Suspicious
Suspect

2d6a70c88b9a6f12cf1e9aef4c45d7fd

PE Executable
|
MD5: 2d6a70c88b9a6f12cf1e9aef4c45d7fd
|
Size: 750.08 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
2d6a70c88b9a6f12cf1e9aef4c45d7fd
Sha1
24375d9ccff441f71e36eb0b57bc9815d9b2edb7
Sha256
d592e061c641ef816a8dc1a6d83d36578a84df47f3b063c06299c8debc4b8a21
Sha384
51cbc3a5424581f1d4b1264c55aeedf6d96720c89ec486b9a10c1b912b670b328b36b6e84c53ea8ee844bc4bb4550126
Sha512
62a3da716d87da787ee70b86a2d42d49b8a8f4cd87a506464b047354fc5f0050ff3e7aae687a9abdb0dc7d496ea3d4938ab8085f9fc8ed20d96c7846a20f727f
SSDeep
12288:VNV7nw9c4dqsewB1ESqys6ju306ygv2ibPy4wi2+5WbJ4iX7JcD+:VNVsu4o/IB42ibPJwauJ4m7Jci
TLSH
B8F4124CB77A7625D10C1F7A9493534482F3481FA8B3F95AAABC08D15F14BB885CEB4B

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
2d6a70c88b9a6f12cf1e9aef4c45d7fd
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

kgCa.exe
Full Name

kgCa.exe
EntryPoint

System.Void SecureMode.Program::Main()
Scope Name

kgCa.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

kgCa
Assembly Version

1.6.1908.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

2
Main Method

System.Void SecureMode.Program::Main()
Main IL Instruction Count

21
Main IL

ldc.i4.0 <null> stloc.1 <null> ldloc.1 <null> switch dnlib.DotNet.Emit.Instruction[] call System.Void SecureMode.AdvancedForm20::Ⴀ() ldc.i4 248 ldc.i4 252 call System.Void SecureMode.ProfessionalForm65::Ⴄ(System.Char,System.Char) ldc.i4.0 <null> ldc.i4 576 ldc.i4 545 call System.Void SecureMode.AsyncForm59::Ⴍ(System.Boolean,System.Int16,System.Int32) ldc.i4.2 <null> stloc.1 <null> br.s IL_0002: ldloc.1 newobj System.Void SecureMode.ProfessionalForm53::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> ldtoken System.Void SecureMode.Program::Main() pop <null> ret <null>
Module Name

kgCa.exe
Full Name

kgCa.exe
EntryPoint

System.Void SecureMode.Program::Main()
Scope Name

kgCa.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

kgCa
Assembly Version

1.6.1908.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

2
Main Method

System.Void SecureMode.Program::Main()
Main IL Instruction Count

21
Main IL

ldc.i4.0 <null> stloc.1 <null> ldloc.1 <null> switch dnlib.DotNet.Emit.Instruction[] call System.Void SecureMode.AdvancedForm20::Ⴀ() ldc.i4 248 ldc.i4 252 call System.Void SecureMode.ProfessionalForm65::Ⴄ(System.Char,System.Char) ldc.i4.0 <null> ldc.i4 576 ldc.i4 545 call System.Void SecureMode.AsyncForm59::Ⴍ(System.Boolean,System.Int16,System.Int32) ldc.i4.2 <null> stloc.1 <null> br.s IL_0002: ldloc.1 newobj System.Void SecureMode.ProfessionalForm53::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> ldtoken System.Void SecureMode.Program::Main() pop <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

0
Suspicious Type Names (1-2 chars)

0
2d6a70c88b9a6f12cf1e9aef4c45d7fd (750.08 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙