Suspicious
Suspect

2d7a561a5da8bc8a2be9e28a04060cb2

PE Executable
|
MD5: 2d7a561a5da8bc8a2be9e28a04060cb2
|
Size: 832.51 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
2d7a561a5da8bc8a2be9e28a04060cb2
Sha1
97f4e16e91650030116596f3895c1afa524a7f26
Sha256
2ba754a0ac25585ea570c7a1676a840dfd34b3958e9b47b3b8f0504e0cf5ef57
Sha384
95ec138bf987747efa8fa3d898d6f04d76e2df2b97a6756c2c25610c0c2f51ffb6d8b1973f978831c2e6c945bc5d2f2f
Sha512
e08a495fd6dd42c7648925451634dd21657ff7392c8c75b8240cfd2d0d72d8e21b09c833ec47549f811d10fc5230c2f84b6ba9a329035860df3b0af55cc4dd30
SSDeep
12288:RKFAkO9AFtK1fZXB6D9lQ5cTrN/1fbMP6yCRFwmVS5R3Ay48QEJ4H444t:rkQCtKjBosgNfbM4/Ig8B4H444t
TLSH
8C05D0626F00F432C811BFB55359E374D22B5E84A412DB865CF9BEA739E56C23F87182

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
2d7a561a5da8bc8a2be9e28a04060cb2
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
clientapp.Form1.resources
$this.Icon
[NBF]root.IconData
nsh
[NBF]root.Data
clientapp.FormConf.resources
clientapp.Properties.Resources.resources
cPZh
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Module Name

qPrh.exe
Full Name

qPrh.exe
EntryPoint

System.Void clientapp.Program::Main()
Scope Name

qPrh.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

qPrh
Assembly Version

2.1.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

115
Main Method

System.Void clientapp.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void clientapp.Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

qPrh.exe
Full Name

qPrh.exe
EntryPoint

System.Void clientapp.Program::Main()
Scope Name

qPrh.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

qPrh
Assembly Version

2.1.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

115
Main Method

System.Void clientapp.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void clientapp.Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
PDB Path

C:\Users\Administrator\Desktop\Client\Temp\vUoeiHjSCN\src\obj\Debug\qPrh.pdb
Embedded Resources

4
Suspicious Type Names (1-2 chars)

0
2d7a561a5da8bc8a2be9e28a04060cb2 (832.51 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙