Suspicious
Suspect

1928ef869ef640933ab47cd2d556dd3e

PE Executable
|
MD5: 1928ef869ef640933ab47cd2d556dd3e
|
Size: 741.89 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

High

Hash
 Hash Value
MD5
1928ef869ef640933ab47cd2d556dd3e
Sha1
b4cdf542ec723b77396b014021ab099bef8c19f5
Sha256
f1e1ef23d311c13acde5cf825d3d3857e2fdb688fa97008569ce5fcf37d26d1a
Sha384
8c7b3c53ce15422c1096f2b62b1763f562eb097efc18aad9f8071f74151d243e638f1757f66b1e3cabac7fb299a41282
Sha512
86ef617b1174c4a4c4e04a936f51ef0e956a3827dd98f42b962e59df0c39a1a572f43e2ba2bc7e6a817a78c773cff04794d52512641a5badb0c3656258a33d17
SSDeep
12288:NSJuYyT6bl3CpDjwYk6b0EQf5zwSOF5oxSk/ZWJgonJa+NiTHhan2YOZqmC25:Nq+BoE25zwSOF5GSkBinJ1
TLSH
A1F4F1593250F45EC4A3C6318DA4EEB4D6746C96A307C20391EB2EEF7D1D697AE102F2

PeID

Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
File Structure
1928ef869ef640933ab47cd2d556dd3e
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
WorldClock.Form1.resources
WorldClock.Properties.Resources.resources
FHVA
[NBF]root.Data
[NBF]root.Data-preview.png
shu
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Ztff.exe
Full Name

Ztff.exe
EntryPoint

System.Void WorldClock.Program::Main()
Scope Name

Ztff.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Ztff
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

165
Main Method

System.Void WorldClock.Program::Main()
Main IL Instruction Count

31
Main IL

nop <null> call System.Void WorldClock.Program::‫‬‭‌‫‌‭‫‫‎‍​‏​‬‫‍‌‬‏‫‮() ldc.i4 291056907 ldc.i4 2060448748 xor <null> dup <null> stloc.0 <null> ldc.i4.4 <null> rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_005D: ret nop <null> ldc.i4.0 <null> call System.Void WorldClock.Program::‌‏‌‌‏‌‭‎‬‫​‮‮‎‍‌‌‏‎‌‮‬‬​‪‮‎‮(System.Boolean) ldloc.0 <null> ldc.i4 -815463900 mul <null> ldc.i4 1888850185 xor <null> br.s IL_000B: ldc.i4 2060448748 nop <null> newobj System.Void WorldClock.Form1::.ctor() call System.Void WorldClock.Program::‏‍‬‌‎‪‫​‎‌‏‏‎‏‍‪‏‭‪‪‮(System.Windows.Forms.Form) nop <null> ldloc.0 <null> ldc.i4 -843368282 mul <null> ldc.i4 431008532 xor <null> br.s IL_000B: ldc.i4 2060448748 ret <null>
1928ef869ef640933ab47cd2d556dd3e (741.89 KB)
File Structure
1928ef869ef640933ab47cd2d556dd3e
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
WorldClock.Form1.resources
WorldClock.Properties.Resources.resources
FHVA
[NBF]root.Data
[NBF]root.Data-preview.png
shu
[NBF]root.Data
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙