Suspicious
Suspect

30084d42787e906e0e9b051ece4d4f8e

PE Executable
|
MD5: 30084d42787e906e0e9b051ece4d4f8e
|
Size: 801.79 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
30084d42787e906e0e9b051ece4d4f8e
Sha1
1b2f3c307fcac900fab74410b5f18b0abf8ed8e1
Sha256
c63f415a1f0f8675da6709908aab254ed267860edbf9fcb2edb29862b493f5c1
Sha384
af391ad4534bf0640d9a4915de466c55bdfe48d90b87d17b03e81188d16516f85ffc98c0c3f81fca7d7d6ec42b968775
Sha512
a4e2db45d56ae9b835bf44b57ce2b531eed3cfb7e0062cce9b9745ec59e92f1c420de5df2d9b83837fb6299070ec0118fef65e33e4a85ce50c39ee42fb673f55
SSDeep
24576:sQXwa73rR4hW9hItRKPtfEkU9AlBw2vYtT:BbrR4n0tfb7lBw2g
TLSH
4C0523AC3655EE17D0C30BFB0463D374A3B48E9E891CEB1257DC9CDFB441A25DA44AA8

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
30084d42787e906e0e9b051ece4d4f8e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
screen_saver_v2.ball.resources
$this.Icon
[NBF]root.IconData
screen_saver_v2.Form2.resources
$this.BackgroundImage
[NBF]root.Data
[NBF]root.Data.exif
[NBF]root.Data-preview.png
L3
[NBF]root.Data
timer1.TrayLocation
screen_saver_v2.Properties.Resources.resources
bsBp
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: C:\Users\Administrator\Desktop\Client\Temp\qwyvHFZzjZ\src\obj\Debug\nGYf.pdb
Module Name

nGYf.exe
Full Name

nGYf.exe
EntryPoint

System.Void screen_saver_v2.Program::Main()
Scope Name

nGYf.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

nGYf
Assembly Version

2.4.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

68
Main Method

System.Void screen_saver_v2.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void screen_saver_v2.ball::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

nGYf.exe
Full Name

nGYf.exe
EntryPoint

System.Void screen_saver_v2.Program::Main()
Scope Name

nGYf.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

nGYf
Assembly Version

2.4.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

68
Main Method

System.Void screen_saver_v2.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void screen_saver_v2.ball::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
30084d42787e906e0e9b051ece4d4f8e (801.79 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙