Suspicious
Suspect

2e9c79df410935aae84fea6646f27a22

PE Executable
|
MD5: 2e9c79df410935aae84fea6646f27a22
|
Size: 584.7 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
2e9c79df410935aae84fea6646f27a22
Sha1
8488107cb4d7f0494fd1f1acf18cee393c9c71b5
Sha256
4584961d984b24c73125b00aef61f6c49d2d6ff73faf7aa3e73d4a0d0e132ac0
Sha384
a001177767c66855c72ae8ee0c2442dcb9ea60597e5cd67f01304b56b6a56b4dcdc64180cc3c1123aa06082e8c5626a0
Sha512
f2ccc6e9fc85d95b75c53ac62cf0786c8cacac397c87a314b45d516043076603db969f8b2252caa0687a61a6357b909998315aa6649a9b849be67e089f44cc17
SSDeep
12288:VLwAW+7FmNNmzL//Hhkysl49yGqhEtK59:VLF7FUNmf/HeyKJ59
TLSH
8CC4E054FE63A402F85453B34BA2FAB5B2695D2D90C0C2B57EF4EEEB746DA011F23142

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
2e9c79df410935aae84fea6646f27a22
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
三鍵反應遊戲.Form1.resources
$this.Icon
[NBF]root.IconData
B6
[NBF]root.Data
countDown.TrayLocation
imageList1.TrayLocation
timeDelay.TrayLocation
timerGame.TrayLocation
HoqueLtd.Dashboard.resources
HoqueLtd.Properties.Resources.resources
iJg
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Module Name

Irh.exe
Full Name

Irh.exe
EntryPoint

System.Void HoqueLtd.Program::Main()
Scope Name

Irh.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Irh
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

169
Main Method

System.Void HoqueLtd.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void HoqueLtd.HomePage::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

Irh.exe
Full Name

Irh.exe
EntryPoint

System.Void HoqueLtd.Program::Main()
Scope Name

Irh.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Irh
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

169
Main Method

System.Void HoqueLtd.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void HoqueLtd.HomePage::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
PDB Path

?
2e9c79df410935aae84fea6646f27a22 (584.7 KB)
File Structure
2e9c79df410935aae84fea6646f27a22
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
三鍵反應遊戲.Form1.resources
$this.Icon
[NBF]root.IconData
B6
[NBF]root.Data
countDown.TrayLocation
imageList1.TrayLocation
timeDelay.TrayLocation
timerGame.TrayLocation
HoqueLtd.Dashboard.resources
HoqueLtd.Properties.Resources.resources
iJg
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
PDB Path

?

2e9c79df410935aae84fea6646f27a22
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙