Suspicious
Suspect

2487bcf38f6347817400a896f8a142aa

PE Executable
|
MD5: 2487bcf38f6347817400a896f8a142aa
|
Size: 731.14 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
2487bcf38f6347817400a896f8a142aa
Sha1
9b227b11326ecffea2a9b4018335eac98f6c4c1c
Sha256
63398cd9c19c396382bda7fc46048cd97ab864fb43ec7f3b47c71aafc2955d9a
Sha384
24b7ce6d6afd36b2311be72a2c6446ba61f4eea9fa74a38f76be79690703de58c1893cd4e7dbfc45c5206f4ecfb0b18c
Sha512
6661d7598313814702a149e9491d13ea1d647754aff2e0b1af2ea0c6ff4350b36dee7b2b2226490a3f881e3e2acf1babc231ec2bd79fa54f91040361fc2d0f64
SSDeep
12288:2FaXmrCWJeby0jF9PEv5hizN2siXisquVWYKIMj4stO:2uwCWJeFF91yXikwKs
TLSH
BCF4234CFBE4EEA2C36C687FD413760981F69F44D4A3F74F14F449A14F62A918A46EA0

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
2487bcf38f6347817400a896f8a142aa
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0.exif
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

dyUZ.exe
Full Name

dyUZ.exe
EntryPoint

System.Void SolarSystem.Program::Main()
Scope Name

dyUZ.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

dyUZ
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

2
Main Method

System.Void SolarSystem.Program::Main()
Main IL Instruction Count

27
Main IL

ldsfld System.Char[] SolarSystem.MoonScythe::Ⴄ stloc.2 <null> ldc.i4.3 <null> stloc.1 <null> ldloc.1 <null> switch dnlib.DotNet.Emit.Instruction[] call System.Void SolarSystem.Astro::Ⴅ() ldc.i4 387 ldc.i4 384 call System.Void SolarSystem.Properties.Resources::Ⴐ(System.Char,System.Char) ldc.i4.0 <null> ldc.i4 978 ldc.i4 963 call System.Void SolarSystem.Azz::Ⴀ(System.Boolean,System.Char,System.Char) ldloc.2 <null> ldc.i4.s 123 ldelem.u2 <null> ldc.i4 12447 sub <null> stloc.1 <null> br.s IL_0008: ldloc.1 newobj System.Void SolarSystem.Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> ldtoken System.Void SolarSystem.Program::Main() pop <null> ret <null>
Module Name

dyUZ.exe
Full Name

dyUZ.exe
EntryPoint

System.Void SolarSystem.Program::Main()
Scope Name

dyUZ.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

dyUZ
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

2
Main Method

System.Void SolarSystem.Program::Main()
Main IL Instruction Count

27
Main IL

ldsfld System.Char[] SolarSystem.MoonScythe::Ⴄ stloc.2 <null> ldc.i4.3 <null> stloc.1 <null> ldloc.1 <null> switch dnlib.DotNet.Emit.Instruction[] call System.Void SolarSystem.Astro::Ⴅ() ldc.i4 387 ldc.i4 384 call System.Void SolarSystem.Properties.Resources::Ⴐ(System.Char,System.Char) ldc.i4.0 <null> ldc.i4 978 ldc.i4 963 call System.Void SolarSystem.Azz::Ⴀ(System.Boolean,System.Char,System.Char) ldloc.2 <null> ldc.i4.s 123 ldelem.u2 <null> ldc.i4 12447 sub <null> stloc.1 <null> br.s IL_0008: ldloc.1 newobj System.Void SolarSystem.Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> ldtoken System.Void SolarSystem.Program::Main() pop <null> ret <null>
2487bcf38f6347817400a896f8a142aa (731.14 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙