28e3ff0d2fababd395a1154be27b5292

PE Executable
|
MD5: 28e3ff0d2fababd395a1154be27b5292
|
Size: 974.34 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	28e3ff0d2fababd395a1154be27b5292
Sha1	afce4ba28358a2136821a5a2497a698d8f256f66
Sha256	1ec6c306e2344f350cab5c3e34d7aa17437e35393f8bfeb09c034b8a412a6ba1
Sha384	32159e3e0772bacb8fd93550a63d55fab9f102644f14ba1528fa1cd77156e6450287c1e0ea928b0caf47a129709d5446
Sha512	815a164b33be9bc2aedbb6cc75787cf7571bb6c07a709e3523d79666f913461ee170ef36e3925bce17577882a2de88d35c14ca531777beca1b400684388d1628
SSDeep	24576:dXjQbCYY8RA9PDZkv3PQz/mGxhA4Y6UhLnk79bOF:dXjxqRaivPQrmGJYzm9bOF
TLSH	DC2512186A17D807C55567358AF2F37027B88EDEE412E317AFEC6EEBB513B124C46182

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Info	PDB Path: iTd.pdb
Module Name	iTd.exe
Full Name	iTd.exe
EntryPoint	System.Void Dr.fi::gS()
Scope Name	iTd.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	iTd
Assembly Version	2.0.2.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.5
Total Strings	253
Main Method	System.Void Dr.fi::gS()
Main IL Instruction Count	16
Main IL	br IL_001F: nop nop <null> newobj System.Void E9V.Q9C::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) br IL_0036: nop call System.Void wyl.fy1::x3p() br IL_0005: nop nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() br IL_002A: nop nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) br IL_0015: call System.Void wyl.fy1::x3p() nop <null> ret <null>
Module Name	iTd.exe
Full Name	iTd.exe
EntryPoint	System.Void Dr.fi::gS()
Scope Name	iTd.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	iTd
Assembly Version	2.0.2.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.5
Total Strings	253
Main Method	System.Void Dr.fi::gS()
Main IL Instruction Count	16
Main IL	br IL_001F: nop nop <null> newobj System.Void E9V.Q9C::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) br IL_0036: nop call System.Void wyl.fy1::x3p() br IL_0005: nop nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() br IL_002A: nop nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) br IL_0015: call System.Void wyl.fy1::x3p() nop <null> ret <null>

28e3ff0d2fababd395a1154be27b5292 (974.34 KB)

File Structure

Characteristics

No malware configuration were found at this point.

You must be signed in to post a comment.

28e3ff0d2fababd395a1154be27b5292

PE Executable | MD5: 28e3ff0d2fababd395a1154be27b5292 | Size: 974.34 KB | application/x-dosexec

PE Executable
|
MD5: 28e3ff0d2fababd395a1154be27b5292
|
Size: 974.34 KB
|
application/x-dosexec