Suspicious
Suspect

25120eada328131ae6f606bbcfcb69d4

PE Executable
|
MD5: 25120eada328131ae6f606bbcfcb69d4
|
Size: 623.62 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
25120eada328131ae6f606bbcfcb69d4
Sha1
bbaed4c3673da589bef6b53d2d3edbe697be3a69
Sha256
e891403f8727f8c2c54ae409611a0e5e1d3ff015d3172156b761a908bb40b177
Sha384
6a1cbc691e8c728376714a204284e6a9c6f8be2168349ca8f90cdc9e80c3829d50635c63c8d3142d0fc11f1e811ad85c
Sha512
dd1cd7a440f6ca53511daa19ce12d91c3654524d91e08f687efa97cb3fe3025afdcebcc14a584160cbc809e3a202dca493331c45d020e9ec7acc1969c5be8070
SSDeep
12288:4KqOZQ8sQ1ECBaQIAXb1+8QV2pNxKF2sdX2/QDGk9L+bztHU:nRQgEPQIAOEpNwQOkQaaG0
TLSH
EAD4DF5B1E29F906C0419F731931E7BC0A6A6E9DFCE2D2078FDE7E9BF5766845400282

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
25120eada328131ae6f606bbcfcb69d4
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
PrinterQueueManager.Forms.MainForm.resources
PrinterQueueManager.Properties.Resources.resources
IO
[NBF]root.Data
wUuL
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: bnOc.pdb
Module Name

bnOc.exe
Full Name

bnOc.exe
EntryPoint

System.Void PrinterQueueManager.Program::Main()
Scope Name

bnOc.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

bnOc
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

174
Main Method

System.Void PrinterQueueManager.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void PrinterQueueManager.Forms.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

bnOc.exe
Full Name

bnOc.exe
EntryPoint

System.Void PrinterQueueManager.Program::Main()
Scope Name

bnOc.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

bnOc
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

174
Main Method

System.Void PrinterQueueManager.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void PrinterQueueManager.Forms.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
25120eada328131ae6f606bbcfcb69d4 (623.62 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙