Suspicious
Suspect

2630bb5e0e5e9820eab9f40fbd1508a3

PE Executable
|
MD5: 2630bb5e0e5e9820eab9f40fbd1508a3
|
Size: 798.72 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
2630bb5e0e5e9820eab9f40fbd1508a3
Sha1
8899b0621e2bfe1bab8702614734299a8db41ef0
Sha256
b5b4b14bdd91fb5b71a5f2c0567694e8bd8bff8d6396444ee389dc6e95df173d
Sha384
8601f58ee5f49dacce0e22812590e9b3c0b1435d96830cb3113968818899a90eace1a1a8ea621ed18c841d92158ee022
Sha512
ef185d0efb070da40cb6310b3ed44fdf9b69cf2c4ec2f853a799c2620c7e7a521dcf03333bac60be6c8bbc254a265ebb577febcbc2c911736c46e96b31034cff
SSDeep
12288:6vGeX/3plPWh/Xycy2fRfszEpt7eLGqu66W/Epuw8S98/+gtaQiLl:6ug5lPe/ycyw7MLt9bw83g
TLSH
9D05020873D99806D8EE0BB65931C1B0537B7D0DA935C30B6AEEBE9F7BA33019911752

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
2630bb5e0e5e9820eab9f40fbd1508a3
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Pharmacy_Management.BILL.resources
Pharmacy_Management.Doctor_SIGN_IN.resources
bunifuFlatButton1.Iconimage
[NBF]root.Data
[NBF]root.Data-preview.png
Pharmacy.Form1.resources
$this.Icon
[NBF]root.IconData
Pharmacy.Properties.Resources.resources
MR
[NBF]root.Data
NsZX
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Module Name

VFhg.exe
Full Name

VFhg.exe
EntryPoint

System.Void Pharmacy.Program::Main(System.String[])
Scope Name

VFhg.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

VFhg
Assembly Version

12.6.1.3
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

327
Main Method

System.Void Pharmacy.Program::Main(System.String[])
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void Pharmacy_Management.BILL::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

VFhg.exe
Full Name

VFhg.exe
EntryPoint

System.Void Pharmacy.Program::Main(System.String[])
Scope Name

VFhg.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

VFhg
Assembly Version

12.6.1.3
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

327
Main Method

System.Void Pharmacy.Program::Main(System.String[])
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void Pharmacy_Management.BILL::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
PDB Path

VFhg.pdb
2630bb5e0e5e9820eab9f40fbd1508a3 (798.72 KB)
File Structure
2630bb5e0e5e9820eab9f40fbd1508a3
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Pharmacy_Management.BILL.resources
Pharmacy_Management.Doctor_SIGN_IN.resources
bunifuFlatButton1.Iconimage
[NBF]root.Data
[NBF]root.Data-preview.png
Pharmacy.Form1.resources
$this.Icon
[NBF]root.IconData
Pharmacy.Properties.Resources.resources
MR
[NBF]root.Data
NsZX
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
PDB Path

VFhg.pdb

2630bb5e0e5e9820eab9f40fbd1508a3
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙