Suspicious
Suspect

Share on LinkedIn
Print
PE Executable
MD5: 1ede4eee69b7148285963f23f5678c69
Size: 729.6 KB
application/x-dosexec

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Medium
MD5 1ede4eee69b7148285963f23f5678c69
Sha1 0139d9272721dc8a5b8a04c81e11ecaaf7d42336
Sha256 515261ba7c77ffd970a3bb7e09d3f54fc5184d72ee48082fd3ac145f004f6e6e
Sha384 800d8e556b664d99f8862eca71cddfa325b49f69659759c5a62a201a4a8fc01248710305cfa7e01dcfc22be22de94454
Sha512 dc2da0ade0b81f4f491bfb84d50e8671e1ae2dfded579c20bb268bafd3ed9bae6d4e6a1e594813b22f5827e223a843f180b9514a8b809d59b0f8048ad3712e40
SSDeep 12288:yKv0OWCZ35mHW/iV4ZTUKxViV64gO38yOmuRgWGnAOJTo6ZKuT:yuZ30KwITUK3S64gdyOmDWcrTzce
TLSH 02F41298238BDA23E8E207F45DA1C3B557281FEAB811C3039EED6DC779297542DC1396
PeID
Microsoft Visual C++ v6.0 DLL
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ColorConvert.MainForm.resources
ColorConvert.Properties.Resources.resources
KS
[NBF]root.Data
mJeJ
[NBF]root.Data
[NBF]root.Data-preview.png
Name Value
Info
PE Detect: PeReader OK (file layout)
Info
PDB Path: UgaY.pdb
Module Name
UgaY.exe
Full Name
UgaY.exe
EntryPoint
System.Void ColorConvert.Program::Main()
Scope Name
UgaY.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
UgaY
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.5
Total Strings
140
Main Method
System.Void ColorConvert.Program::Main()
Main IL Instruction Count
10
Main IL
nop <null>
call System.Void System.Windows.Forms.Application::EnableVisualStyles()
nop <null>
ldc.i4.0 <null>
call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean)
nop <null>
newobj System.Void ColorConvert.MainForm::.ctor()
call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form)
nop <null>
ret <null>
An error has occurred. This application may no longer respond until reloaded. Reload 🗙