Suspect
2a1b42f64565ef1544426359f9169765
PE Executable | MD5: 2a1b42f64565ef1544426359f9169765 | Size: 1.65 MB | application/x-dosexec
PE Executable
MD5: 2a1b42f64565ef1544426359f9169765
Size: 1.65 MB
application/x-dosexec
Summary by MalvaGPT
Characteristics
Symbol Ofbuscation Score
Very low
|
Hash | Hash Value |
|---|---|
| MD5 | 2a1b42f64565ef1544426359f9169765
|
| Sha1 | 39d729c2b47f298c7470a07800fc0f77995d4c68
|
| Sha256 | 3d5a3fe3a54a865807bafa5facb473440da44415efa328b4941dd26d0c4065a8
|
| Sha384 | ca4ad89a1e5a486ccd02adc916641a0011719f4188fddf1ab1536b4221674309cb313c2c1f8064db749c66c28ef8b9dc
|
| Sha512 | 05c88944d8eded90be88e1af497f27c4d00a4056d0a93f70f1baa8e050446f15f388a415329a32093e403e1528afe929c2600a258bf889ecd379c0e6cc89757b
|
| SSDeep | 24576:U+xuRUsQbvW0v9v0evfyiqYRyjx3gebTuDKR2:U7UvPHvfyQROptXR
|
| TLSH | 297512646356D910E8982BF50CB0E3B95171EFD5F013C31BDAEDBEE7F9263402896292
|
File Structure
2a1b42f64565ef1544426359f9169765
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
POSManager.Properties.Resources.resources
txEa
[NBF]root.Data
[NBF]root.Data-preview.png
whey
[NBF]root.Data
Informations
|
Name0 | Value |
|---|---|
| Module Name | ZkHZ.exe |
| Full Name | ZkHZ.exe |
| EntryPoint | System.Void POSManager.Program::Main() |
| Scope Name | ZkHZ.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | ZkHZ |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 92 |
| Main Method | System.Void POSManager.Program::Main() |
| Main IL Instruction Count | 10 |
| Main IL | nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void POSManager.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null> |
Artefacts
|
Name0 | Value |
|---|---|
| PDB Path | ZkHZ.pdb |
2a1b42f64565ef1544426359f9169765 (1.65 MB)
File Structure
2a1b42f64565ef1544426359f9169765
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
POSManager.Properties.Resources.resources
txEa
[NBF]root.Data
[NBF]root.Data-preview.png
whey
[NBF]root.Data
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| PDB Path | ZkHZ.pdb |
2a1b42f64565ef1544426359f9169765 |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.