Suspicious
Suspect

28180b7f47ca5782756f383dca147b61

PE Executable
|
MD5: 28180b7f47ca5782756f383dca147b61
|
Size: 743.94 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
28180b7f47ca5782756f383dca147b61
Sha1
c87fc94e8ba76b9e62feb59df3c7ab3c5a335f7b
Sha256
830c83f3faa5c0d28cc606b73a1ec8d829f0373744e2b3e12f6099ed0569119d
Sha384
1e779c682374c1a5f2a71ecc7da8fdbe1fa1c693ce44952f220924fb044f3a3bd4edd264e9b9df60afd944c2d04a456d
Sha512
d9c3218a0c48a8c9e0efb14bad7829d42990fff0a973c041a2fed6571b63f1e90259d04a62f1f11fb8d8006a630cac9f655bdbfa0af0c88a6e67d993969299ec
SSDeep
12288:JvHrWmhMIfGgNPaapyQ+js7OL2rSCPCFOIs/yc11zwjcG+d6kR:FT2PgBaVQ+MmCP0OlKQC5+n
TLSH
8DF40114131ADA02E8A69F701971D6B10FB6BFCAB520D3179FD9BDDFB472B905888342

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
28180b7f47ca5782756f383dca147b61
[Authenticode]_a32ace3a.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
RAMMonitor.Properties.Resources.resources
dcvE
[NBF]root.Data
[NBF]root.Data-preview.png
squid
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0xB2400 size 13832 bytes
Info

PDB Path: NjOj.pdb
Module Name

NjOj.exe
Full Name

NjOj.exe
EntryPoint

System.Void RAMMonitor.Program::Main()
Scope Name

NjOj.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

NjOj
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

194
Main Method

System.Void RAMMonitor.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void RAMMonitor.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

NjOj.exe
Full Name

NjOj.exe
EntryPoint

System.Void RAMMonitor.Program::Main()
Scope Name

NjOj.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

NjOj
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

194
Main Method

System.Void RAMMonitor.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void RAMMonitor.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
28180b7f47ca5782756f383dca147b61 (743.94 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙