Suspect
PE Executable
MD5: 3199d6859b130f5c4012d6f116b31b61
Size: 599.53 KB
application/x-dosexec
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Low
| MD5 | 3199d6859b130f5c4012d6f116b31b61 |
| Sha1 | a3a7c1a568b94be4552c2fc7120f4ed1f20726eb |
| Sha256 | 5011b5f7f22afc5a07551fe3bb74078558222f7d8ab643ce10e9e84ce0721dfd |
| Sha384 | 97317af582529746e6338892a5d7c7af84ab206c86ddb0903c325177903333ff61dc8acb2286a0f0b36fce0fd658ace9 |
| Sha512 | 7d8b3654a03361d21b63b13345f118e66d80136743a9e099d67d67d808831c901707a788d852a2aff6c954da1b37fd51080153f5fd1ef0968da766ae485737c3 |
| SSDeep | 12288:h24JriISA92hN8KCpZI7pfocwpsGzo3b40:SISA92hNPC41ocVX |
| TLSH | C0D4F152125BDA13D5A247B908C2E3B1A33D8D5EB521C7078FE97DE73E3A749A9003E1 |
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | Overlay extracted: Overlay_96edef63.bin (7653 bytes) |
| Info | PDB Path: ? |
| Module Name | QUpL.exe |
| Full Name | QUpL.exe |
| EntryPoint | System.Void WordleForms.Program::Main() |
| Scope Name | QUpL.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | QUpL |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.5 |
| Total Strings | 152 |
| Main Method | System.Void WordleForms.Program::Main() |
| Main IL Instruction Count | 10 |
| Main IL | |