1f0aa04275ac8ac6bef6ff3ef0633491

PE Executable
|
MD5: 1f0aa04275ac8ac6bef6ff3ef0633491
|
Size: 12.82 MB
|
application/x-dosexec

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	1f0aa04275ac8ac6bef6ff3ef0633491
Sha1	56cd338bd3b6f6e41fbfd47fc35ebb7384089da0
Sha256	fb34e2da1047942aea3b62749799088718d5dafb0d5dd956f161b5bfc52f52b4
Sha384	5827184fad002e682267110f662a51ae1f041add3ceaff3cd3528a6651ba49a27a63d0644e39ca21b1a8758b4f86145d
Sha512	a977a10881d9ece605d7dd6e6e80a8ec225485f0b7ccf34fae1daec02ea433fa91d638f1857c12b9156c81bfb2acfbde697bcd86018e865a1cd1e3165f3abf82
SSDeep	98304:rv/22SsaNYfdPBldt6+dBcjHp00KatIh++/amzJNOWJFpmLtVt+Xw5k8iILd+ffg:Dw7j1KBQtXx5lAnfD59W2qEzIIftto
TLSH	B6D6D0B07606E6DFC16B0AB4E4D2CA03D5B897B5C322E703D815743E5E53F5286C2B6A

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual C++ v6.0 DLL

Microsoft Visual Studio .NET

UPolyx 0.4 -> delikon

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader FAIL, AsmResolver Mapped OK
Info	Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_55cdb48f.exe
Module Name	Client
Full Name	Client
EntryPoint	System.Void 睎뫿ৈ몜ẗ碥⛩ᇢ終ፉ꾃誐禗蝉尶Ү::Main(System.String[])
Scope Name	Client
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.4.1.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.5.2
Total Strings	11123
Main Method	System.Void 睎뫿ৈ몜ẗ碥⛩ᇢ終ፉ꾃誐禗蝉尶Ү::Main(System.String[])
Main IL Instruction Count	19
Main IL	ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 睎뫿ৈ몜ẗ碥⛩ᇢ終ፉ꾃誐禗蝉尶Ү::࣯஼؁Ⳗꜥﴖ햒擝ė쩻눿⛈將䙸⹈紜ൣ궯(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 睎뫿ৈ몜ẗ碥⛩ᇢ終ፉ꾃誐禗蝉尶Ү::礑젘냏䌬퉚⚌꫰霧凑ퟢ䘭꺙ਝ̈蚮骇�瞧⛫(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void ︔৲䔖㬊纒蒶ﱜꘋ뫃鄣껶얨꾰졕䬔::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name	Client
Full Name	Client
EntryPoint	System.Void 睎뫿ৈ몜ẗ碥⛩ᇢ終ፉ꾃誐禗蝉尶Ү::Main(System.String[])
Scope Name	Client
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.4.1.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.5.2
Total Strings	11123
Main Method	System.Void 睎뫿ৈ몜ẗ碥⛩ᇢ終ፉ꾃誐禗蝉尶Ү::Main(System.String[])
Main IL Instruction Count	19
Main IL	ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 睎뫿ৈ몜ẗ碥⛩ᇢ終ፉ꾃誐禗蝉尶Ү::࣯஼؁Ⳗꜥﴖ햒擝ė쩻눿⛈將䙸⹈紜ൣ궯(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 睎뫿ৈ몜ẗ碥⛩ᇢ終ፉ꾃誐禗蝉尶Ү::礑젘냏䌬퉚⚌꫰霧凑ퟢ䘭꺙ਝ̈蚮骇�瞧⛫(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void ︔৲䔖㬊纒蒶ﱜꘋ뫃鄣껶얨꾰졕䬔::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>

Artefacts

Name0	Value
PE Layout	MemoryMapped (process dump suspected)
PE Layout	MemoryMapped (process dump suspected)

1f0aa04275ac8ac6bef6ff3ef0633491 (12.82 MB)

1f0aa04275ac8ac6bef6ff3ef0633491

PE Executable | MD5: 1f0aa04275ac8ac6bef6ff3ef0633491 | Size: 12.82 MB | application/x-dosexec

PE Executable
|
MD5: 1f0aa04275ac8ac6bef6ff3ef0633491
|
Size: 12.82 MB
|
application/x-dosexec