Suspicious
Suspect

2e1d60cfffc32592e66f0fa4362c00de

PE Executable
|
MD5: 2e1d60cfffc32592e66f0fa4362c00de
|
Size: 54.27 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
2e1d60cfffc32592e66f0fa4362c00de
Sha1
521f18499c05c7911eeb51bf5ace30ab51718238
Sha256
6885d7a55f1e3b5fcf0c7adcfdfcff5826e66cb999573a5d68f315e12d52535d
Sha384
12e1158929ad8f096f657ab1775d189193b6ab0302864fcb278ab9b5da6f36c433ef25ca55bb60b93243eac3b7995ba7
Sha512
e3a6c55f4d74407743699a54685855f8d5008905feaca91a4d202761075ec4e81b7768408de824307360e03a5bd4782b281676f7e436e051211029554a221be1
SSDeep
1536:33+zprHDtvMKiBDLQoYhPGcL+JJ5Cn9P2H:H+ZDtvtJlOn5Cn9P2H
TLSH
6633F24F239C03F2F4E6173709EBA751127124806E5A9B2DB4D7C5EBCA9624883733D9

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
2e1d60cfffc32592e66f0fa4362c00de
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
klqblb1ihbg.resources
oc2130okr2f
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

1.exe
Full Name

1.exe
EntryPoint

System.Void Loader.Program::Main()
Scope Name

1.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

1
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

5
Main Method

System.Void Loader.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void Loader.Nyan::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

1.exe
Full Name

1.exe
EntryPoint

System.Void Loader.Program::Main()
Scope Name

1.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

1
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

5
Main Method

System.Void Loader.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void Loader.Nyan::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
2e1d60cfffc32592e66f0fa4362c00de (54.27 KB)
File Structure
2e1d60cfffc32592e66f0fa4362c00de
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
klqblb1ihbg.resources
oc2130okr2f
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙