693 mul <null> ldc.i4 -98010557 xor <null> br.s IL_0006: ldc.i4 -218965379 ldc.i4.0 <null> call System.Void WorldClock.Program::‌‪‫‭‌‬​‌‌‫​‍‮‪‫‭‪‌‍‌‮(System.Boolean) ldloc.0 <null> ldc.i4 -1694957345 mul <null> ldc.i4 -390586958 xor <null> br.s IL_0006: ldc.i4 -218965379 nop <null> ldloc.0 <null> ldc.i4 342830170 mul <null> ldc.i4 350874 xor <null> br.s IL_0006: ldc.i4 -218965379 nop <null> ldloc.0 <null> ldc.i4 -51722281 mul <null> ldc.i4 459736582 xor <null> br.s IL_0006: ldc.i4 -218965379 nop <null> ldloc.0 <null> ldc.i4 -322857017 mul <null> ldc.i4 -1005626592 xor <null> br IL_0006: ldc.i4 -218965379 newobj System.Void WorldClock.Form1::.ctor() call System.Void WorldClock.Program::‪‍‍‬‎‪‮‪‍​‏‫‏‍‭‭​‭‬‎‬‬‮‍‏‮‮(System.Windows.Forms.Form) ldloc.0 <null> ldc.i4 -680015366 mul <null> ldc.i4 -106917528 xor <null> br IL_0006: ldc.i4 -218965379 ret <null>
18ef0c50b7342b6faae615f5d1132367 (562.18 KB)
File Structure
18ef0c50b7342b6faae615f5d1132367
[Authenticode]_a32ace3a.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
WorldClock.Form1.resources
WorldClock.Properties.Resources.resources
dTAg
[NBF]root.Data
[NBF]root.Data-preview.png
shu
[NBF]root.Data
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙